What are the security details in Dedecms

#What are the security details in Dedecms?

With the popularity of CMS, more and more netizens have begun to join the industry of personal webmasters. Perhaps many netizens think that as long as they buy a domain name, rent a space, and then resolve the domain name , and then FTP uploads the program. After the program is installed, you can publish content. After publishing content, you start to make external links everywhere. Once you make external links, you are a real webmaster.

Recommended study: 梦Weavercms

But, is it really that simple to be a webmaster? For most webmasters, Dedecms is a very convenient open source CMS. Because of the large number of people using it, the security of Dedecms has been criticized. Not only websites using Dedecms are vulnerable to attacks, but even DreamWeaver's The official website often cannot be opened, which can be said to be a typical example of a big tree attracting the wind. However, even so, there are still many netizens who support it. After all, it is very easy to use, and even a novice can learn to operate it in a short time; but if you really like dedecms, then you should pay attention to the following seven points during use Safety issues that are easily overlooked.

1. Download and use other people’s templates

One of the important reasons why Dedecms is popular is that there are many templates and the templates are very beautiful. Many netizens directly download the official program. , and then find a template to apply it, so that you can complete a lot of websites. However, when downloading a template, it is best to check whether there are black links or other advertising codes on the template, which may affect website security.

2. There is no restriction on folder script running

This is the official suggestion, because dedecms is very vulnerable to attacks. If a file is accidentally uploaded, if your folder has a restriction script If you have permission to run, these files still cannot be run. Currently, the uploads, data, and templets directories are prohibited from running PHP files, and common.inc.php must be set to read-only.

3. Failure to upgrade patches or versions in time

No matter what open source program it is, there will be different versions. Currently, the most popular version of dedecms is 5.6 or 5.7, but the previous version will still be updated. Vulnerability patches; if you use dedecms to build a website, you need to upgrade the patches in the background from time to time. This is the same as using a Windows system. Without patches, security cannot be guaranteed. No matter how busy you are, you have to upgrade the patches in the background.

4. There is no restriction on file formats uploaded by members

Dedecms is still very powerful. It can not only be a content website, but also a community, support submission, and support the addition of forum data; however, , because it involves registered members’ submissions, etc., then special attention must be paid to the format of files uploaded by members, and the attachments and images allowed to be uploaded must be clearly set in the background. Many vulnerabilities are exploited by members uploading files.

5. The administrator account and nickname have not been modified

The Dedecms administrator account is admin, and the default administrator nickname is also admin. The nickname here is the publisher displayed when publishing an article. In order to avoid the leakage of the administrator account, the nickname must be modified. The nickname can be modified in the account management. It is recommended to change it to Chinese. As for the administrator account, it should be modified in the database to prevent others from violently breaking the password of the known account.

6. Do not modify the background address or write robots.txt

If you use this type of CMS with a background, you must modify the background address and patch modifications at the same time; however, many novices It was speculated that the search engine might include the backend address, so the backend directory was prohibited from being included in robots.txt. This would instead leave the place empty, allowing those with good intentions to take advantage of it. How to write robots.txt can refer to the webmaster website.

7. If there is a problem with the website, it is easy to provide the backend

As a webmaster, you will more or less encounter the problem of website revision or website poisoning. When encountering such problems, it is inevitable If you want to find someone to solve the problem, there are many people on the forum who specialize in solving this kind of problem. However, these people are both good and bad. Many people directly say that they can solve the problem after going to QQ, and then ask for the backend address and password. This At this time, the webmaster must not get excited and check the other party's information first. Many dishonest people can easily control your website to add black links or potential loopholes at this time.

No matter how other CMS promotes security and stability, it still cannot stop the majority of webmasters from using dedecms. After all, it is simple. Ease of use is king, but don’t forget these when it is convenient. It’s easy to worry about the safety of clothing.

The above is the detailed content of What are the security details in Dedecms. For more information, please follow other related articles on the PHP Chinese website!