Zhimeng dedecms is often infected with Trojans

There are two dream enterprises that have been infected with Trojans for a long time. Baidu cannot find any way to block the vulnerability.

Later, I did my own experiments and found the frequent Trojan entrance. Delete the entry file.

After deleting this file, I have observed that many Trojans have not been mounted for a long time. Now I will share it with you.

Delete the files/plus/ad_js.php/plus/mytag_js.php.

Note that if you delete the two files, the js call tag and the advertisement will be faulty. You can use the tag to call them directly.

Supplement:First, you should change the table prefix of the database during installation. You can change it to ljs _ without the default dedecms prefix dede.

2. Log on to the background and enable the verification code function. Delete the default administrator admin and change it to a dedicated and complex account. The administrator password must be at least 8 characters long, and mix letters and numbers.

Third, you must delete the install directory after installing the program.

Fourth, change the default directory name dede of dedecms background management.

Fifth, disable unused features, such as members and comments. If you do not need them, disable them in the background.

Sixth, the following are directories that can be deleted:

Member functions

Special features

Company Enterprise module

Plusguestbook message board

The following files can be deleted:

These files under the management directory are the background file manager, which is a redundant function and affects security the most. Many HACK uses it to Mount Trojans.

File_manage_control.php file_manage_main.php file_manage_view.php media_add.php media_edit.php media_main.php

Then:

Delete the dede/sys_ SQL _query.php file without the SQL command runner.

If you do not need the tag function, delete tag. php in the root directory. Delete digg. php and diggindex. php in the root directory.

7. Pay more attention to the security patch officially released by dedecms and promptly install the patch.

Eighth, download the release function (manage soft _ xxx_xxx.php in the directory). You can delete it if you don't need it. This is also easier to upload the pony.

9. Log on to the DedeCms official website to view the universal security protection code.

10. The safest way: publish html locally and then upload it to the space. It does not contain any dynamic content. Theoretically, it is the safest, but maintenance is relatively troublesome.

11. I still have to check my website frequently. It is a trivial matter to be hacked. Trojan horse or program deletion will be miserable. If I am not lucky, the ranking will also fall. So remember to back up data from time to time.

So far, the malicious script files we have discovered include

Plus/ac. php

Plus/config_s.php

Plus/config_bak.php

Plus/diy. php

Plus/ii. php

Plus/lndex. php

Data/cache/t. php

Data/cache/x. php

Data/config. php

Data/cache/config_user.php

Data/config_func.php, etc.

Most uploaded scripts are concentrated in the plus, data, and data/cache directories. Check whether the three directories have been uploaded recently.

By checking the server access log file, I know that the hacker is post to these two files and then generates the php file on the server, and then operates on your server. Deleting these two files solves the problem of Trojan infection for a long time!

Server

In addition to the above methods, you can also install them on the server. For example, you can install dongle and sell coffee to restrict directories. One is to restrict the writing of PHP files, and the other is to restrict the modification of tables, at the same time, the directory C disk cannot be casually put into exe, dll and other executable files. In this way, there is a bug that cannot write executable files to your host, and the image file Upload directory cannot execute php files.