当前位置：网站首页>Zhimeng dedecms security setup Guide

Zhimeng dedecms security setup Guide

2022-04-23 16:46:00 【Flower less venerable】

Many friends who installed dream weaving , I'm worried about the safety of Zhimeng , Often encounter hanging horses , Being linked to the dark chain and other things , Dream weaving cat has also encountered , Search through Baidu , Summed up some ways to improve the safety of weaving dream , The following settings can significantly improve the security of weaving dream .

It is recommended to install Zhimeng safety assistant

One 、 The basic chapter （60 branch ）

Just complete the setting of the basic chapter , So congratulations , Your dream weaving safety has passed , contrary , If you don't follow the basics , So your website is in jeopardy .

1 Delete unnecessary directories

After the installation of weaving dream , Need to delete now install Catalog , If you don't need to use members 、 project （99% No user can use ）, You can delete member、special Catalog .

2 Delete unnecessary files

plus It is suggested to keep only the following documents ：ad_js.php,count.php,list.php,search.php,view.php, The rest are deleted .

plus The file functions in the folder are shown in the following table , If not used, you can delete .

file name	The document states	Suggest
guestbook Folder	Message board	Delete
img Folder	picture	Delete
task Folder	Planning tasks	Delete
ad_js.php	Call advertisement , If your advertisement is not through the background “ Advertising management ” Set up , You can delete the file	Retain
advancedsearch.php、heightsearch.php	Advanced search , It's usually only used for search.php	Delete
arcmulti.php	Asynchronously calls the specified tag list , In less than , Delete it	Delete
bookfeedback.php、bookfeedback_js.php	Book reviews and review call files , There is an injection vulnerability , unsafe	Delete
car.php、posttocar.php、carbuyaction.php	The shopping cart	Delete
comments_frame.php	Call comment , Security breach （ Now generally use third-party comments , No longer use the comments brought by Zhimeng ）	Delete
count.php	Count the number of articles read	Retain
digg_ajax.php、digg_frame.php	The top step function of the article	Delete
disdls.php、download.php	Download statistics 、 Download function	Delete
diy.php	Custom forms	Retain
erraddsave.php	Correction of the article	Delete
feedback.php、feedback_ajax.php、feedback_js.php	Comment related functions	Delete
flink.php、flink_add.php	link 、 Add links （ It is suggested to delete , Otherwise, it is easy to expose the template path ）	Delete
freelist.php	Free list	Delete
guestbook.php	Leaving a message.	Delete
list.php	Dynamically browse the column page	Retain
mytag_js.php	Custom tag js Call mode （ If you don't use the custom macro tag in the background , Please delete ）	Delete
qrcode.php	Generate qr code	Delete
recommend.php	Information recommendation	Delete
rss.php	RSS List of pp.	Delete
search.php	Search for	Retain
showphoto.php	Show big picture （ The atlas model will use ）	Delete
stow.php	Collect articles	Delete
view.php	Browse articles dynamically	Retain
vote.php	vote	Delete

3 Modify the default background folder name

The default background is through the domain name /dede visit , Please change it to another name , The harder it is to guess, the better , You can use English + In the form of numbers . The modification method is to rename directly dede Just the name of the folder .

4 Create a new administrator account in the background , Delete default admin user

4.1 Create a new administrator account

Click System -> System user management -> Add Administrator , Fill in the login account, password and other information , User group selection ‘ Super administrator ’

4.2 Delete default admin user

Click System ->SQL Command line tools , function SQL command ：delete from dede_admin where id = 1;

5 transfer data Directory to web Out of catalog

data There are serious security risks in the directory , It is necessary to data Move the directory outside the site directory . See this article for specific migration methods ： domain name .com/study/78.html

There is really no condition to migrate to students outside the station , Please also be sure to data Change the name of the directory .

版权声明
本文为[Flower less venerable]所创，转载请带上原文链接，感谢
https://yzsam.com/2022/04/202204231640530441.html