How to set restrictions on DEDECMS execution of php scripts

How to set restrictions on DEDECMS execution of php scripts?

dedecms is a very good CMS program, and the latest version is 5.7. After many versions of upgrades and feature additions, dedecms still has many problems. This is not to say that DEDECMS is not good. Relatively speaking, dede is very good, simple and easy to use, and has benefited many small and medium-sized webmasters.

Recommended study: 梦Weavercms

I haven’t updated my blog for a long time, and today I want to talk about DEDECMS security settings. Friends who use dedecms must have encountered the website being hacked. Either a lot of links are added to each page or malicious redirects are added to the js.

A brief discussion on DEDECMS security settings:

1. Use the pure PHP space of the Linux host as much as possible. If the Windows host can run ASP, there will be more dangers.

2. Do not use admin as the username for backend login management. You can change it to something else.

3. The data/common.inc.php file attribute (Linux/Unix) is set to 644 or (Windows NT) is set to read-only.

4. Limit the execution of PHP scripts for the uploads, data, and templets directories.

5. Do not install templates from unknown sources or other files that need to be uploaded to FTP. You must first install anti-virus and then install.

6. Use the latest version of the program. Even if it is not the latest, you must always pay attention to the official patches and apply them in time.

7. It is best not to use the membership system if you can. You can directly delete the member folder and close the membership function in the background. If you really want to use it, you must set whether to allow members to upload non-image attachments. Set it to No to strictly limit users because there are many spam registration machines that register many user names a day. (Recommended by tourists: Delete the member membership folder without using the membership system)

Virtual host/space configuration directory execution php script restriction method: two setting methods of Apache environment and nginx environment

For uploads, The three directories of data and templets are restricted for executing PHP scripts. Even if Trojan files are uploaded to these folders, they will not be able to run, so this step is very important and must be set.

Before configuring, you need to confirm whether your space supports .htaccess and rewrite. This method is based on using rewrite in the .htaccess file to prevent the specified script from running.

The contents of the Apache environment rules are as follows: Apache executes php script restrictions. Add these rules to the .htaccess file

The code is as follows:

RewriteEngine on RewriteCond % !^$ 
RewriteRule uploads/(.*).(php)$ – [F] 
RewriteRule data/(.*).(php)$ – [F] 
RewriteRule templets/(.*).(php)$ –[F]

nginx environment rules contents are as follows: nginx execution PHP script restrictions

One disadvantage of LNMP is that it is not as good as Apache in setting directory permissions. Sometimes website programs have upload vulnerabilities or pathinfo-like vulnerabilities, which lead to PHP Trojans being uploaded, which brings greater harm to the website and server. Danger. It is recommended to remove the PHP permissions from the website directory. When accessing the PHP files in the upload directory, a 403 error will be returned.

First edit the virtual host configuration of nginx, and add the following content in front of the location statement of fastcgi:

The code is as follows:

location ~ /(data|uploads|templets)/.*\.(php|php5)?$ { 
deny all; 
}

Okay, that’s it, After doing this, there shouldn’t be any problems and it’s basically enough! It is recommended that friends who use dedecms take some time to set it up.

The above is the detailed content of How to set restrictions on DEDECMS execution of php scripts. For more information, please follow other related articles on the PHP Chinese website!