DedeCms security solution (security settings)

You can also see the DEDECMS program on the internet. although it is convenient for grass-roots webmasters to build websites quickly, there are many security problems. you need to set them for use, otherwise, it will become a Trojan-infected website. on the Internet, we will also see the DEDECMS program. although it is convenient for grass-roots webmasters to quickly build websites, there are many security issues that need to be set up before they can be used, otherwise it will become a Trojan-infected website for others. p> The following are some new webmaster friends who use DEDE (untargeted groups of technical skills)

Dedecms Template: www.php1.cn/xiazai/code/dedecms

You can also see the DEDECMS program on the internet. although it is convenient for grass-roots webmasters to build websites quickly, there are many security problems. The DEDE official team has stopped performing any version upgrade on the system a long time ago, most of which are patch fixes;

Step 2:

To log on to the background, you must enable the verification code function (or write a security mechanism), delete the default administrator admin, and change it to a dedicated account. the administrator password must be long, it must be at least 8 characters long and contain letters and numbers.

Step 3:

After installing the program, be sure to delete the install directory !!!

Step 4:

Change the default directory name dede in dedecms background management. you can change the default directory name dede to an irregular one ).

Step 5:

Disable (or remove/delete) unused features, such as members and comments. if not, disable them in the background. (If some features require technical support, you can develop or correct the default code)

Step 6:

(1) the following directories/functions can be deleted (if you cannot use them ):

Member features special features company Enterprise module plusguestbook message board

(2) the following files can be deleted:

These files under the management directory are the background file manager, which is a redundant function and affects security the most. many HACK uses it to Mount Trojans.

file_manage_control.php file_manage_main.php file_manage_view.php media_add.php media_edit.php media_main.php

Then:

Delete the dede/sys_ SQL _query.php file without the SQL command runner.

If you do not need the tag function, delete tag. php in the root directory. Delete digg. php and diggindex. php in the root directory.

Step 7:

Pay more attention to the security patches officially released by dedecms and promptly install the patches.

Step 8:

Download and release the function (manage softxxx_xxx.php in the directory). you can delete it if you don't need it. it is easier to upload it to pony.

Step 9:

You can download third-party protection plug-ins, such as the "Zhimeng CMS security package" produced by 360 and the "DedeCMS Stubborn Trojan backdoor exclusive" produced by Baidu's security alliance ";

Step 10:

(Optional) safest way: publish html locally and upload it to a space. It is theoretically the safest to include no dynamic content files, but maintenance is relatively cumbersome.

Supplement:You still have to check your website frequently. it is a trivial matter to be infected with a black chain. Trojan horse or program deletion will be miserable. if you are not lucky, the ranking will also fall. So remember to back up data from time to time !!!

So far, the malicious script files we have discovered include

Plus/ac. php plus/config_s.php plus/config_bak.php plus/diy. php plus/ii. php plus/lndex. php data/cache/t. php data/cache/x. php data/config. php data/cache/config_user.php data/config_func.php, etc.

Most uploaded scripts are concentrated in the plus, data, and data/cache directories. check whether the three directories have been uploaded recently;

For servers, you can install safedog and other related protection tools for WIN series servers;

The words of webmasters in a virtual space... Just do a good job in site security. The server cannot be reached either;

The above is a detailed description of the solution (security settings) of DedeCms. For more information, see other related articles in the first PHP community!