Home > CMS Tutorial > DEDECMS > body text

How to prevent Dedecms from invading

藏色散人
Release: 2019-12-02 10:44:47
Original
2825 people have browsed it

How to prevent Dedecms from invading

怎么防止Dedecms入侵?

一、最基本的安全设置:修改dedecms默认后台目录/dede/和修改管理员帐号密码;

二、如网站不需要使用会员系统,建议删除/member/文件夹;

三、将/data/文件夹移到Web访问目录外,这条是dedecms官方建议,具体操作方法如下:

1. 将/data/文件夹移至web根目录的上一级目录

2. 修改/include/common.inc.php中DEDEDATA变量,将:define('DEDEDATA', DEDEROOT.'/data'); 改为define('DEDEDATA', DEDEROOT.'/../data');

3. 修改/index.php,删除如下代码(注:如首页生成静态且index.html索引优先于index.php可忽略此条修改。):

代码如下:

if(!file_exists(dirname(__FILE__).'/data/common.inc.php'))
{
header('Location:install/index.php');
exit();
}
Copy after login

4. 配置tplcache缓存文件目录:登陆后台 > 系统 > 系统基本参数 > 性能选项,将模板缓存目录值改为 /../data/tplcache

四、/plus/是dedecms漏洞高发目录,隐藏/plus/路径可防范该目录下文件产生的未知漏洞的利用,如需使用该目录下某个文件,可在.htaccess中添加相关规则实现白名单功能。

示例:假设plus目录名修改为/abcd9com/,网站需要使用后台栏目动态预览(路径:http://域名/plus/list.php?tid=栏目编号)和发布跳转文章(路径:http://域名/plus/view.php?aid=文章编号)的功能,则可在.htaccess添加如下代码:

代码如下:

RewriteEngine On
RewriteCond %{QUERY_STRING} ^tid=(\d+)
RewriteRule ^plus/list.php$ /abcd9com/list.php$1 [L]
RewriteCond %{QUERY_STRING} ^aid=(\d+)
RewriteRule ^plus/view.php$ /abcd9com/view.php$1 [L]
Copy after login

推荐学习:织梦cms

The above is the detailed content of How to prevent Dedecms from invading. For more information, please follow other related articles on the PHP Chinese website!

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template