Safety problems and solutions in building stations using the construction station program

Source: Internet
Author: User
Keywords Solve secure

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Site security has always been a site operation of an immutable topic, as long as the existence of a network day will inevitably appear security threats. Site security is also closely related to the survival of the site. The website is hacked, the small may appear the site is hung black chain, the page is tampered with, big then causes the site data to lose inaccessible, endangers the user security and so on the question. and a safe site is from our side bit by bit small details to start. The following article in the five to prevent hacker intrusion security tips, I hope to help.

1, modify the site's default administrator account

The most common problem in today's Web site security is that many webmasters are using the default account directly. We know that some mainstream building systems such as dream weaving, WordPress, and so will use the "admin" default Administrator account. And many stationmaster does not notice this detail, the administrator account directly uses the default username. When a hacker understands your site program and knows your default administrator account, the first thing he can do is use brute force to crack the password on your admin account. So how do we deal with this problem? The easiest way is to modify this account and change it to a more complex account. There is a number of plug-ins we can use to limit the number of users to enter the wrong password, when the user entered a certain number of incorrect password, the system will be locked to change the account, and need to continue to enter the password after a period of time.

2: Modify the admin URL

The site that uses the construction station system constructs the website also to be likely to have the problem, that is the backstage management URL address many uses the default same address. For example, the dream of the background management address is http://www.XXX.com/dede so as a hacker as long as I master your background URL address can attack your site. So what's the answer? The method is also very simple, we just change the background address of the folder can change the background of the URL address. At the same time we need to note that we need to use a robots file to screen the background address, so that search engines can not crawl included.

3: Permissions Set

In many cases, the site's file permissions are not set correctly is the site as the main reason for the risk situation. Take the site's htaccess file as an example, we know that the file can be used to redirect the site and other operations. If the hacker gets permission to modify the file, he can edit the file to jump your domain to a malicious domain. So how do we prevent it? The easiest way to do this is by modifying permissions. For example we give directory 755 permissions, give file 644 permissions, give htaccess444 permissions.

4: Comments

Whether you believe it or not, comments can be a big problem affecting site security. The most common way to comment attacks is to use cross-site scripting. A security vulnerability in which an attacker inserts malicious code into a link that looks like a trustworthy source. When this link is clicked, the embedded program receives the user's Web request and executes malicious code on the user's computer, typically allowing the attacker to steal the user's information. This is a tricky site security issue, but there are a few things you can do to help prevent cross-site scripting from happening in your comments. You can use review reviews, or filter script on the comments page to prevent this type of attack.

5: Upload File

If you allow your users to upload files to your site, there is a certain risk to your site, because uploading files can be a backdoor, a malware or a robot script, and so on. These can bring a small harm to the site. So how do we guard against this problem? First, if there is no need, I do not recommend you to open the site's upload function, and secondly, if you must open, you need to upload the user file types to make restrictions, filter the user's file type.

Of course, the security of the site details far more than these five points, but the author wants to pass these five points again to warn you webmaster often site security problems are from a number of details, only to deal with these details to our site a more secure environment for growth. This article by the Healthy Road video http://www.kmjmwj.com/original, reprint please retain the source.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.