当前位置:网站首页>Zhimeng dedecms security setup Guide

Zhimeng dedecms security setup Guide

2022-04-23 16:46:00 Flower less venerable

Many friends who installed dream weaving , I'm worried about the safety of Zhimeng , Often encounter hanging horses , Being linked to the dark chain and other things , Dream weaving cat has also encountered , Search through Baidu , Summed up some ways to improve the safety of weaving dream , The following settings can significantly improve the security of weaving dream .

It is recommended to install Zhimeng safety assistant

One 、 The basic chapter (60 branch )

Just complete the setting of the basic chapter , So congratulations , Your dream weaving safety has passed , contrary , If you don't follow the basics , So your website is in jeopardy .

1 Delete unnecessary directories

After the installation of weaving dream , Need to delete now install Catalog , If you don't need to use members 、 project (99% No user can use ), You can delete member、special Catalog .

2 Delete unnecessary files

plus It is suggested to keep only the following documents :ad_js.php,count.php,list.php,search.php,view.php, The rest are deleted .

plus The file functions in the folder are shown in the following table , If not used, you can delete .

file name

The document states

Suggest

guestbook Folder

Message board

Delete

img Folder

picture

Delete

task Folder

Planning tasks

Delete

ad_js.php

Call advertisement , If your advertisement is not through the background “ Advertising management ” Set up , You can delete the file

Retain

advancedsearch.php、heightsearch.php

Advanced search , It's usually only used for search.php

Delete

arcmulti.php

Asynchronously calls the specified tag list , In less than , Delete it

Delete

bookfeedback.php、bookfeedback_js.php

Book reviews and review call files , There is an injection vulnerability , unsafe

Delete

car.php、posttocar.php、carbuyaction.php

The shopping cart

Delete

comments_frame.php

Call comment , Security breach ( Now generally use third-party comments , No longer use the comments brought by Zhimeng )

Delete

count.php

Count the number of articles read

Retain

digg_ajax.php、digg_frame.php

The top step function of the article

Delete

disdls.php、download.php

Download statistics 、 Download function

Delete

diy.php

Custom forms

Retain

erraddsave.php

Correction of the article

Delete

feedback.php、feedback_ajax.php、feedback_js.php

Comment related functions

Delete

flink.php、flink_add.php

link 、 Add links ( It is suggested to delete , Otherwise, it is easy to expose the template path )

Delete

freelist.php

Free list

Delete

guestbook.php

Leaving a message.

Delete

list.php

Dynamically browse the column page

Retain

mytag_js.php

Custom tag js Call mode ( If you don't use the custom macro tag in the background , Please delete )

Delete

qrcode.php

Generate qr code

Delete

recommend.php

Information recommendation

Delete

rss.php

RSS List of pp.

Delete

search.php

Search for

Retain

showphoto.php

Show big picture ( The atlas model will use )

Delete

stow.php

Collect articles

Delete

view.php

Browse articles dynamically

Retain

vote.php

vote

Delete

3 Modify the default background folder name

The default background is through the domain name /dede visit , Please change it to another name , The harder it is to guess, the better , You can use English + In the form of numbers . The modification method is to rename directly dede Just the name of the folder .

4 Create a new administrator account in the background , Delete default admin user

4.1 Create a new administrator account


Click System -> System user management -> Add Administrator , Fill in the login account, password and other information , User group selection ‘ Super administrator ’

4.2 Delete default admin user

Click System ->SQL Command line tools , function SQL command :delete from dede_admin where id = 1;

5 transfer data Directory to web Out of catalog

data There are serious security risks in the directory , It is necessary to data Move the directory outside the site directory . See this article for specific migration methods : domain name .com/study/78.html

There is really no condition to migrate to students outside the station , Please also be sure to data Change the name of the directory .




版权声明
本文为[Flower less venerable]所创,转载请带上原文链接,感谢
https://yzsam.com/2022/04/202204231640530441.html