Dedecms set up and remove all backdoors and vulnerabilities safely.

time:17-04-23 forum:DedeCMS building program
  http://www.jb51.net/cms/386969.html
first, the installation of the database table prefix, the best change, do not use the default prefix dede_ dedecms, can be changed into ljs_, just a name can.
Second, the background login opens the authentication code function, removes the default administrator admin, and changes it into a special account with its own complexity.
Third, after loading the program, be sure to delete the install directory
Fourth, and change the default directory name Dede of the dedecms background management.
fifth, all functions that are not available can be shut down, such as members, comments, etc., if there is no need to shut down in the background.
sixth, some of the following are remotable catalogues:

member membership function
special thematic function
company enterprise module
plus\guestbook message board

below are deleting files: these files are backstage file manager, and belong to superfluous functions, and The most secure
file_manage_control.php file_manage_main.php file_manage_view.php media_add.php media_edit.php media_main.php

again:

do not need the SQL command runtime to delete the dede/sys_sql_query.php file.
does not require tag function. Delete the tag.php in the root directory. No need for the top user. Please delete the digg.php and diggindex.php from the root directory.
links are also easy to be hung up. You can rename the dede_flink and dede_mytag tables in the database.
seventh, pay more attention to dedecms's official security patches, patch up in time.
eighth, download and release function (management directory under the soft__xxx_xxx.php), you can delete, it is easier to upload the.
ninth, DedeCms official network of the universal security protection code, I sent in the back of the article, the members of the official network can see.
to make CMS more secure, there is a need Add


copy code
code as follows:

config_base.php
find
[code]// prohibit users to submit certain special variables,
$ckvs. Each ($$ckv AS $key =.gt; $value)
if (eregi (.Quot; ^ cfg_|globals).Quot; ''_POST','_COOKIE'';
foreach ($ckvs as $ckv) {
if (is_array ($$ckv)). .#91; $key.#93;
}
if (eregi (.Quot; ^cfg_|globals.quot; $key)) unset (${$ckv}.#91; $key.#93;); E'.#93;
$fp = @fopen (${$name},'r');
$fstr = @fread ($fp, filesize (${$name})); your uploaded articles contain dangerous content, program terminates! .quot;;
exit ();
}
}
}[/code]

tenth; the safest way: local release HTML, then upload to space. Without any dynamic content, it is theoretically the safest, but maintenance is relatively cumbersome.
eleven, or you have to check your website often. It's a small thing to hang a black chain. It's bad to hang a Trojan horse or delete a program. If you have bad luck, the rankings will follow. So remember to back up the data.

twelve, and prohibit the execution of some directories, such as uploads, static generation directory,
thirteen, the PHP directory that needs to be executed in the background, and the settings to prohibit anonymous users of the web site and have write privileges.


other supplements:

Dedecms dream is the most widely used open source building system, but security has always been its biggest problem. How to solve it?

method

Directory: data, templets, uploads, a set readable and write executable permissions. The a directory is the default storage path of document HTML, which can be changed in the background.
Directory: include, member, plus, Dede are readable, executable, writable permissions. The background management directory (default Dede) can be modified by itself.
If only use the article system and do not use member functions, the push recommends: closing member functions, closing new member registrations, directly deleting member directory or renaming.
delete the install installation directory.
administrator account password as much as possible to set up complex, publish articles can be new channel administrator, and only give relevant permissions.
Mysql database links, do not use root users, build a new user alone, and give: SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE.
regularly backup website directory and database, and carry out file verification, virus scanning and system error recovery in the background.
update patches in the background of dedecms, upgrade to the latest version as much as possible.
check whether there are Trojan horse files such as /data/cache/t.php, /data/cache/x.php and /plus/index.php, or delete them immediately.
focuses on /plus/config_s.php, which is a traffic attack script in dedecms.
  • 2

prev:Garbage collection can be swept away: Ji... next:Ji'nan city to create "safe meat dishes ...
post comment
Notice



approved   87 year old retired teachers sell Sh...   Utility tools or components, framewo...   Mother recorded the 44 weeping of he...   The 71 moments of survival of the po...   Post retirement pension crisis: perh...
rand   DEDE solution to relative path probl...   When DedeCMS releases an atlas, it r...   DedeCMS downloads remote images and ...   When Dede V5.6 was upgraded to 5.7, ...   Post retirement pension crisis: perh...
ads

other

Because all the contents of this site are reproduced from other media, the intention is to provide free services to the public, but it does not mean that this site agrees with its views, and can not be responsible for the authenticity of its verification, such as the copyright unit or individual of the manuscript does not want to publish on this site, please Contact me, I will immediately remove it, thank you. Contact: atseashawk@163.com