Friends who like to use dream weaving but often get infected with Trojans should pay attention to it.

I often see some friends saying that "the Dede program has security problems and my website has been infected again", but I think there should be no problems with Dede. Based on the view of the Dede user form source code, all are filtered.
There are so many users using Dede. If there are security vulnerabilities, I am afraid that I will not just use a few friends.
The following are the common SQL injection methods used by hackers and what you should pay attention:

1. Use tools and hacker tools to check your website's vulnerabilities ~ Of course, do not abuse ~ You can use some hacker software injected with SQL to check your website (such as the ah d injector and so on). I have used it and have not found any vulnerability in Dede that can be indicated by code, if you don't believe it, you can also test it. Of course, I don't know it doesn't mean no, but you should also know the number of friends who use Dede. If there is a vulnerability that is very easy to catch, the number of websites to be hanged may be terrible)

2. The background address must be changed. Do not use the Dede folder as your background address. Some friends do not know that the Dede folder can be renamed !?

3. it is best to add a verification code in the background. Although it is troublesome, many small hackers can avoid using social engineering to crack your website. (I have tried it. Many of my friends often use mobile phone numbers, domain Name, QQ, etc)

4. If a field is added to your website (for example, the user is required to input a birthday value when applying) to filter the fields, don't worry about it. (It is recommended that some PHP technical friends modify it. To achieve the function, it is not simple to add a publishing form to the background of the form at the front end and then add a database field, to prevent XSS attacks, add htmlspecialchars, mysql_escape_string ())

5. some other friends also used some small programs in their own space to add features (those programs I also forgot to delete, and the results were hung up) such: album, registration and other programs, these program authors are not specific, their program basically has a certain risk, some hackers can use this, upload the blackeyes pony (which is a trojan horse) to obtain the right to use your virtual space, and then use tools to batch Mount Trojans.

6. Don't ignore the risks of IDC server vendors. I will tell you ~ For hackers ~ In order to mount your website, we often do not use point-to-point cracking. Instead, we choose the method of side injection to crack other websites on the same server as you. Do not believe it, others need to know which of your website's neighbors are very easy (go to this website to view all the websites under the same IP address, enter your IP address on the http://www.myipneighbors.com /), cracking other users on the same server makes it easy for you to mount a Trojan (I used this method to access another website ). This issue will not occur if some good servers still have severe restrictions.

7. in addition, it is recommended that you strictly control the user upload column that you enable. This is also critical. If hackers do not crack your background, it will be much harder to get rid of your Trojans, because they need to upload a trojan tool. If you have already been infected with a Trojan, check whether your website allows HTML upload. PHP. ASP and other files.

8. always pay attention to the security patches officially released by Dede. I have studied the last several security patches. Some vulnerabilities may be exploited by others due to double reasons (Dede has paid more attention to them, it can be seen that Dede is still concerned with security issues. I remember that the member patch was released in January. In February, some hacker websites published articles about websites without such a patch, some of my friends are here ~ I am speechless. I hope you will pay attention to official security patches at any time)

9. some friends often upload files after the horse to this forum and hope that everyone can study them together. I would like to say, "This upload cannot be prevented, because the JS or IFRAME is not critical, you have uploaded a trojan that can only crack the encrypted file." What others leave is just a purpose rather than a tool.

10. irresistible natural factors, such as a super-top hacker hanging on your website, I am afraid that many things without faults will be faulty. Believe me in a word, trojan-infected hackers are some cainiao hackers and tool hackers. If you do this well, those hackers do not know how to do it.