previously on DEDE’s website also saw an article like this! But I personally think that writing is not very full! So in this way for rookie webmaster! Look! Veteran across
personal webmaster hacking is divided into the following steps:
one. Program problem!
and the program is divided into congenital and acquired
is the program itself inherent vulnerability! Don’t say that under what is the latest version of the official! No loopholes ah, so it’s safe! In fact what procedures are not without loopholes, but now is not found! Especially to write their own procedures can be said that the program itself loophole Its loopholes appeared one after another.! General injection vulnerability, upload loopholes, Mancang and so on! There are some other plug-in vulnerabilities and small program vulnerabilities such as EWEBEDITOR vulnerability editor! Ah, photo album, message board and so on, these programs generally have a great risk, it is easy to be used by hackers to
is the official download the latest version of the system or CMS! To simplify some unnecessary procedures! For some unnecessary functions, such as upload and do strict restrictions! Use a tool to check your site if there are vulnerabilities such as
program has acquired the template or source who are inserted into the malicious code or the back door, at the end of the day you do website has actually been in
for others to do the wedding dress!
protection measures: you need source code, go to the more famous download station or Forum Download source code, download the ability to check their own, whether it has a back door, feeling safe before uploading,
two. Its configuration problem,
configuration, we should pay attention to the following points!
!The database path
1 default! One thing now is love many hackers do is the default database from the database address to get the site administrator account password! Especially for the forum! Know username and password to get the entire forum management authority! But now many people have a misunderstanding, think the database into a ASP suffix on the line but know the route using the download software to save the file into a MDB suffix can also download the
modify the default path, the more complex the better, the database anti download, set
2, default backend!
Now a lot of access
database injection vulnerabilities are a can the background of your account and password! Hackers get account password input default background address is very easy to get permission from your website! Don’t get permission to invade
protection: modify the default background, even if the current use of the latest leakage!