How to Prevent Trojans for websites built with DedeCms

As one of the most widely used CMS in China, DedeCms often exposes vulnerabilities. The impact of each vulnerability is a large piece, which is easily caused by advertisements and pop-up boxes, the server becomes a bot and valuable data is lost. So how can we prevent trojans on websites built with DedeCms? Is there any way to improve the security of DedeCms?

I. Security measures before Trojan Infection

A. Change the default Management directory dede. The more complicated the change is.

B. Check whether the install. lock file exists in the install directory. Some users do not grant the write permission to the install directory, so the lock file is not generated during installation. After the installation is complete, you can delete the entire intstall directory.

C. Follow the background update notification and check whether the latest dedeCMS patch is installed.

D. If the server's web directory permission is set to a qualified user, set the data, templets, uploads, html, special, images, and install directories in DedeCms as not allowed to execute scripts, and other directories are not allowed to write data, the system will be safer.

E. Download the program F from the official website and perform server security measures (take windows2003 as an example)

1. Update the system patch to the latest one and enable automatic updates.

2. install anti-virus software, update the virus database to the latest version, and enable automatic updates.

3. Open the firewall that comes with the system and open the ports in the application to filter out unnecessary port access.

4. Open the TCP/IP security policy and open the port in the application to filter out unnecessary port access

5. Open user and user group management and add IUSR users to correspond to different WEB sites, so that permission management can reduce the permission crisis caused by a site being hacked.

6. set different permission examples for different WEB directories: the corresponding permissions of the WebSiteA directory are generally system/administrators. Full permissions: IUSR_websiteA read-only permissions: the sub-directories under WebsiteA are allocated the write and run permissions of IUSR_websiteA according to the requirements of the DedeCMS program.

7. Do not install unknown software on the server

8. Do not install any cracked Chinese Version Software on the server. If you need it, we recommend that you use the original version.

9. Do not install The ServU FTP software. Use other FTP software and change the FTP port. The user password should not be too simple.

10. Disable the remote access function of the service application if you do not need it, for example, remote access by mysql user.

11. For the above, you can use the Local Security Policy Function to set the allowed IP addresses.

12. Using local security policies, you can also effectively reject CC attacks and filter access from source IP addresses.

13. Install patches for various service applications on the server in a timely manner. For example, install patches for mssql and use genuine patches, if there are no conditions, you should also use the regular copy version 14 and various applications on the server, such as IIS configuration and mysql configuration. Please search for the topics of Baidu Google's security applications, it is important to strengthen internal strength.

15. Enable IIS access Logging

2. If necessary, disable the website for further troubleshooting.

A. Go to the DedeCMS management background to check whether new patches or security reminders are not updated in time.

B. Check whether the source file contains the corresponding trojan virus code to check whether it is ARP attack performance: the program file is not changed, and the attack uses the target gateway to fool the client, the client accesses the website to load Trojans.

Arp attack prevention: Install anti-arp attack software and other countermeasures on the server, or contact your IDC service provider.

C. Check directory permissions. For details, refer to the security measures in the first step.

D. Check every directory in FTP to find the suspicious files that have been recently modified.

1. Use notepad and other tools to open the search. If it is a real Trojan, it can be found through analysis here.