Dede CMS article Content Management system security vulnerability! How to effectively prevent Dede dream system from being hung Trojan security settings

Source: Internet
Author: User
Tags administrator password

First, install Dede when the database table prefix, it is best to change, do not use the dedecms default prefix Dede_, can be changed to Ljs_, random an irregular, difficult to guess the prefix can be.

Second, the background login must turn on the verification code function, the default admin admin Delete, changed to a dedicated, complex points of account, administrator password must be long, at least 8 bits, and the letters and numbers mixed.

Third, install the program must delete the install directory!!!

IV, will DEDECMS admin default directory name Dede change, casually changed a bad guess of the irregular.

Five, the use of functions are closed, such as members, comments, etc., if there is no need to all in the background closed.

Some of the following are directories/features that can be deleted (if you can't use them):

Member Member features

Special Special Features

Company Enterprise Module

Plus\guestbook Message Board

Here are the files that you can delete:

These files in the Admin directory are back-end file managers, are redundant, and most affect security, and many hack use it to hang horses.

file_manage_control.php

file_manage_main.php

file_manage_view.php

media_add.php

media_edit.php

media_main.php

Then there are:

You do not need to remove the dede/sys_sql_query.php file from the SQL command runner.

You do not need the tag function to remove tag.php from the root directory. Do not need the guest please remove the digg.php and diggindex.php from the root directory.

Seven, pay more attention to DEDECMS official release of security patches, timely patched.

Eighth, download the release function (Management directory soft__xxx_xxx.php), do not have to delete, this is relatively easy to upload pony.

Ninth, DEDECMS official website out of the Universal Security Protection Code, login DEDECMS website forum to view.

Tenth, the safest way: Publish the HTML locally, and then upload to space. Does not contain any dynamic content files, theoretically the safest, but maintenance is relatively troublesome.

11, or have to constantly check their own site, is hung black chain is trivial, be hung Trojan or delete the program is very miserable, bad luck, the rankings will follow away. So remember to back up your data often!!!

To date, we have found a malicious script file that has

plus/ac.php

plus/config_s.php

plus/config_bak.php

plus/diy.php

plus/ii.php

plus/lndex.php

data/cache/t.php

data/cache/x.php

data/config.php

data/cache/config_user.php

data/config_func.php, wait.

Most of the uploaded scripts are concentrated in the plus, data, data/cache three directories, please double check the three directories recently whether there are uploaded files.

Dede CMS article Content Management system security vulnerability! How to effectively prevent Dede dream system from being hung Trojan security settings

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.