Three ways to enhance the safety of woven dream CMS recommended _php Tutorial

Source: Internet
Author: User
Tags website server smarty template
Web development since the author often received the site to do security upgrade this job, and received these jobs, most of them are through the weaving Dream CMS site, because the attack caused such problems. The following authors recommend several simple and effective security practices for Web sites built using the Dream CMS, and you are welcome to correct them.

1. Change the prefix wildcard for a database table

The prefix wildcard is not the prefix of the database table name entered at the time of installation, but refers to the "#@_" string in the system source code.

I used to see a lot of unknown files in my own web site to write a lot of direct operation of the database code, which the operation of the table contains the "#@_" string, if we modify the source of the "#@_" string, then these unknown files will not work.

2, change the background management directory name

Hackers to invade a website, is generally through the SQL injection Hack site Administrator account password, and then log in to the background, upload Trojan, get Webshell right, until full control of the entire site. If we can modify the table name of the Administrator table and the management directory name of the background of the site, hackers will not be able to crack the site's administrator account, even if the administrator account, may also be unable to know the site management directory and can not log in to give up.

For administrator table name and background management directory modification, should try not to appear admin or manager keyword, this can greatly increase the hacker's crack difficulty. It is important to note that after modifying the name of the administrator table in the database, the corresponding table name in the source code should be modified. Weaving dream V5.7 in a total of 27 needs to be modified, you can search "dede_admin" to replace, I will not point out.

3. Initial connection configuration file of database repair

In the data/common.inc.php file of dream weaving, the database connection information is recorded, which is clear and unsafe. Here are two ways to make it relatively safe.

(1) Add a number of variables (dozens of or even hundreds), only six of these variables are really working, and others are used to disrupt the hacker's judgment.

(2) To encrypt data, but this need webmaster have certain programming technology. Either way, you need to make the appropriate modifications in the database initialization class, but the first method only needs to change a few variable names, which is relatively simple.

The above three methods to the Dream CMS system security can play a very important role, and many webmaster friends to enhance the security of the site methods are not able to start. Hope this article to the vast number of webmaster Friends of the Dream Web site security has helped!

There are also several points to be aware of:

1. Remove the member, special, and install folders from the root directory after the installation is complete.
2, set uploads, images, data, templets can be read writable non-executable
3, set include, plus, background files (default is Dede) readable executable non-writable
4. Set data/common.inc.php Read Only
5. Background watermark off
6, 404 Page Setup

Articles you may be interested in

    • Dedecms (Dream Weaving) website Server directory security Settings experience sharing
    • How to enhance the security of Linux and UNIX server systems
    • PHP Object-oriented introductory tutorial recommended
    • PHP determines the safest and most realistic solution for uploading file types
    • Dedecms uploading a picture upload FILETYPE not allow error resolution
    • How constants defined by define in the program are used in the Smarty template
    • How to remove ads from Dedecms background landing page
    • Escape,encodeuri,encodeuricomponent comparison and analysis of JavaScript's string encoding function

http://www.bkjia.com/PHPjc/764141.html www.bkjia.com true http://www.bkjia.com/PHPjc/764141.html techarticle Web development Since the author often received to the people's website to do security upgrade this job, and received these jobs, most of them are through the weaving dream CMS build up the site, because of the attack guide ...

  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.