Discuz! provides six solutions to improve forum "weak password" phenomenon

Intermediary transaction SEO diagnosis Taobao guest Cloud host technology Hall

May 30 News, discuz! Posted on its official website, "about the recent user password, Mailbox theft modification event Solution" sticky posts, for some of the site's "weak password" phenomenon provides six kinds of solutions to improve the security of the Forum.

discuz! Official top Post said, some of the website members password mailbox was maliciously modified, after the investigation found that the main reason is the forum has a "weak password" phenomenon. discuz! Provides six solutions to improve the problem, including Web site updates to discuz! Latest Version "discuz! X2.5 R20120518 ", install anti-malicious user plug-ins, set strong password complexity and so on.

It is understood that some of the recent Web site stolen number is an organized, premeditated theft, in order to prevent the theft of further expansion of the incident, discuz! Special provide six kinds of solutions to the webmaster to improve the security of the Forum. If the webmaster friends in accordance with the above six kinds of schemes to deal with, there is a problem of pilfer number, can be in the official website forum back to the top posts, discuz! Technicians will contact the webmaster first and deal with each one one-on-one.

discuz! Top Post Address: http://www.discuz.net/thread-2929092-1-1.html

discuz! The sticky posts are as follows:

Recently we received some webmaster feedback, the website member password mailbox was maliciously modified. After our technical personnel to find out, there are mainly the following two reasons:

1, the member password is too simple, for example password is 111111, 123456, 1, 654123, or username password is same;

2, "2011 End of the password leakage event", some members use the same password as the website.

To prevent the occurrence of such incidents, we provide the following prevention programmes:

1, update the latest version of the program

discuz! X2.5 The latest version is "discuz! X2.5 R20120518 ", the other version please refer to the Program publishing area of the application publishing post.

discuz! X2.5 Background Please repair 20120529 security patches (backstage => webmaster => Security Center)

2. Install anti-malicious user plugin

Plug-in installation please go to: Central => Application Center => plugin => search for anti-malicious user plug-ins for installation and setup.

discuz! X2.0 version Anti-malicious user plugin download address:

Http://www.discuz.net/thread-2299778-1-1.html

3, the new registration and password users to set a strong password complexity, at the same time on your website posted notice to notify users to modify the password

This feature is discuz! X2.5 version of the new features, password strength to set the method to the Central Administration => Global => Registration and access => set the minimum password length and enforce password complexity (see figure).

4, the background => global => to prevent the irrigation setting => authentication code setting => enable authentication code: modify Password

5, recommended users to use QQ Internet registration binding and login, to ensure the strength of the password, but also facilitate the authentication

6, the final purpose of the stolen number is to release the garbage post, the proposal to open a waterproof wall service to prevent spam

For sites that have been stolen, we recommend that they be handled in the following ways:

1, processing has been stolen number and modify the mailbox members

Illegal personnel pilfer number after change mailbox for 1337*****@163.com

Management Center => Users => users search =>email, fill in 1337*@163.com, search out the user, please lock the user, and in the corresponding version of the section, the user for one by one authentication and processing.

This incident is an organized and premeditated event belonging to the thieves. In order to prevent the theft of further expansion of the incident, if the webmaster friends in accordance with the above scheme to deal with, there is a problem, please reply to this post, our technical staff will contact you the first time, the problem of your one-on-one treatment.