Here I will summarize some small experiences on using the safety of Kesun system:
1. Delete the file
After the website is installed successfully, be sure to delete the file (very important).
2. Modify the database name in time
Since the database that Kexun comes with is ks_database.mdb in the ks_data directory, if you do not rename it, your database may be downloaded by people who understand Kexun's structure at any time, resulting in the password of the backend user being cracked, etc. The solution is to change the database in a timely manner. Change the database to a name that is hard to guess and change the database extension to .asp, etc.
3. Set the background login authentication code
The purpose of the authentication code is to be unable to log in to the background when someone knows your background username and password but does not know the authentication code. The default authentication code of Kexun is kesion2006. It is recommended that you open the admin directory in time to set it. The specific location is as follows:
Const EnableSiteManageCode = True 'Whether the background management authentication code is enabled Yes: True No: False
Const SiteManageCode = "kesion2006" 'Background management authentication code, please modify it, so that even if someone knows your background username and password, you cannot log in to the background.
4. Modify the management path of the background
The default background files of Kexun are all in the admin directory, so as not to guess for friends with bad intentions. You can change the name of the directory, such as changing it to manage, etc. After the modification, just log in to the background to set the directory. The following are system settings->Basic information settings->Catalogue options, and change admin/ to your name and save it.
|
Website backend directory:
|
|
|
Template file directory:
|
The "/" symbol must be included afterwards |
5. Try not to give members too much upload permission
The membership system of Kexun 3.0 has been greatly improved, and each member uploads a separate directory. The system will allocate 2M storage space per member by default. You can make detailed settings in the background. In particular, you should be careful when setting the types that are allowed to upload. Never allow files with extensions such as .asp, .aspx, .php, etc. to upload. If users are not allowed to upload any files, they can set the allocated storage space to 0. Specific steps: System Settings -> Basic Information Settings -> Member Options. The size of the member available is set to 0 in the figure below. Uploading is not allowed.
|
SMS settings within the member site:
|
The maximum capacity isThe maximum number of characters in the text messageCharacters: Count of people with mass sendingpeople |
|
The size of available space for members:
|
KB Tip: 1 KB = 1024 Byte, 1 MB = 1024 KB |
6. Do a good job in server security.