Dedecms is currently very popular in the construction of a station program, because it is particularly easy to learn, so I either the Enterprise station or the article station are used in this program. However, the more popular procedures will be more interesting, dedecms security issues have been the topic of webmaster disputes, whether the site is vulnerable to intrusion attacks, or suddenly the site does not go, or the verification code can not be lost, will always encounter large and small problems. Today to share with you, the use of their own dedecms in the security issues of several considerations.
1, the Forum downloads the template
Dedecms success is a big reason because he has a lot of matching templates, grassroots webmaster do not bother to design templates. Many webmaster in the forum to see a good template directly to use, this approach often creates security risks. Or to copy the template, or download something, be sure to detect whether there is malicious advertising code, black chain, backdoor procedures. Do not take a breath full coverage of descult template folders, such as templates, you only need the homepage, section page, article page of these templates, just copy the templates of HTML and CSS files, a test.
2. Limit script files
Upload, data, templets these several directory files, must pay attention to modify permissions, limit the script to run. Also, the common.inc.php file is set to read-only. The general attack invasion starts from these aspects.
3, timely upgrade patches
No matter what CMS, there will be upgrades, DEDECMS upgrade speed relatively fast, so if you are still using what 5.5 or 5.6 version, be sure to hit the latest patches. Before the encounter a friend standing in, did not update the patch in time, hackers through this loophole after the intrusion of the advertising code. In fact, many hackers do not necessarily have to look for vulnerabilities, through the patch to know where the vulnerabilities, specifically for the site is rarely upgraded to invade.
4, limit the format of the member upload file
This feature can be set in the background, DEDECMS member function is still very powerful, there are separate contributors page, but many programs attack on the use of this, through registered members upload files to attack.
5, the Administrator account regularly modify the password
The default administrator account is admin and the password is also. I met a lot of corporate web site backstage, the long-term will be this default account and password. Because when you publish an article, many templates see the name of the publisher, and you know what your administrator account is. Many friends set the password is too simple, but also vulnerable to brute force. Therefore, it is important to modify your password regularly.
6, site problems, easy to give FTP
Many stationmaster is not very proficient in the procedure question, therefore encounters any question, is looking for help everywhere. We can see the pig eight precepts, Taobao and other places, many programs modified, procedures customization, security maintenance business. One to the FTP to others, whether or not to do, oh, you feel safe? Beware of some dishonest businessmen easily upload point code, the future of the site becomes someone else's.
These are dedecms common problems, I hope you often pay attention to their own site security. This article originates from the management graduation thesis www.yifanglunwen.com, reprint please specify.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.