How to prevent Dedecms from invading
怎么防止Dedecms入侵?
一、最基本的安全设置:修改dedecms默认后台目录/dede/和修改管理员帐号密码;
二、如网站不需要使用会员系统,建议删除/member/文件夹;
三、将/data/文件夹移到Web访问目录外,这条是dedecms官方建议,具体操作方法如下:
1. 将/data/文件夹移至web根目录的上一级目录
2. 修改/include/common.inc.php中DEDEDATA变量,将:define('DEDEDATA', DEDEROOT.'/data'); 改为define('DEDEDATA', DEDEROOT.'/../data');
3. 修改/index.php,删除如下代码(注:如首页生成静态且index.html索引优先于index.php可忽略此条修改。):
代码如下:
if(!file_exists(dirname(__FILE__).'/data/common.inc.php'))
{
header('Location:install/index.php');
exit();
}4. 配置tplcache缓存文件目录:登陆后台 > 系统 > 系统基本参数 > 性能选项,将模板缓存目录值改为 /../data/tplcache
四、/plus/是dedecms漏洞高发目录,隐藏/plus/路径可防范该目录下文件产生的未知漏洞的利用,如需使用该目录下某个文件,可在.htaccess中添加相关规则实现白名单功能。
示例:假设plus目录名修改为/abcd9com/,网站需要使用后台栏目动态预览(路径:http://域名/plus/list.php?tid=栏目编号)和发布跳转文章(路径:http://域名/plus/view.php?aid=文章编号)的功能,则可在.htaccess添加如下代码:
代码如下:
RewriteEngine On
RewriteCond %{QUERY_STRING} ^tid=(\d+)
RewriteRule ^plus/list.php$ /abcd9com/list.php$1 [L]
RewriteCond %{QUERY_STRING} ^aid=(\d+)
RewriteRule ^plus/view.php$ /abcd9com/view.php$1 [L]推荐学习:织梦cms
The above is the detailed content of How to prevent Dedecms from invading. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Where is the imperial cms resource network template?
Apr 17, 2024 am 10:00 AM
Empire CMS template download location: Official template download: https://www.phome.net/template/ Third-party template website: https://www.dedecms.com/diy/https://www.0978.com.cn /https://www.jiaocheng.com/Installation method: Download template Unzip template Upload template Select template
How dedecms implements template replacement
Apr 16, 2024 pm 12:12 PM
Template replacement can be implemented in Dedecms through the following steps: modify the global.cfg file and set the required language pack. Modify the taglib.inc.php hook file and add support for language suffix template files. Create a new template file with a language suffix and modify the required content. Clear Dedecms cache.
What website can dedecms do?
Apr 16, 2024 pm 12:24 PM
Dedecms is an open source CMS that can be used to create various types of websites, including: news websites, blogs, e-commerce websites, forums and community websites, educational websites, portals, other types of websites (such as corporate websites, personal websites, photo album websites, video sharing website)
How to upload local videos to dedecms
Apr 16, 2024 pm 12:39 PM
How to upload local videos using Dedecms? Prepare the video file in a format that is supported by Dedecms. Log in to the Dedecms management backend and create a new video category. Upload video files on the video management page, fill in the relevant information and select the video category. To embed a video while editing an article, enter the file name of the uploaded video and adjust its dimensions.
How to use dedecms
Apr 16, 2024 pm 12:15 PM
Dedecms is an open source Chinese CMS system that provides content management, template system and security protection. The specific usage includes the following steps: 1. Install Dedecms. 2. Configure the database. 3. Log in to the management interface. 4. Create content. 5. Set up the template. 6. Manage users. 7. Maintain the system.
What loopholes does dedecms have?
Aug 03, 2023 pm 03:56 PM
DedeCMS is an open source content management system that has some potential vulnerabilities and security risks: 1. SQL injection vulnerability. Attackers can perform unauthorized operations or obtain sensitive data by constructing malicious SQL query statements; 2. File Upload vulnerability, attackers can upload files containing malicious code to the server to execute arbitrary code or obtain server permissions; 3. Sensitive information leakage; 4. Unauthenticated vulnerability exploitation.
Accurate and reliable dedecms conversion tool evaluation report
Mar 12, 2024 pm 07:03 PM
Accurate and reliable dedecms conversion tool evaluation report With the rapid development of the Internet era, website construction has become one of the necessary tools for many companies and individuals. In website construction, using a content management system (CMS) can manage website content and functions more conveniently and efficiently. Among them, dedecms, as a well-known CMS system, is widely used in various website construction projects. However, sometimes we are faced with the need to convert the dedecms website to other formats, in which case we need to use a conversion tool
How does dedecms implement template replacement?
Apr 16, 2024 pm 12:21 PM
To implement template replacement in DedecMS, you need to perform the following steps: Determine the template file to be replaced. Common files include index.htm, list.htm and show.htm. Create a new template file, retaining the DedecMS markup. Upload the new template file, overwriting the original file. clear cache. Refresh the site to see the changes.
