How dedecms solves DDOS horse-mounting vulnerability

How does dedecms solve the DDOS mounting vulnerability?

Dedecms is a well-known PHP open source system in China, and it is also the first choice CMS system for many webmasters to build websites. Its simplicity and ease of use is a major reason for its widespread practicality, and it is precisely because of the open source of dedecms that it has also led to Many hackers have focused on this program, so they have successively researched many dedecms vulnerabilities. As a result, quite a few dedecms websites have been suspended. Some have been warned by the computer room, and serious computer rooms have been forcibly shut down, resulting in huge losses. . Today we will do a more in-depth analysis of this problem and find a solution.

Recommended study: 梦Weavercms

Characteristics of the hooked horse:

Open your own website homepage and you will find it by viewing the source code Many black link codes have been added to your website. The black link code is the simplest and easiest for webmasters to see. It is nothing more than the code for friendly links.

Another characteristic is that when you open a website, you will be prompted by 360 Security that the website has the risk of malware. This type of malware code is usually a frame code or a js code or an image code. Another characteristic is that the website It will suddenly fail to open or open slowly. If you check the traffic, you will find that it takes up a lot of traffic. This means that the traffic is sent out, which is also called a UDP traffic packet attack. The above are the general characteristics of dedecms being hacked. Let’s talk about some practical solutions and preventive measures for website being hacked.

First download the code of the website program to your local computer, use the sinesafe Trojan removal tool to check it, and find that there are many script Trojans in the data/cache/ directory. When you open the Trojan script, you find some unknown PHP codes. , put the code into the sinesafe Trojan tool and conducted an in-depth analysis and found the characteristics of the Trojan. The code is as follows:

The code is as follows:

<?php
set_time_limit(984918);
$host = $_GET[&#39;host&#39;];
$port = $_GET[&#39;port&#39;];
$exec_time = $_GET[&#39;time&#39;];
$Sendlen = 65535;
$packets = 0;
}
echo "================================================
";
echo " <font color=blue>www.phpddos.com
";
echo " SYN Flood 模块
";
echo " 作者：ybhacker
";
echo " 警告：本程序带有攻击性,仅供安全研究与教学之用,风险自负!</font>
";
echo "================================================
";
echo " 攻击包总数：<font color=Red><span class=\"text\">".$packets." 个数据包</span>
</font>";
echo " 攻击总流量：<font color=Red><span class=\"text\">".round(($packets*65*8)/(1024*1024),2)." Mbps</span>
</font>";
echo " 攻击总字节：<font color=Red><span class=\"text\">".time(&#39;h:i:s&#39;)." 字节</span>
</font>";
echo "Packet complete at ".time(&#39;h:i:s&#39;)." with $packets (" .round(($packets*65*8)/(1024*1024),2). " Mbps) packets averaging ". round($packets/$exec_time, 2) . " packets/s \n";
?>

I found on the Internet that this is a php script for UDP traffic attack Trojan horse, this Trojan horse can achieve the effect of DDoS traffic attack by running with the permission of website script. No server permissions are required. Only then did I understand why the computer room said that my website was always outsourcing. Websites running this script would open slowly, including my website. Now that you have found the problem, you need to solve it quickly. Click Clear Trojan Code to clear it all at once. There are no unfamiliar file names in the Data/cache/ directory. Finally, in order to cure this "stubborn disease", we summarized several solutions and preventive measures:

1. Security settings of the dedecms directory: data/cache/ templets uploads directory settings are readable and writable, but not executable. Include, member, and plus set readable, executable, and non-writable permissions. Since dedecms does not use stored procedures anywhere, you can disable FILE, EXECUTE, and other permissions to perform stored procedures or file operations.

　2. Website program security: This is also the most fundamental precaution. If it is a virtual space, it is recommended to find a professional to do website security maintenance to ensure the safety of the website program. Only a safe website can bring safe and stable customers. source.

　3. Program update: Open the dedecms background to see if there are any updated patches. If so, please update and patch them in time. If your version is very old, I recommend reinstalling the new version because The new versions are relatively safe and are different from the old versions in many places.

4. Backend management directory: dedecms The backend management directory generally defaults to dedecms. Many webmasters never care about this backend address. I am very responsible to tell you that if the managed directory address is the default, you will be hung up. The probability of horse is 0. It is recommended to change the name of the directory to a name that is a combination of numbers and letters.

　5.FTP website management password: It is recommended to change FTP passwords and website management passwords frequently, because many hackers are using brute force to crack passwords, and make the passwords as complex as possible with special symbols and letters.

The above is the detailed content of How dedecms solves DDOS horse-mounting vulnerability. For more information, please follow other related articles on the PHP Chinese website!