Dede CMS article Content Management system security vulnerability! How to effectively prevent Dede dream system from being hung Trojan security settings

First, install Dede when the database table prefix, it is best to change, do not use the dedecms default prefix Dede_, can be changed to Ljs_, random an irregular, difficult to guess the prefix can be.

Second, the background login must turn on the verification code function, the default admin admin Delete, changed to a dedicated, complex points of account, administrator password must be long, at least 8 bits, and the letters and numbers mixed.

Third, install the program must delete the install directory!!!

IV, will DEDECMS admin default directory name Dede change, casually changed a bad guess of the irregular.

Five, the use of functions are closed, such as members, comments, etc., if there is no need to all in the background closed.

Some of the following are directories/features that can be deleted (if you can't use them):

Member Member features

Special Special Features

Company Enterprise Module

Plus\guestbook Message Board

Here are the files that you can delete:

These files in the Admin directory are back-end file managers, are redundant, and most affect security, and many hack use it to hang horses.

file_manage_control.php

file_manage_main.php

file_manage_view.php

media_add.php

media_edit.php

media_main.php

Then there are:

You do not need to remove the dede/sys_sql_query.php file from the SQL command runner.

You do not need the tag function to remove tag.php from the root directory. Do not need the guest please remove the digg.php and diggindex.php from the root directory.

Seven, pay more attention to DEDECMS official release of security patches, timely patched.

Eighth, download the release function (Management directory soft__xxx_xxx.php), do not have to delete, this is relatively easy to upload pony.

Ninth, DEDECMS official website out of the Universal Security Protection Code, login DEDECMS website forum to view.

Tenth, the safest way: Publish the HTML locally, and then upload to space. Does not contain any dynamic content files, theoretically the safest, but maintenance is relatively troublesome.

11, or have to constantly check their own site, is hung black chain is trivial, be hung Trojan or delete the program is very miserable, bad luck, the rankings will follow away. So remember to back up your data often!!!

To date, we have found a malicious script file that has

plus/ac.php

plus/config_s.php

plus/config_bak.php

plus/diy.php

plus/ii.php

plus/lndex.php

data/cache/t.php

data/cache/x.php

data/config.php

data/cache/config_user.php

data/config_func.php, wait.

Most of the uploaded scripts are concentrated in the plus, data, data/cache three directories, please double check the three directories recently whether there are uploaded files.

Dede CMS article Content Management system security vulnerability! How to effectively prevent Dede dream system from being hung Trojan security settings