Discussion on the protection of Discuz and other open source construction program of CMS

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

It's easy to be a webmaster in China the vast number of open source Web site procedures can meet your any needs; however, to do a webmaster is so difficult, the site every day to face a variety of known unknown "threat", open source CMS or forum program is useful, but with more people, research more people, There is a small loophole, the official patch dozen not timely words, for a website, that is the extinction.

Fortunately, thanks to our vast circle of hacker friends, if they do not, the network may not be so safe, our developers have been black countless times after the process of reinforcement, and now want to find a discuz loophole, or phpcms loopholes, than Heaven's difficulty estimate how much worse; The selling price of the loopholes that these few people have mastered is close to sky-high.

Now the CMS System program is getting smarter, most developers learn foreign plug-in mode, the main program development is very simple, that is, a framework, and then the rest of the functions are made into modular form, users can choose to use these features, the benefits of this, one can make the system more streamlined; can enhance the flexibility and scalability of the CMS system; Is there any downside to the use of plug-ins? The answer is yes, not only bad, but also may be to the Webmaster friends bring extinction!

Friends who have played hackers know that want to black a website, only need to find this site to use the program of a loophole, upload a webshell can then control the entire site, and many of the domestic open source CMS program, most of their plug-ins are by the user development upload share to everyone, of course, sharing is a good thing, However, some malicious developers, such as hackers, made some "special plug-ins" with backdoor, then posted to the Forum, waiting for users to download, once the user installed and use these plug-ins, hackers can control the entire site through the built-in backdoor! It's kind of like spreading the virus in the past. Oh:)

In the open platform of the green Union loophole, we can see many CMS plug-ins have a variety of problems, after all, most developers are amateur programmers.

Look at this Discuz plug-in, incredibly there is a simple SQL injection vulnerability! It's horrible! Domestic use of Discuz to do the forum 50W users, even if 1/3 of users installed this plug-in, we can not imagine what will happen ...

As the webmaster friends, how do we prevent plug-in vulnerabilities on the site's impact?

First of all, do not blindly download various plug-ins. Do not see new plug-ins on the map of the fresh download test, these new plug-ins have not been rigorously tested on the release, even if there is no loophole, in case of damage to your database that is not good

Second, try to download a large number of users use Plug-ins. GE said, which family more I choose which home, Plug-ins are the same, those enduring, after the test of the plug-ins, must be a good plug-in, download it, wrong!

Moreover, do not go to the unknown software download Web site to download Plug-ins, as far as possible to the official website download certified Plug-ins. Electric shopping district Download blog Plug-ins are to the official website download, at least the official will not pit us

Finally, here to the domestic developers to say, to the Web site Plug-ins to carry out regular detection of management, and even the organization of Web site programmers security testing for Plug-ins, to provide users with such security services, but also for their own to create benefits, the matter of mutual benefit, why not? Study under WordPress, Now there are more than 30,000 plug-ins, but they have every plug-in has been strictly authenticated after the release to the official website! Is this spirit not worth all the domestic developers to learn it!

Here also give you little black old black say: Do stationmaster, rise earlier than chicken, sleep than the dog Night, daily work to update the Web site, only to solve a food and clothing problem, once the site is black, even rice have no food, these people are in their own lives to make money, earn a penny to feed the family, are poor people, but also hope you can Jews , let the poor grassroots go!

Ibxboy, first generation Business Circle blog http://www.ibxboy.com