Website security is a top priority for the webmaster

two days ago, my site was invaded. I found a PHP word trojan in the background directory folder, because normally I of website security is quite concerned. Immediately found the back door file, delete it immediately, fortunately the invasion did not cause any loss but, let me in the website security alarm sounded.


the first to talk about this website program, DEDECMS, as a webmaster believe that everyone is familiar with it, the source of my website HAOQQ.ME is used. This is an open-source program, anyone can download, anyone can use, some evil computer hackers found vulnerabilities in download research. And intrusion in the face of this website. As a webmaster to bad, site safety in mind. Here is my personal experience, talk about how to protect the safety of.


1. instant upgrade website security patches, hackers found vulnerabilities in the BUG master, disdain to attack individual station, invasion of the site is only released on the Internet with other exploits. White loopholes released to the Internet, the official website source code will be immediately updated patch, I there is no time to update the website program, leading some people took the opportunity to start, the background DEDECMS detection updates. If other web applications do not have this feature, often watching program.

dynamic website2.

modify the background directory, do not use the default background directory, for example what Dede, admin. and the like. Must change, change more complex. Even if some people use other techniques that your website account password, can not find the site background, and how.


3.robots.txt file, do not keep sensitive information inside the site, also don’t believe some people online false words, use what robots.txt what shielding spiders to crawl back catalog, database directory, site configuration files. Then robots.txt fully exposed site privacy, extremely dangerous.

4. backstage login password to strengthen, modify more complex, because the password format is encrypted MD5 password hacker. When injected into the blasting database, MD5 password close only to be added, as long as the original password more complex, with more than ten digit digital English character. The reverse crack is impossible. Let those who broke the exposure database hackers had to forget that back of no avail,.

5. database password, the password back, FTP password. The password never had a good memory as it is convenient, easy to use. When hackers social sites are all not good.


website security is not just these, we must always pay attention to, must not be taken lightly!


original article in: QQ net name Daquan, 2013, the latest edition ( >

Leave a comment

Your email address will not be published.