Dedecms to prevent the horse from being hanged must see safety knowledge

First, the safety of the horse before the loss

A, change more default management directory Dede.

B, check the install directory for the existence of install.lock files. A user failed to write permissions to the install directory causing the lock file to not be generated during installation. After the installation is complete, you can delete the Intstall directory.

C, pay attention to the background update notice, check whether the latest Dedecms patch

D, Server web directory permissions settings
Conditional users set the DEDECMS data, templets, uploads, HTML, special, images, install directories to not allow script execution, and other directories to prevent writing, and the system will be more secure.

E, suggest to the official download program

F, server security measures (take windows2003 system as an example)
1, update the system patch to the latest, and turn on Automatic Updates
2, install anti-virus software, update virus library to the latest, and turn on Automatic Updates
3, open the system from the firewall, open the application of the port to filter unnecessary port access
4, open the TCP/IP Security policy, open the port in the application to filter unnecessary port access
5, open the user and user group management, add IUSR users corresponding to different Web sites, so that the division rights Management to reduce the loss of a site by the authority of the crisis
6. Set different permissions for different web directories
Example: Websitea directory corresponding permissions are generally system/administrators full permissions Iusr_websitea read-only permissions
Websitea the following subdirectory according to the requirements of the DEDECMS program to assign Iusr_websitea write run permissions, see above B-point directory permission description
7, do not install the server on the unknown antecedents of the software
8, do not install on the server what crack version of the Chinese version of software, if you really need to recommend the original
9, the proposal does not install SERVU FTP software, exchange with other FTP software, change FTP port, user password not too simple
10, if you do not need to close the service application of remote access features, such as MySQL user remote access
11, for the above point, you can use the Local Security policy function, set to allow access to IP.
12, the use of local security policy, but also can effectively deny CC attacks, filtering the source IP access.
13, the server on the application of various services to update timely patches, such as MSSQL remember to play patches, and to use the genuine, no conditions to use the normal copy version
14, the server on the application of the MySQL configuration, such as IIS configuration, please search Baidu Google this aspect of the security application of the topic, strengthen the internal strength is very important.
15, turn on IIS access log records

Second, the security check after the horse is suspended

Close the Web site as necessary to get to the next step

A, into the DEDECMS management background check whether there are new patches or security reminders are not updated in a timely manner.

B, check the source file for the corresponding Trojan virus code to confirm whether the ARP attack
ARP Attack performance: The program file does not move, the attack is to deceive the target gateway to achieve the effect of deceiving the user side, the realization of the user-side access to the Web site loaded Trojan.
ARP Attack prevention: Install the anti-ARP attack software and other countermeasures to the server, or contact your IDC service provider.

C, check the directory permissions, see the first big point in the security measures.

D, check every directory in the FTP, find the most recently modified suspicious files.
1, with Notepad and other types of tools to open the search, if it is really hanging horse, here analysis can be found.
2, if the whole station is hung, please focus on first check the entire station to call the JS file.
3, from the file to find the code hanging, copy the key statement part of the code, open the replacement type of software batch or batch to find it.
4, the above step need to have the server Control authority, no words can only download back batch. (This is a cautious approach, if you are sure that you can only check some files or directories)

E, above or can not solve, that must analyze IISLog log, traced source to find the invasion point.
You can download IISLog analytics software research.

How to turn to the authorities for help or to report security issues?

1, check the trojan, suspicious file modification time
2, view the site system log, control the 1th time to find the way to hang the horse.
3, please read carefully to understand the one or two major points, confirm still cannot solve.