Dedecms dream security settings: how to prevent Trojans and SQL injection

1. When installing a website, you can change the default prefix dede _ of the website table to another one, such as dule.
2. Change the background logon address of the website. The default background logon address of dedecms is http: // www. Your website/dede. You can replace the dede folder with another name.
3. After the default administrator of the downgraded website is deleted, create a dedicated account with full accompany permissions. The password should be more complex.
4. Delete the install file directory after the website is installed.
5. The website fails to use features for cleanup, such as membership, comments, and so on.
6. Pay more attention to the dedecms pipe network. If a security patch is installed, the system must be deployed in a timely manner.
7. Recently, the dedecms official website issued 10 thousand security protection code. You can log on to the official website and download the code from the forum.

8. You can delete directories such as member, special, company, and plusguestbook as needed.

Note: the file manager will mount Trojans through hack: file_manage_control.php, file_manage_main.php, file_manage_view.php, media_add.php, media_edit.php, media_main.php

SQL command runner: dede/sys_ SQL _query.php

Tag function: tag. php

Digg. php and diggindex. php

9. Patch timely
10. Download and release features: I also forgot (like soft_x_x.php)

10. Universal Security Protection Code: set config_base.php here

The code is as follows:	Copy code
// Prohibit users from submitting certain special variables $ Ckvs = Array ('_ get',' _ post', '_ cookier',' _ FILES '); Foreach ($ ckvs as $ ckv ){ If (is_array ($ ckv )){ Foreach ($ ckv AS $ key => $ value) If (eregi ("^ (cfg _ | globals)", $ key) unset ($ {$ ckv} [$ key]); } }

Change to this:

The code is as follows:

Copy code

// Set $ ckvs = Array ('_ get',' _ post', '_ cookie') in get, post, and COOKIE '); Foreach ($ ckvs as $ ckv ){ If (is_array ($ ckv )){ Foreach ($ ckv AS $ key => $ value) If (! Empty ($ value )){ $ {$ Ckv} [$ key] = str_replace ('<'.'? ',' & '.' Lt ;'.'? ', $ Value ); $ {$ Ckv} [$ key] = str_replace ('? '.'> ','? '.' & '. 'GT;', $ {$ ckv} [$ key]); } If (eregi ("^ cfg _ | globals", $ key) unset ($ {$ ckv} [$ key]); } } // Check whether PHP code exists in the uploaded file and exit directly. If (is_array ($ _ FILES )){ Foreach ($ _ files as $ name => $ value ){ $ {$ Name} = $ value ['tmp _ name']; $ Fp = @ fopen ($ {$ name}, 'r '); $ Fstr = @ fread ($ fp, filesize ($ {$ name })); @ Fclose ($ fp ); If ($ fstr! = "& Ereg (" <?", $ Fstr )){ Echo "the file you uploaded contains dangerous content and the program stops processing it !"; Exit (); } }}

11. Regular backup

12. Set the files to be readable and those files to be readable and written.

13. Most uploaded scripts are concentrated in the plus, data, and data/cache directories. Please carefully check whether the three directories have recently been uploaded files and set the directory permissions.

At last, remember to check whether your website is infected with a black link. It is a trivial matter. If a Trojan is used to delete a program, it will be worse, the rankings of websites all fall, so check the website in time and regularly back up the website to ensure the safe operation of the website. These things will be discovered unexpectedly and take preventive measures.