is often linked to the horse to friend
I often see some of my friends say "there are security problems of the DEDE program, my site was linked to horse
I think Dede should have no problem, according to the user’s form to see Dede source code, are filtered
uses so many users of Dede, and if there is a security breach, I’m afraid it won’t be just a few friends.
below is the hacker commonly used SQL injection means and we should pay attention to things
1.. Tool, using hacker tools to check your website vulnerabilities ~ ~ of course don’t abuse can use some SQL into the hacker software to check your site (such as ah D injector and so on, I have used the Dede found no loopholes can be hanging yards, do not believe you can go of course, I don’t know nothing, but you should also know that the use of Dede friends how much, if there are easily caught holes, to be linked to the number of sites would be horrible)
2. background address must change, don’t use DEDE this folder to do your background, some friends even don’t know Dede this backstage folder can be renamed
3. plus the best background verification code, although in trouble, but can avoid many small hackers use social engineering to crack your website (and I have tried a lot of friends, the password is often a mobile phone number, domain name, QQ and
4., if you add a field to your site (such as asking users for applications, entering birthdays, etc.) to filter, don’t push your own questions to DEDE’s head. (there are some PHP friends to modify, in order to achieve the function is not a simple increase in the foreground background form publishing form and then increase the database field so simple, it is necessary to pay attention to prevent XSS attacks increased by htmlspecialchars, mysql_escape_string (
5. there are a lot of friends in your own space in order to increase the function of using some small programs (those programs I have used forget to delete the results, hanging yards) such as: album, such as registration procedures, the authors of these programs are not known, their programs will have a certain risk basically, some hackers could use this, upload blackeyes (Mu Ma), pony get you the right to use the virtual space, and then with the tools of mass horse.
Don’t ignore the risk IDC
6. server’s Oh, I told you ~ ~ for hackers to hang your station, often use not to point the crack, and the choice method of side into, other sites of their approach is to break with you on the same server, do not believe others do you know what the neighbors website easily into this website (very own check under the same IP the.