Solve webmasters worries and teach you how to build a high-security dynamic network forum

Source: Internet
Author: User

Online forums are the most common and favorite forums on the Internet. However, because it is widely used and often becomes the main target of hacker attacks, its forum will also expose various vulnerabilities, making it easy for hackers to intrude into the Forum. In order to relieve the concerns of the dynamic network webmaster, I will explain in detail how to set the security level of the dynamic network forum to the highest level. Block Avatar Upload Vulnerability

The most widely used picture upload vulnerability is the mobile online forum. Therefore, you need to click the "Basic settings" tab on the background interface and click the "Basic settings" tab on the right, click the upload settings tab (figure 1 ).

[Img = 498,343] average

Figure 1 go to the Basic settings page of the Forum

Now you can go to the "Upload Settings" Page. Next, in the "avatar upload" list, select the option "close" list, then "save" to make the settings take effect (figure 2 ).


Figure 2 select "completely disabled" for Portrait upload

Modify Management EmployeeMaterials

After the operation is complete, change the Administrator's default password, because this is also an object that is often attacked by hackers. On its "Upload Settings" page, we will drag the right scroll bar to the top, then, click the modify "Administrator information" tab and select the "Administrator" account to go to the Administrator modification page. We recommend that you set a longer password to avoid hacker cracking (Figure 3 ).


Figure 3 change administrator password

Modify the Upload File Type

Next, to prevent malicious users from modifying the File Upload type, we need to find admin _ boardsetting in the Forum directory. ASP file, open it in Notepad format, and then click the ">" Search "option in the top, in the pop-up" Search "dialog box, enter the "readonly" character and click "find next. Wait a moment and you can Code Find the "readonly" character and add this code to it (figure 4 ).


Figure 4 Add a code to prohibit modification of the Upload File Type

Save it. In order to test whether the Code to prohibit modification to the uploaded file works, click the manage tab in the Forum Management column on the "dynamic network background" interface, in the displayed "Forum Manager", click the "Advanced Settings" option below, which will appear in the test bar (figure 5 ).


Figure 5 find the Upload File Type

We can find the file type to be uploaded and modify the file type in it. At this time, you will find that the file type cannot be modified. In this way, code blocking is successful, in this way, hackers are prohibited from passing Trojans to the background as other file types.

Of course, if HTML Parsing is enabled on the Forum and IFRAME | object | script | tags are not filtered out, attackers can use these HTML tags to automatically transfer pages, in this way, when a user browses a special post sent by a malicious user, the user automatically jumps to the specified malicious page. Therefore, it is imperative to filter IFRAME | object | script | tags. In the "Basic settings" page of the Forum background, find the "Forum script filtering extension Settings" tag, enter the "iframe | object | script |" tag you want to filter in the text field (figure 6 ).


Figure 6 filter IFRAME | object | script | tag

Drag the scroll bar on the right to the bottom and click the "Submit" button to make the IFRAME | object | script | tag setting effective, in this way, malicious people will not be able to use IFRAME | object | script | tags to do evil. At the same time, a very BT mobile network forum will be created. I believe that even a very powerful hacker will, you may also choose a detour solution.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.