Pineapple Pavilion ZBLOGCN .COM

Official Z-Blog Blog

Little sunspot is ready to move. Have you protected yourself? 🔧😈💪

 QQ Picture 20230708123522.jpg

Recently, we have received feedback from many users that trojan files appear in the website directory. After checking through logs and other channels, we found that most of the passwords were maliciously rotated out because they were too simple, leading to the website being opened in the background and stored in trojan files. After we found this problem, we immediately took corresponding measures:

  1. Improve the Z-BlogPHP login mechanism (increase the CSRF Token verification and login verification code), increase the difficulty of password cracking into the background, and improve the login security;

  2. Improve the upload mechanism of developers' applications and improve the security of developers' uploaded applications.

In addition, we recommend users to do the following to protect the security of their websites:

  1. Update to the latest version of Z-BlogPHP as soon as possible 1.7.3.3260 And above, open the website login verification code;

  2. install Token Logger Plug in, enable administrator login two-step verification;

  3. Improve password complexity, and do not use common passwords that are easy to guess;

  4. Check the website directory, check whether there are unknown files, and delete potential viruses in a timely manner;

  5. Enable the "security mode" of the application center client to enhance security;

  6. Refuse to install Z-BlogPHP applications from unknown sources. It is recommended to Official Application Center Get apps.

Improving the security of the website is the goal we have been striving for. In the future, we will make further improvements in program security. Please wait and see.

Powered By Z-BlogPHP 1.7.3

ZBLOGCN.COM All rights reserved E ICP B No. 19031813 - 6 Shoot the clouds again Provide CDN and cloud storage services

It is strictly prohibited to use Z-BLOG to engage in any illegal activities, and illegal websites are prohibited to use Z-BLOG and related procedures| Illegal and Bad Information Reporting Center