What should I do if Dedecms is often cheated?
What should I do if Dedecms is often cheated?
Dedicated to webmaster friends who are often cheated, please Be careful at every step to prevent horse hanging
Recommended study:梦Weavercms
As in the title:
I often see some friends say "DEDECMS There is a security issue with the program, and my website has been hacked again."
I think there should be no problem with DedeCms. According to the source code of dede's user form, it is filtered
There are so many users of dedecms. If there is a security vulnerability, I'm afraid it won't be just a few friends who use it.
The following are SQL injection methods commonly used by hackers and things that everyone should pay attention to
1.. Use tools, use hacker tools to check the vulnerabilities of your website~Of course Don’t abuse it. Just use some hacking software that injects SQL to check your website (such as D injector, etc., I have used them all, and I have not found any loopholes or places where Dede can be hacked. If you don’t believe me, you can also test it. Of course, just because I don’t know doesn’t mean there isn’t one, but you should also know how many friends use dede. If there is a vulnerability that is easy to be caught, the number of websites that will be hung up will probably be terrifying)
2 .The backend address must be changed. Do not use the DEDE folder as your backend. Some friends don’t even know that the Dede backend folder can be renamed! ?
3. It is best to add a verification code in the background. Although it is a bit troublesome, it can prevent many small hackers from using social engineering to crack your website (I have tried it, many friends’ passwords are often Mobile phone number, domain name, QQ, etc.)
4. If you add fields to your website (such as requiring users to enter their birthday when applying, etc.) to filter, don't push your own problems to DEDE. (It is recommended that friends with certain PHP skills modify it. In order to achieve the function, it is not as simple as adding a form in the foreground and adding a publishing form in the background and then adding database fields. To prevent XSS attacks, you must pay attention to adding htmlspecialchars, mysql_escape_string())
5. There are also many friends who use some small programs in their own space to add functions (I also used those programs and forgot to delete them, but they were blocked), such as: photo albums, registration and other programs, The authors of these programs are all unknown, and their programs basically have certain risks. Some hackers can take advantage of this and upload the blackeyes pony (that is, a Trojan) to gain the right to use your virtual space, and then Just use tools to mount horses in batches.
6. Don’t ignore the risks of IDC server providers. Let me tell you, for hackers, in order to hack your site, they often choose side injection instead of point-to-point cracking. The only way is to crack other websites on the same server as yours. Don’t believe it. It is very easy for others to know who your website’s neighbors are (go to this website to check all the websites under the same IP by yourself, just enter your IP address. https://www.xx.net), it is also very easy to crack other users on the same server and make you hang up (I have used this method to hang up other people's websites). For some good servers that are strong enough to handle this restriction, this problem will not occur.
7. Also, it is best to strictly control the user upload column you enable. This is also critical. If the hacker does not crack your backend, it will be much more difficult to hang you because they need to Upload a horse-mounting tool. If you have been horse-mounted, remember to check whether your website allows uploading of files such as html.php.asp.
8. Always pay attention to the security patches officially released by Dede. I have studied several security patches released last time. Some vulnerabilities can be exploited by others due to dual reasons (Dede actually also pays attention to it. It can be seen that DEDE still pays attention to security issues. I remember that the member patch was released in January. In February, some hacker websites published articles about malware for websites that did not apply this patch. Some friends actually fell into the trap ~ I Very speechless, I hope everyone will pay attention to the official security patches at any time)
9. Some friends often upload the files after winning the horse to this forum and hope that everyone can study together. I want to say "It won't work even if it is uploaded." There is a way to prevent it, because the JS or iframe is not the key. If you upload it, everyone can only crack the Trojan horse that encrypted the file." What others leave behind is just a purpose, not a tool.
10. Irresistible natural factors, such as a super top hacker trying to hack your website. I'm afraid that many things that are not faulty will have problems. Believe me, the hackers who hack your website are all rookies. Hackers and tool hackers, if you do the above, those hackers will not know what to do.
I didn’t want to post this at first, but I don’t know why I ended up writing so much!
The purpose of posting this article is just to hope that everyone can protect their websites and not to use bad words. !
If there are any latest vulnerabilities or other hacking methods, I will publish an article on dede as soon as possible~
I wish everyone good luck!
The above is the detailed content of What should I do if Dedecms is often cheated?. For more information, please follow other related articles on the PHP Chinese website!

Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Hot Tools

Notepad++7.3.1
Easy-to-use and free code editor

SublimeText3 Chinese version
Chinese version, very easy to use

Zend Studio 13.0.1
Powerful PHP integrated development environment

Dreamweaver CS6
Visual web development tools

SublimeText3 Mac version
God-level code editing software (SublimeText3)

Hot Topics

Empire CMS template download location: Official template download: https://www.phome.net/template/ Third-party template website: https://www.dedecms.com/diy/https://www.0978.com.cn /https://www.jiaocheng.com/Installation method: Download template Unzip template Upload template Select template

Template replacement can be implemented in Dedecms through the following steps: modify the global.cfg file and set the required language pack. Modify the taglib.inc.php hook file and add support for language suffix template files. Create a new template file with a language suffix and modify the required content. Clear Dedecms cache.

How to upload local videos using Dedecms? Prepare the video file in a format that is supported by Dedecms. Log in to the Dedecms management backend and create a new video category. Upload video files on the video management page, fill in the relevant information and select the video category. To embed a video while editing an article, enter the file name of the uploaded video and adjust its dimensions.

Dedecms is an open source CMS that can be used to create various types of websites, including: news websites, blogs, e-commerce websites, forums and community websites, educational websites, portals, other types of websites (such as corporate websites, personal websites, photo album websites, video sharing website)

DedeCMS is an open source content management system that has some potential vulnerabilities and security risks: 1. SQL injection vulnerability. Attackers can perform unauthorized operations or obtain sensitive data by constructing malicious SQL query statements; 2. File Upload vulnerability, attackers can upload files containing malicious code to the server to execute arbitrary code or obtain server permissions; 3. Sensitive information leakage; 4. Unauthenticated vulnerability exploitation.

Dedecms is an open source Chinese CMS system that provides content management, template system and security protection. The specific usage includes the following steps: 1. Install Dedecms. 2. Configure the database. 3. Log in to the management interface. 4. Create content. 5. Set up the template. 6. Manage users. 7. Maintain the system.

To implement template replacement in DedecMS, you need to perform the following steps: Determine the template file to be replaced. Common files include index.htm, list.htm and show.htm. Create a new template file, retaining the DedecMS markup. Upload the new template file, overwriting the original file. clear cache. Refresh the site to see the changes.

Accurate and reliable dedecms conversion tool evaluation report With the rapid development of the Internet era, website construction has become one of the necessary tools for many companies and individuals. In website construction, using a content management system (CMS) can manage website content and functions more conveniently and efficiently. Among them, dedecms, as a well-known CMS system, is widely used in various website construction projects. However, sometimes we are faced with the need to convert the dedecms website to other formats, in which case we need to use a conversion tool
