Six major issues to be noted in Dede website security

Source: Internet
Author: User
Keywords Website security

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Dedecms is currently very popular in the construction of a station program, because it is particularly easy to learn, so I either the Enterprise station or the article station are used in this program. However, the more popular procedures will be more interesting, dedecms security issues have been the topic of webmaster disputes, whether the site is vulnerable to intrusion attacks, or suddenly the site does not go, or the verification code can not be lost, will always encounter large and small problems. Today to share with you, the use of their own dedecms in the security issues of several considerations.

1, the Forum downloads the template

Dedecms success is a big reason because he has a lot of matching templates, grassroots webmaster do not bother to design templates. Many webmaster in the forum to see a good template directly to use, this approach often creates security risks. Or to copy the template, or download something, be sure to detect whether there is malicious advertising code, black chain, backdoor procedures. Do not take a breath full coverage of descult template folders, such as templates, you only need the homepage, section page, article page of these templates, just copy the templates of HTML and CSS files, a test.

2. Limit script files

Upload, data, templets these several directory files, must pay attention to modify permissions, limit the script to run. Also, the common.inc.php file is set to read-only. The general attack invasion starts from these aspects.

  

3, timely upgrade patches

No matter what CMS, there will be upgrades, DEDECMS upgrade speed relatively fast, so if you are still using what 5.5 or 5.6 version, be sure to hit the latest patches. Before the encounter a friend standing in, did not update the patch in time, hackers through this loophole after the intrusion of the advertising code. In fact, many hackers do not necessarily have to look for vulnerabilities, through the patch to know where the vulnerabilities, specifically for the site is rarely upgraded to invade.

4, limit the format of the member upload file

This feature can be set in the background, DEDECMS member function is still very powerful, there are separate contributors page, but many programs attack on the use of this, through registered members upload files to attack.

  

5, the Administrator account regularly modify the password

The default administrator account is admin and the password is also. I met a lot of corporate web site backstage, the long-term will be this default account and password. Because when you publish an article, many templates see the name of the publisher, and you know what your administrator account is. Many friends set the password is too simple, but also vulnerable to brute force. Therefore, it is important to modify your password regularly.

6, site problems, easy to give FTP

Many stationmaster is not very proficient in the procedure question, therefore encounters any question, is looking for help everywhere. We can see the pig eight precepts, Taobao and other places, many programs modified, procedures customization, security maintenance business. One to the FTP to others, whether or not to do, oh, you feel safe? Beware of some dishonest businessmen easily upload point code, the future of the site becomes someone else's.

These are dedecms common problems, I hope you often pay attention to their own site security. This article originates from the management graduation thesis www.yifanglunwen.com, reprint please specify.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.