one Zblog installation graphic tutorial, with download and use tutorial of zblog theme 3.13 W two How does zblog modify the SEO title of the website article page 1.71 W three How does zblog delete the module created by the plug-in in module management 1.42 W four Zblog calls a tutorial of the latest classified article 1.74 W five What if the domain name of the fixed website of zblog cannot log in to the background? 1.82 W six What to do if zblog template is incompatible with SEO plug-in 2.33 W seven Pagoda server panel cannot add domain name, website access error 1.7 W
traditional Chinese character
register Sign in

To avoid scanning the website, please update zblogPHP to 1.7.3.3260 in time and enable two-step login

Li Yang's Blog 2023-07-13 2.59 K Reading 0 Comments

Tips: This article has exceeded three hundred and twenty No update in days, please note whether relevant content is still available!

the near future, ZBP officials received feedback from many users, saying that trojan files appeared in the website directory. After checking through logs and other channels, it was found that most passwords were too simple and were maliciously rotated out, leading to the website being opened in the background and stored in trojan files. We also received similar problems, but we did not consider that the password was too simple. Of course, zbp's pot had to be carried away. At present, the official has updated the ZBP program version and fixed the following measures:

To avoid scanning the website, please update zblogPHP to 1.7.3.3260 in time and log in to the first page in two steps

Improve Z-BlogPHP login mechanism (add CSRF Token verification and login verification code) Cracking The difficulty of password entering the background improves the login security;

Improve the upload mechanism of developers' applications and improve the security of developers' uploaded applications.

In addition, we recommend users to do the following to protect the security of their websites:

Update to the latest version of Z-BlogPHP as soon as possible, and open the website login verification code;

Install Token Logger plug-in unit , enable administrator login two-step verification;

Improve password complexity, and do not use common passwords that are easy to guess;

Check the website directory, check whether there are unknown files, and delete potential viruses in a timely manner;

Enable the "security mode" of the application center client to enhance security;

We refuse to install Z-BlogPHP applications from unknown sources. It is recommended to obtain applications from the official application center.

Of course, we don't rule out the potential threats brought by using piracy and cracking themes and plug-ins. After all, it's no good to get up early. Otherwise, why do we give free theme plug-ins worth 100 yuan or only charge 10 yuan? Don't be penny wise and pound foolish. After all, data is priceless!

Z-BlogPHP officials have always been improving the security of the website, which is also their goal. In the future, they will make further improvements in program security. We will wait and see. After all, under the leadership of pig, ZBP's "good days are yet to come".

Article copyright notice: unless otherwise noted Lao Li's Notes For original articles, reprints or copies, please use hyperlinks and indicate the source.

Related reading

Comment

Quick reply: expression:
Addoil Applause Badlaugh Bomb Coffee Fabulous Facepalm Feces Frown Heyha Insidious KeepFighting NoProb PigHead Shocked Sinistersmile Slap Social Sweat Tolaugh Watermelon Witty Wow Yeah Yellowdog
Comment List (No comment yet, two thousand five hundred and eighty-nine People around)

No comment yet, let me say something

cancel
WeChat QR code
WeChat QR code
Alipay QR code