• <bdo id='1NlOB'></bdo><ul id='1NlOB'></ul>
  • <legend id='1NlOB'><style id='1NlOB'><dir id='1NlOB'><q id='1NlOB'></q></dir></style></legend>
    <i id='1NlOB'><tr id='1NlOB'><dt id='1NlOB'><q id='1NlOB'><span id='1NlOB'><b id='1NlOB'><form id='1NlOB'><ins id='1NlOB'></ins><ul id='1NlOB'></ul><sub id='1NlOB'></sub></form><legend id='1NlOB'></legend><bdo id='1NlOB'><pre id='1NlOB'><center id='1NlOB'></center></pre></bdo></b><th id='1NlOB'></th></span></q></dt></tr></i><div id='1NlOB'><tfoot id='1NlOB'></tfoot><dl id='1NlOB'><fieldset id='1NlOB'></fieldset></dl></div>

    <small id='1NlOB'></small><noframes id='1NlOB'>

        <tfoot id='1NlOB'></tfoot>
      1. 您在开源 cms 安装中添加了哪些额外的证券?

        时间:2023-10-16

          <small id='7nwrh'></small><noframes id='7nwrh'>

            <i id='7nwrh'><tr id='7nwrh'><dt id='7nwrh'><q id='7nwrh'><span id='7nwrh'><b id='7nwrh'><form id='7nwrh'><ins id='7nwrh'></ins><ul id='7nwrh'></ul><sub id='7nwrh'></sub></form><legend id='7nwrh'></legend><bdo id='7nwrh'><pre id='7nwrh'><center id='7nwrh'></center></pre></bdo></b><th id='7nwrh'></th></span></q></dt></tr></i><div id='7nwrh'><tfoot id='7nwrh'></tfoot><dl id='7nwrh'><fieldset id='7nwrh'></fieldset></dl></div>

            <legend id='7nwrh'><style id='7nwrh'><dir id='7nwrh'><q id='7nwrh'></q></dir></style></legend>
              • <bdo id='7nwrh'></bdo><ul id='7nwrh'></ul>
                • <tfoot id='7nwrh'></tfoot>
                    <tbody id='7nwrh'></tbody>

                  本文介绍了您在开源 cms 安装中添加了哪些额外的证券?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着跟版网的小编来一起学习吧!

                  问题描述

                  I know that being open source does not necessarily makes a program more/less secure than closed source (let's assume this neutrality, to keep flames out of this post). Fact is: since the source code is open, everybody knows your defaults urls, default administrator logins, etc.

                  I'm using Wordpress and Joomla in some projects of my clients, and I always try to create some kind of additional security. Excluding always updating your files to latest version, what do you usually do to add more security in this scenario? Some of my thoughts:

                  • I always change the "admin" name when applicable;

                  • I would like to don't explicity say which technologies I'm using, but since I want to promote the cms (I think is the minimal I should do), I just don't say the exact version so attackers don't know which exact vulnerabilities they can attack (wordpress automatically creates a meta tag in html saying "Wordpress 2.8.4" for example);

                  • Set correct permissions in directories, and bash scripts in my server that run everyday at 0h setting 755 to directories I may have changed to 775 during the day and forgot to turn back;

                  • When applicable, I set apache configuration to limit ips.

                  What else should I try to do? What "out of the box" solutions do you usually do to your installations?

                  解决方案

                  Using something like the mod_security or mod_evasive Apache's modules can be an idea too -- I suppose they require some configuration, though ; and you should test you website still works OK before using those on your production server.
                  As they are Apache's modules, it also requires you can install new Apache's module -- which means you have to be admin of the server.


                  On a pure PHP-level, there is a tool called PHP-IDS ; quoting its website :

                  PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to. Based on a set of approved and heavily tested filter rules any attack is given a numerical impact rating which makes it easy to decide what kind of action should follow the hacking attempt. This could range from simple logging to sending out an emergency mail to the development team, displaying a warning message for the attacker or even ending the user’s session.

                  I suppose you could "plug" it in front of the CMS you are using, by adding a couple of lines to its entry point -- if there is a common entry point you can identify, or some file that's included once at the beginning of each page.
                  There is a "How to use it in my application?" entry in the FAQ.


                  And, like you said, securing your server is nice : no remote SQL access, for instance ; checking the provileges of each user on the system, too ; keeping your software up to date, ...

                  这篇关于您在开源 cms 安装中添加了哪些额外的证券?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持跟版网!

                  上一篇:仅为特定的 Joomla 用户组加载 css 样式 下一篇:Joomla 到静态 HTML 网站

                  相关文章

                    <bdo id='KCVKz'></bdo><ul id='KCVKz'></ul>
                • <legend id='KCVKz'><style id='KCVKz'><dir id='KCVKz'><q id='KCVKz'></q></dir></style></legend><tfoot id='KCVKz'></tfoot>

                  <small id='KCVKz'></small><noframes id='KCVKz'>

                  1. <i id='KCVKz'><tr id='KCVKz'><dt id='KCVKz'><q id='KCVKz'><span id='KCVKz'><b id='KCVKz'><form id='KCVKz'><ins id='KCVKz'></ins><ul id='KCVKz'></ul><sub id='KCVKz'></sub></form><legend id='KCVKz'></legend><bdo id='KCVKz'><pre id='KCVKz'><center id='KCVKz'></center></pre></bdo></b><th id='KCVKz'></th></span></q></dt></tr></i><div id='KCVKz'><tfoot id='KCVKz'></tfoot><dl id='KCVKz'><fieldset id='KCVKz'></fieldset></dl></div>