How to easily prevent DEDECMS Trojans

How to easily prevent DEDECMS Trojans

Some DEDE background programs may be easily infected with Trojans. Of course, everyone has accumulated experience at and can easily prevent them from being infected. This requires

In the process of gradual accumulation, nothing can be done overnight, so we will not be infected with Trojans as long as we study the methods. The following describes the specific methods:

Simplified settings:

Delete all unnecessary functions. For example, you can delete the member folder without a member. Deleting redundant components is the best way to avoid hack injection. Set the index.html of each directory to prevent directory access.

Zhimeng can delete the directory list: member feature special feature install Installer (mandatory) company enterprise Module plus \ guestbook message board and other modules can generally not be installed or deleted.

Password settings:

The administrator password must be long and mixed with letters and numbers. Do not use admin. After the first installation, delete admin. It is not easy to create a new Administrator name. The password stored in the database of the zhimeng system is MD5. Generally, even if the HACK gets the MD5 password through injection, if your password is rigorous enough, the other party cannot reverse it. It is also helpless. However, the current MD5 cracking website is too advanced, and the 4 TB hard disk is full of MD5 passwords. Even if your password is complex, it can sometimes be overwritten. My previous website was so hacked. So the password must be complex enough.

Zhimeng can delete the file list:

The file_manage_control.php plugin file_manage_view.php media_add.php media_edit.php media_main.php files under the DEDE management directory are background file managers (these two functions are the most abundant and affect security, and many HACK uses them to mount Trojans. It is simply a small Trojan, And it is convenient to upload and edit Trojans. Generally, it cannot be deleted ).

Delete the dede/sys_ SQL _query.php file without the SQL command runner. Avoid using HACK.

If you do not need the tag function, delete tag. php In the root directory. Delete digg. php and diggindex. php In the root directory.

Configuration modification:

To prevent HACK from publishing documents and uploading Trojans. After the installation is complete, the PHP Code cannot be uploaded. This basically blocks the possibility of uploading and editing Trojans. A simple method with the boss. (The version above 5.0 has been modified, which has been tested and compared)

Open

Include/config_base.php

Find

Copy code // prohibit users from submitting certain special Variables

$ckvs = Array('_GET','_POST','_COOKIE','_FILES');foreach($ckvs as $ckv){if(is_array($$ckv)){foreach($$ckv AS $key => $value)if(eregi("^(cfg_|globals)",$key)) unset(${$ckv}[$key]);}}

Change to the following code:

Copy code // put

$ Ckvs = Array ('_ get',' _ Post', '_ cookier'); foreach ($ ckvs as $ ckv) {if (is_array ($ ckv )) {foreach ($ ckv AS $ key => $ value) if (! Empty ($ value) {$ {$ ckv} [$ key] = str_replace ('<'.'? ',' & '.' Lt ;'.'? ', $ Value); $ {$ ckv} [$ key] = str_replace ('? '.'> ','? '. '&'. 'Gt; ', $ {$ ckv} [$ key]);} if (eregi ("^ cfg _ | globals", $ key )) unset ($ {$ ckv} [$ key]) ;}// check whether PHP code exists in the uploaded file, and exit to process if (is_array ($ _ FILES )) {foreach ($ _ files as $ name = >$ value) {$ {$ name} = $ value ['tmp _ name']; $ fp = @ fopen ($ {$ name}, 'R'); $ fstr = @ fread ($ fp, filesize ($ {$ name })); @ fclose ($ fp); if ($ fstr! = ''& Ereg (" <\? ", $ Fstr) {echo" the file you uploaded contains dangerous content. The program terminates the processing! "; Exit ();}}}

Note:

For the space used by some people, please properly Save the CP and FTP password of the space. The password must be complex. If your server depends on yourself.

Directory:

The DEDE management directory must be named, and it is best to be as complex as the password.

Patch:

I often visit zhimeng official to see if there are any new security patches. Some must be marked.

With the above changes to security settings, we don't need to get DEDE infected. Of course, there is no strategy, but this method can prevent most intrusions.