CN111967064A - Webpage tamper-proofing method and system - Google Patents
Webpage tamper-proofing method and system Download PDFInfo
- Publication number
- CN111967064A CN111967064A CN202010924432.7A CN202010924432A CN111967064A CN 111967064 A CN111967064 A CN 111967064A CN 202010924432 A CN202010924432 A CN 202010924432A CN 111967064 A CN111967064 A CN 111967064A
- Authority
- CN
- China
- Prior art keywords
- webpage
- file
- module
- tampered
- files
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 16
- 238000001514 detection method Methods 0.000 claims abstract description 21
- 238000007781 pre-processing Methods 0.000 claims abstract description 11
- 238000012986 modification Methods 0.000 claims abstract description 4
- 230000004048 modification Effects 0.000 claims abstract description 4
- 230000000694 effects Effects 0.000 description 3
- 230000002411 adverse Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 239000003086 colorant Substances 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/958—Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Databases & Information Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Bioethics (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Data Mining & Analysis (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a webpage tamper-proofing method and a webpage tamper-proofing system, which relate to the technical field of network security and comprise the following steps: acquiring a target webpage file; preprocessing a file, and converting the file into a fixed file; detecting whether the file is modified; if the modification is carried out, sending early warning information; automatically detecting whether the webpage contains illegal contents; and manually judging whether the webpage is tampered. In the scheme, the webpage file is preprocessed, so that the false alarm rate can be reduced, and the detection efficiency is improved; by means of the combination of automatic detection and manual judgment based on big data, the detection result is more accurate and reliable.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a webpage tamper-proofing method and a webpage tamper-proofing system.
Background
With the development of internet technology, the problems of website information maintenance and website protection are gradually highlighted. In various network security accidents, webpage tampering becomes a common website attack mode. Once a webpage is tampered and cannot be restored in time, the interests of website owners can be damaged, and even serious adverse effects can be brought to the whole society, especially, the tampering of websites with political colors in universities and governments can bring immeasurable negative effects to the society.
The traditional webpage tamper-resistant product deployed based on the application server needs to change the website publishing and updating processes, so that additional processes are added, inconvenience is brought to users, and the product is not suitable for large-scale deployment; in addition, the prior art focuses more on defending against known attack means, and if a hacker tampers with a webpage in an unknown way, the webpage is difficult to automatically discover and process in time.
Disclosure of Invention
The invention provides a webpage tamper-proofing method and a webpage tamper-proofing system, and relates to the technical field of network security. The method comprises the following steps: acquiring a target webpage file; preprocessing a file, and converting the file into a fixed file; detecting whether the file is modified; if the modification is carried out, sending early warning information; automatically detecting whether the webpage contains illegal contents; and manually judging whether the webpage is tampered. In the scheme, the webpage file is preprocessed, so that the false alarm rate can be reduced, and the detection efficiency is improved; by means of the combination of automatic detection and manual judgment based on big data, the detection result is more accurate and reliable.
In order to achieve the purpose, the invention provides the following technical scheme: a webpage tamper-proofing method comprises the following steps:
s1: and acquiring the file data of the target website in a polling mode, and storing the file data into a temporary directory.
S2: preprocessing the collected webpage files, and converting the dynamically changed webpage files into fixed files through regular replacement.
S3: and calculating the check value of each file by using a hash function, and comparing the check value with the original check value if the original check value exists in the file.
S4: and if the matching is unsuccessful, the file is considered to be modified, and real-time early warning information is sent to a website administrator in a mode of free-check short messages, mails and WeChat.
S5: and scanning the content of the text webpage file based on the cloud characteristic library, and searching whether the file contains illegal contents such as black words, black chains and the like.
S6: and if the webpage is illegally tampered, executing a corresponding strategy according to the tampering behavior danger level.
S7: if illegal contents are not found, the website administrator further judges whether the webpage is tampered by means of online text comparison, webpage snapshot and external link viewing.
S8: if tampered, step 6 is performed.
S9: and if the modification is authorized, updating the check value of the corresponding webpage file.
According to another aspect of the invention, a webpage tamper-proofing system is provided, which comprises an acquisition module, a preprocessing module, a detection module, a comparison module and an alarm module;
the acquisition module is used for acquiring target website data to be protected and performing the acquisition in a polling mode;
the preprocessing module is used for converting the dynamic webpage file into a fixed file so as to reduce the false alarm rate of automatic detection and improve the detection efficiency.
The detection module is used for automatically judging whether the webpage file is modified or not and whether illegal contents such as black words, black chains and the like are contained or not by the system;
the comparison module is used for manually judging whether the webpage is tampered, and providing modes such as webpage snapshot, online text comparison, external link check and the like;
and the alarm module is used for sending early warning information to a website administrator.
