Backend Development
PHP Tutorial
Detailed explanation of DedeCms security problem solutions (security settings)
Detailed explanation of DedeCms security problem solutions (security settings)
Everyone on the Internet has also seen the DEDECMS program. Although it is convenient for grassroots webmasters to quickly build a website, security also has many problems. You need to set it up before you can use it, otherwise it will become a problem for others. Horse's website p>The following is for some novice webmaster friends who use DEDE (those with non-targeted technical skills)
dedecms template download address: www.php.cn/xiazai/code/dedecms
Everyone on the Internet has also seen the DEDECMS program. Although it is convenient for grassroots webmasters to quickly build a website, it also has many security issues. DEDE officials have stopped upgrading the system a long time ago. At most, they only have some patch repairs;
Okay, without further ado, here’s the summary Some commonly used solutions:
Step one:
When installing Dede, it is best to change the table prefix of the database, not Use the default prefix dede_ of dedecms, which can be changed to emtalk_, or any irregular and hard-to-guess prefix (if the site is running online, you can ask a technician to help modify it).
Second step:
Backend login must enable the Verification code function (or write a security mechanism by yourself), and the default Administrator admindelete and change it to a dedicated, more complex account. The administrator password must be long, at least 8 characters, and mixed with letters and numbers.
Step Three:
Be sure to delete the install directory after installing the program! ! !
Step 4:
Change the default directory name dede for dedecms background management, and change it to something that is hard to guess and irregular (change it from time to time).
Step 5:
Close (or eliminate/delete) all unused functions, such as members, comments, etc. If not necessary, close them all in the background. (If some functions require it and there is technical support, you can develop or modify the default success code yourself)
Step 6:
(1) The following are possible Deleted directories/functions (if you don’t use them):
member会员功能 special专题功能 company企业模块 plusguestbook留言板
(2) The following are the files that can be deleted:
These files in the management directory are background file managers and belong to It is a redundant function and most affects security. Many HACKs are mounted through it.
file_manage_control.php file_manage_main.php file_manage_view.php media_add.php media_edit.php media_main.php
Furthermore:
If you do not need a SQL command runner, delete the dede/sys_sql_query.php file.
If you do not need the tag function, please delete tag.php in the root directory. Please delete digg.php and diggindex.php in the root directory if you don’t need to be an invoker.
Step 7:
Pay more attention to the security patches officially released by dedecms and apply them in time.
Step 8:
Download the publishing function (softxxx_xxx.php in the management directory), you can delete it if you don’t need it, this is also easierUpload小马的.
Step 9:
You can download third-party protection plug-ins, such as: "Dreamweaver CMS Security Package" produced by 360, Baidu's security "DedeCMS Stubborn Trojan Backdoor Killer" produced by the alliance;
Step 10:
(optional) The safest way: Publish html locally and then upload it to space. It does not contain any dynamic content files and is the safest in theory, but maintenance is relatively troublesome.
Supplement: You still have to check your website frequently. Being linked to a black link is a trivial matter, but being linked to a Trojan horse or deleting a program is very miserable. If you are unlucky, your ranking will also drop. . So remember to back up your data from time to time! ! !
So far, the malicious script files we have discovered are
plus/ac.php plus/config_s.php plus/config_bak.php plus/diy.php plus/ii.php plus/lndex.php data/cache/t.php data/cache/x.php data/config.php data/cache/config_user.php data/config_func.php等等
Most of the uploaded scripts are concentrated in the three directories of plus, data, and data/cache. Please check the three directories carefully. Are there any files that have been uploaded recently?
As for the server, if it is a WIN series server, you can install security dogs and other related protection tools;
What are the words of the webmaster friends of the virtual space? . . Just do a good job of site security. The server cannot be touched;
The above is the detailed content of Detailed explanation of DedeCms security problem solutions (security settings). For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How to solve the 'Security settings change problem that prompts the pin code is no longer available after Win11 is turned on'
Jan 29, 2024 pm 02:27 PM
When we use win11 system, we will set the pin code to help our computer data. However, many users also show that the security settings on this device have been changed when setting the pin code, and the pin code is no longer available. So what should we do? manage? Users can go into the troubleshooter to make settings. Let this site give users a detailed introduction to what to do if Win11 starts up and it shows that the security settings on this device have been changed and the pin code is no longer available? Bar. What should I do if it shows that the security settings on this device have been changed and the pin code is no longer available when booting up Windows 11? First, on the page where your PIN is unavailable and you need to reset your PIN, hold down the shift key and select Restart. Please wait later will appear, and then enter the reset
How to set up security settings in 360 Extreme Browser
Jan 29, 2024 pm 09:51 PM
How should 360 Speed Browser perform security settings? When we use 360 Speed Browser, how should we perform security settings? Let’s introduce it below! We usually use 360 Speed Browser to browse the web. When we use it, we are worried that harmful websites will invade our browser, so we will make some security settings. So how to set them up specifically? The editor has compiled the 360 Speed Browser below. Detailed operation of security settings. If you don’t know how, follow me and read on! Detailed operations for security settings on 360 Speed Browser 1. Open 360 Speed Browser, find the icon with three horizontal lines in the upper right corner, and click to enter. 2. Enter the main settings menu, find the "Options" below, and click to enter. 3. After entering the "Options" interface, on the left
PHP file permission management and security settings
Aug 08, 2023 pm 02:51 PM
PHP file permissions are one of the important measures to protect file security on the server. Properly setting file permissions can prevent malicious users from modifying, deleting, or executing malicious code on files. Therefore, when developing and deploying PHP applications, file permissions must be correctly set and managed to ensure application security. 1. Basic concepts File permissions are divided into three levels, namely user (Owner), user group (Group) and other users (Other). Each level has three permissions, namely read (Re
Where is the imperial cms resource network template?
Apr 17, 2024 am 10:00 AM
Empire CMS template download location: Official template download: https://www.phome.net/template/ Third-party template website: https://www.dedecms.com/diy/https://www.0978.com.cn /https://www.jiaocheng.com/Installation method: Download template Unzip template Upload template Select template
How to use dedecms
Apr 16, 2024 pm 12:15 PM
Dedecms is an open source Chinese CMS system that provides content management, template system and security protection. The specific usage includes the following steps: 1. Install Dedecms. 2. Configure the database. 3. Log in to the management interface. 4. Create content. 5. Set up the template. 6. Manage users. 7. Maintain the system.
Accurate and reliable dedecms conversion tool evaluation report
Mar 12, 2024 pm 07:03 PM
Accurate and reliable dedecms conversion tool evaluation report With the rapid development of the Internet era, website construction has become one of the necessary tools for many companies and individuals. In website construction, using a content management system (CMS) can manage website content and functions more conveniently and efficiently. Among them, dedecms, as a well-known CMS system, is widely used in various website construction projects. However, sometimes we are faced with the need to convert the dedecms website to other formats, in which case we need to use a conversion tool
How to upload local videos to dedecms
Apr 16, 2024 pm 12:39 PM
How to upload local videos using Dedecms? Prepare the video file in a format that is supported by Dedecms. Log in to the Dedecms management backend and create a new video category. Upload video files on the video management page, fill in the relevant information and select the video category. To embed a video while editing an article, enter the file name of the uploaded video and adjust its dimensions.
How dedecms implements template replacement
Apr 16, 2024 pm 12:12 PM
Template replacement can be implemented in Dedecms through the following steps: modify the global.cfg file and set the required language pack. Modify the taglib.inc.php hook file and add support for language suffix template files. Create a new template file with a language suffix and modify the required content. Clear Dedecms cache.
