First, install Dede when the database table prefix, it is best to change, do not use the dedecms default prefix Dede_, can be changed to Ljs_, random an irregular, difficult to guess the prefix can be.
Second, the background login must turn on the verification code function, the default admin admin Delete, changed to a dedicated, complex points of account, administrator password must be long, at least 8 bits, and the letters and numbers mixed.
Third, install the program must delete the install directory!!!
IV, will DEDECMS admin default directory name Dede change, casually changed a bad guess of the irregular.
Five, the use of functions are closed, such as members, comments, etc., if there is no need to all in the background closed.
Some of the following are directories/features that can be deleted (if you can't use them):
Member Member features
Special Special Features
Company Enterprise Module
Plus\guestbook Message Board
Here are the files that you can delete:
These files in the Admin directory are back-end file managers, are redundant, and most affect security, and many hack use it to hang horses.
file_manage_control.php
file_manage_main.php
file_manage_view.php
media_add.php
media_edit.php
media_main.php
Then there are:
You do not need to remove the dede/sys_sql_query.php file from the SQL command runner.
You do not need the tag function to remove tag.php from the root directory. Do not need the guest please remove the digg.php and diggindex.php from the root directory.
Seven, pay more attention to DEDECMS official release of security patches, timely patched.
Eighth, download the release function (Management directory soft__xxx_xxx.php), do not have to delete, this is relatively easy to upload pony.
Ninth, DEDECMS official website out of the Universal Security Protection Code, login DEDECMS website forum to view.
Tenth, the safest way: Publish the HTML locally, and then upload to space. Does not contain any dynamic content files, theoretically the safest, but maintenance is relatively troublesome.
11, or have to constantly check their own site, is hung black chain is trivial, be hung Trojan or delete the program is very miserable, bad luck, the rankings will follow away. So remember to back up your data often!!!
To date, we have found a malicious script file that has
plus/ac.php
plus/config_s.php
plus/config_bak.php
plus/diy.php
plus/ii.php
plus/lndex.php
data/cache/t.php
data/cache/x.php
data/config.php
data/cache/config_user.php
data/config_func.php, wait.
Most of the uploaded scripts are concentrated in the plus, data, data/cache three directories, please double check the three directories recently whether there are uploaded files.
Dede CMS article Content Management system security vulnerability! How to effectively prevent Dede dream system from being hung Trojan security settings