Web development since the author often received the site to do security upgrade this job, and received these jobs, most of them are through the weaving Dream CMS site, because the attack caused such problems. The following authors recommend several simple and effective security practices for Web sites built using the Dream CMS, and you are welcome to correct them.
1. Change the prefix wildcard for a database table
The prefix wildcard is not the prefix of the database table name entered at the time of installation, but refers to the "#@_" string in the system source code.
I used to see a lot of unknown files in my own web site to write a lot of direct operation of the database code, which the operation of the table contains the "#@_" string, if we modify the source of the "#@_" string, then these unknown files will not work.
2, change the background management directory name
Hackers to invade a website, is generally through the SQL injection Hack site Administrator account password, and then log in to the background, upload Trojan, get Webshell right, until full control of the entire site. If we can modify the table name of the Administrator table and the management directory name of the background of the site, hackers will not be able to crack the site's administrator account, even if the administrator account, may also be unable to know the site management directory and can not log in to give up.
For administrator table name and background management directory modification, should try not to appear admin or manager keyword, this can greatly increase the hacker's crack difficulty. It is important to note that after modifying the name of the administrator table in the database, the corresponding table name in the source code should be modified. Weaving dream V5.7 in a total of 27 needs to be modified, you can search "dede_admin" to replace, I will not point out.
3. Initial connection configuration file of database repair
In the data/common.inc.php file of dream weaving, the database connection information is recorded, which is clear and unsafe. Here are two ways to make it relatively safe.
(1) Add a number of variables (dozens of or even hundreds), only six of these variables are really working, and others are used to disrupt the hacker's judgment.
(2) To encrypt data, but this need webmaster have certain programming technology. Either way, you need to make the appropriate modifications in the database initialization class, but the first method only needs to change a few variable names, which is relatively simple.
The above three methods to the Dream CMS system security can play a very important role, and many webmaster friends to enhance the security of the site methods are not able to start. Hope this article to the vast number of webmaster Friends of the Dream Web site security has helped!
There are also several points to be aware of:
1. Remove the member, special, and install folders from the root directory after the installation is complete.
2, set uploads, images, data, templets can be read writable non-executable
3, set include, plus, background files (default is Dede) readable executable non-writable
4. Set data/common.inc.php Read Only
5. Background watermark off
6, 404 Page Setup
Articles you may be interested in
- Dedecms (Dream Weaving) website Server directory security Settings experience sharing
- How to enhance the security of Linux and UNIX server systems
- PHP Object-oriented introductory tutorial recommended
- PHP determines the safest and most realistic solution for uploading file types
- Dedecms uploading a picture upload FILETYPE not allow error resolution
- How constants defined by define in the program are used in the Smarty template
- How to remove ads from Dedecms background landing page
- Escape,encodeuri,encodeuricomponent comparison and analysis of JavaScript's string encoding function
http://www.bkjia.com/PHPjc/764141.html www.bkjia.com true http://www.bkjia.com/PHPjc/764141.html techarticle Web development Since the author often received to the people's website to do security upgrade this job, and received these jobs, most of them are through the weaving dream CMS build up the site, because of the attack guide ...