Discuz Pre-Installation safety specifications

Recommended in the computer room deployment when the back-end machine at least 2 for disaster tolerance, operation of the side Nginx reverse proxy to the back-end processing, you can refer to the following Nginx related configuration for testing, Discuz security related to the following things proposed, for reference:
discuz Pre-Installation safety specifications
1, the latest version of the installation package must be downloaded from Discuz official website;
2, Discuz Forum code to the server decompression, will all the file and directory owner to root or other owners (must be different from the webserver), the purpose is to prevent hackers to obtain webserver permission, the program file for malicious usurpation, put the backdoor, etc.;
3, the Discuz Forum code in the full directory permissions set to 755, the Discuz Forum code to set all the file permissions to 644;
4, ensure that the database and discuz are not on the same machine, do a good db separation, the back end of the machine can not only a single unit;
5, delete the Discuz root directory under the Crossdomain.xml file, if required, must be limited to specific domain name;
6. Delete the./static/image/common/mp3player.swf file;
7. Discuz root directory. The unwanted external interfaces in the/api/directory need to be removed;
8, prohibit the forum management background and UC management background extranet access;
9, prohibit discuz root directory./data directory parsing PHP, and PHP, SQL files can not be downloaded;
10, prohibit discuz root directory./uc_server/data./uc_client/data/directory parsing php, and PHP files can not be downloaded;
11, prohibit discuz root directory of the Conf directory and the directory of the files are outside the network access; disable access to the. bak backup file in the Discuz forum directory;
12, prohibit discuz root directory./api/uc.php file extranet access;
13, delete/uc_server/control/app.php;
14, after the installation of the forum, you need to delete the install directory;
after installing the discuz, it is necessary to modify some configuration items in the Discuz configuration file to secure the forum and reinforce the points as follows:
1. Set founder = ' 1 '
2. Set forcesecques = ' 1 '
3. Set Checkip = 1
4. Set runquery = ' 0 '
5. Set Dbimport = 0
6. Set Urlxssdefend = 1
7. Set attackevasive = ' 0 '
PHP Configuration Related:
1. Configure the Open_basedir as the site directory;
2. Disabling the dangerous function disable_functions disable_functions=
Dl,eval,assert,exec,popen,system,passthru,shell_exec,escapeshellarg,escapeshellcmd,proc_close,proc_open
(Some discuz! version of the normal operation needs to eval,assert two functions, if there is a problem, the above disable function can remove these two);
3. Close the global variable register_globals;
4. Open MAGIC_QUOTES_GPC;
5. Safe Mode safe_mode;
6. Close the error message to prompt display_errors;
7. Prohibit access to remote file allow_url_fopen,allow_url_include;

This article is from the "Boyhack" blog, make sure to keep this source http://461205160.blog.51cto.com/274918/1732888

Discuz Pre-Installation safety specifications