Six major issues to be noted in Dede website security

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Dedecms is currently very popular in the construction of a station program, because it is particularly easy to learn, so I either the Enterprise station or the article station are used in this program. However, the more popular procedures will be more interesting, dedecms security issues have been the topic of webmaster disputes, whether the site is vulnerable to intrusion attacks, or suddenly the site does not go, or the verification code can not be lost, will always encounter large and small problems. Today to share with you, the use of their own dedecms in the security issues of several considerations.

1, the Forum downloads the template

Dedecms success is a big reason because he has a lot of matching templates, grassroots webmaster do not bother to design templates. Many webmaster in the forum to see a good template directly to use, this approach often creates security risks. Or to copy the template, or download something, be sure to detect whether there is malicious advertising code, black chain, backdoor procedures. Do not take a breath full coverage of descult template folders, such as templates, you only need the homepage, section page, article page of these templates, just copy the templates of HTML and CSS files, a test.

2. Limit script files

Upload, data, templets these several directory files, must pay attention to modify permissions, limit the script to run. Also, the common.inc.php file is set to read-only. The general attack invasion starts from these aspects.

3, timely upgrade patches

No matter what CMS, there will be upgrades, DEDECMS upgrade speed relatively fast, so if you are still using what 5.5 or 5.6 version, be sure to hit the latest patches. Before the encounter a friend standing in, did not update the patch in time, hackers through this loophole after the intrusion of the advertising code. In fact, many hackers do not necessarily have to look for vulnerabilities, through the patch to know where the vulnerabilities, specifically for the site is rarely upgraded to invade.

4, limit the format of the member upload file

This feature can be set in the background, DEDECMS member function is still very powerful, there are separate contributors page, but many programs attack on the use of this, through registered members upload files to attack.

5, the Administrator account regularly modify the password

The default administrator account is admin and the password is also. I met a lot of corporate web site backstage, the long-term will be this default account and password. Because when you publish an article, many templates see the name of the publisher, and you know what your administrator account is. Many friends set the password is too simple, but also vulnerable to brute force. Therefore, it is important to modify your password regularly.

6, site problems, easy to give FTP

Many stationmaster is not very proficient in the procedure question, therefore encounters any question, is looking for help everywhere. We can see the pig eight precepts, Taobao and other places, many programs modified, procedures customization, security maintenance business. One to the FTP to others, whether or not to do, oh, you feel safe? Beware of some dishonest businessmen easily upload point code, the future of the site becomes someone else's.

These are dedecms common problems, I hope you often pay attention to their own site security. This article originates from the management graduation thesis www.yifanglunwen.com, reprint please specify.