Keep your website away from Trojan horses

When I was in

is very sensible, my website at the end of the day is trojan rampant, so I become desperate, go 1 years hackers, a year down the capture of the website also have too many. But I don’t do bad things, because I am also webmaster, I know what the webmaster love.

recently saw some of my friends say "there are security problems of the DEDE program, my website is linked to the horse." but I think the Dede should be no problem, according to the user to view the Dede form of the source, there is a filter. With Dede users so much, if there is a security breach, I’m afraid it won’t be just a few friends.

below is the hacker commonly used SQL injection means and we should pay attention to things

1 tools, using hacker tools to check your website vulnerabilities ~ ~ of course don’t abuse can use some SQL into the hacker software to check your site (such as ah D injector and so on, I have used the Dede found no loopholes can be hanging yards, do not believe you can go of course, I don’t know nothing, but you should also know that the use of Dede friends how much, if there are easily caught holes, to be linked to the number of sites would be horrible)

2 background address must change, don’t use DEDE this folder to do your background, some friends even don’t know Dede this backstage folder can be renamed

3 plus the best background verification code, although in trouble, but can avoid many small hackers use social engineering to crack your website (and I have tried a lot of friends, the password is often a mobile phone number, domain name, QQ and


4, if you add a field to your site (such as asking users for applications, entering birthdays, etc.) to filter, don’t push your own questions to DEDE’s head. (there are some PHP friends to modify, in order to achieve the function is not a simple increase in the foreground background form publishing form and then increase the database field so simple, it is necessary to pay attention to prevent XSS attacks increased by htmlspecialchars, mysql_escape_string (


5 there are a lot of friends in your own space in order to increase the function of using some small programs (those programs I have used forget to delete the results, hanging yards) such as: album, such as registration procedures, the authors of these programs are not known, they will have a certain procedure risk basically, some hackers could use this upload blackeyes (that is, pony Trojan) get you the right to use the virtual space, and then with the tools of mass horse.

Don’t ignore the risk IDC

6 server’s Oh, I told you ~ ~ for hackers to hang your station, often use not to point the crack, and the choice method of side into, their approach is to break with you.