How to effectively prevent Dede dream system is linked to the Trojan security settings (for reference only)

Source: Internet
Author: User
Tags administrator password
Dear Customer, Hello!     thank our customers for the trust and support of our work.       division in the last one months we have found many causes DEDECMS security vulnerabilities caused the site was uploaded malicious script events, intruders can use malicious script to send a large number of packets, the CPU resources and server bandwidth, the impact is extremely bad. To ensure a stable service, we will immediately suspend the site's services until the problem is fixed once the site has found such malicious script.
If you are using DEDECMS, check to see if malicious script already exists and update the program to the latest version or apply the relevant patches.     to date, we have found a malicious script file that has     plus/ac.php     plus/config_s.php      plus/config_bak.php     plus/diy.php     plus/ii.php     plus/lndex.php     data/cache/t.php     data/cache/x.php     data/ config.php     data/cache/config_user.php     data/config_func.php et cetera   
  Most of the uploaded scripts are concentrated in the plus, data, data/cache three directories, please carefully check the three directories have recently been uploaded files.     for more information and manual fixes for this vulnerability, refer to the DEDECMS official description: "Http://bbs.dedecms.com/354574.html" ( DEDECMS's official website forum is temporarily inaccessible in the upgrade)     can also refer to our Help Center documentation "http://www.gzidc.com/faq.php?action=view&id=486& Itemid=36 " &nbsp     Thank you for your understanding and support.
How to effectively prevent Dede dream system is linked to the Trojan security settings (for reference only)
First, the installation of the database table prefix, it is best to change, do not dedecms the default prefix Dede_, can be changed to Ljs_, a name can be.
Second, the background login to open the authentication code function, will be the default Administrator admin Delete, changed into a dedicated, complex point of account, the administrator password must be long, at least 8 digits, and the letter and the number of mixed.
third, after loading the program must delete the install directory
four, will dedecms admin default directory name dede get rid of.
Fifth, the use of functions are closed, such as members, comments, etc., if not necessary all in the background to close.
The following are some of the categories that can be deleted:
member function
Special Special features
company Enterprise Module
plus\guestbook Message board
The following files are available for deletion:
These files under the management directory are the background file Manager, is redundant function, and most affect security, many hack are through it to hang the horse's
file_manage_control.php file_manage_main.php file_ manage_view.php media_add.php media_edit.php media_main.php
again:
do not require the SQL command runtime to delete the dede/sys_sql_query.php file.
do not need the tag function, please delete the tag.php in the root directory. Do not need the top guest please delete the digg.php and diggindex.php in the root directory.
seventh, pay more attention to the DEDECMS official release of security patches, timely patch.
Eighth, download the release function (under the Management directory soft__xxx_xxx.php), you can delete it, this is also easier to upload pony.
Ninth, DEDECMS official website out of the Universal Security Protection Code, Login dedecms website forum view.
Tenth, the safest way: publish HTML locally, and then upload to space. Not including any dynamic content is theoretically the safest, but maintenance is relatively cumbersome.
11, still have to check their website often, is hanging black chain is small, be hanged Trojan or delete program is very miserable, bad luck, ranking will also follow off. So you have to remember to back up your data often.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.