Compared with the prior art, the invention has the beneficial effects that:
1. the method does not need to make any adjustment on the existing network architecture, does not need to install additional software on the web server, increases the burden of the server, and is very convenient to use and deploy.
2. The traditional webpage tamper-resistant software deployed based on the application server is easy to become a hacking object, and once the software is attacked and closed, the protection effect is lost. The method is not deployed locally, and the situation can be effectively avoided.
3. According to the method, the files are preprocessed before the check values of the files are generated, namely, the dynamically changed webpage files are converted into the fixed files, and the problems that the dynamic webpages cannot be processed and the detection efficiency is low in the prior art can be solved.
4. An online text comparison tool is provided for manual detection, newly added, modified and deleted texts in a webpage are all marked clearly in a highlight background color and deletion mode, and the condition that a file is modified can be clearly reproduced.
5. And the comprehensive protection is provided for the protection website by a mode of combining automatic detection and manual judgment based on big data.
Drawings
Fig. 1 is a schematic flow chart of a webpage tamper-proofing method according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, an embodiment of the present invention:
a webpage tamper-proofing method includes collecting target website file data in a polling mode, storing the target website file data in a temporary directory, preprocessing the collected webpage files, converting dynamically changed webpage files into fixed files through regular replacement, calculating check values of all the files by using a hash function, comparing the check values with original check values if the files have the original check values, determining that the files are modified if the files are not matched successfully, sending real-time early warning information to a website administrator in an unexamined short message, mail and WeChat mode, scanning contents of the text webpage files based on a cloud feature library to find whether the files contain illegal contents such as black words and black chains or not, executing corresponding strategies according to tampering behavior danger levels if the webpages are illegally tampered, and further performing online text comparison, and verification, And judging whether the webpage is tampered by the webpage snapshot and external link viewing modes, if so, executing a corresponding strategy according to the tampering behavior danger level, and if so, updating the check value of the corresponding webpage file.
The webpage tamper-proofing system comprises an acquisition module, a preprocessing module, a detection module, a comparison module and an alarm module, wherein the acquisition module is used for acquiring target website data needing to be protected and is carried out in a polling mode, the preprocessing module is used for converting dynamic webpage files into fixed files so as to reduce the false alarm rate of automatic detection and improve the detection efficiency, the detection module is used for automatically judging whether the webpage files are modified and whether illegal contents such as black words and black chains exist in the webpage files, the comparison module is used for manually judging whether the webpage is tampered and providing modes such as webpage snapshot, online text comparison and outer chain check, and the alarm module is used for sending early warning information to a website administrator.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Claims (2)
1. A webpage tamper-proofing method is characterized by comprising the following steps:
s1: and acquiring the file data of the target website in a polling mode, and storing the file data into a temporary directory.
S2: preprocessing the collected webpage files, and converting the dynamically changed webpage files into fixed files through regular replacement.
S3: and calculating the check value of each file by using a hash function, and comparing the check value with the original check value if the original check value exists in the file.
S4: and if the matching is unsuccessful, the file is considered to be modified, and real-time early warning information is sent to a website administrator in a mode of free-check short messages, mails and WeChat.
S5: and scanning the content of the text webpage file based on the cloud characteristic library, and searching whether the file contains illegal contents such as black words, black chains and the like.
S6: and if the webpage is illegally tampered, executing a corresponding strategy according to the tampering behavior danger level.
S7: if illegal contents are not found, the website administrator further judges whether the webpage is tampered by means of online text comparison, webpage snapshot and external link viewing.
S8: if tampered, step 6 is performed.
S9: and if the modification is authorized, updating the check value of the corresponding webpage file.
2. A webpage tamper-proofing system is characterized by comprising an acquisition module, a preprocessing module, a detection module, a comparison module and an alarm module;
the acquisition module is used for acquiring target website data to be protected and performing the acquisition in a polling mode;
the preprocessing module is used for converting the dynamic webpage file into a fixed file so as to reduce the false alarm rate of automatic detection and improve the detection efficiency.
The detection module is used for automatically judging whether the webpage file is modified or not by the system, and
whether illegal contents such as black words and black chains exist;
the comparison module is used for manually judging whether the webpage is tampered, and providing modes such as webpage snapshot, online text comparison, external link check and the like;
and the alarm module is used for sending early warning information to a website administrator.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010924432.7A CN111967064A (en) | 2020-09-05 | 2020-09-05 | Webpage tamper-proofing method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010924432.7A CN111967064A (en) | 2020-09-05 | 2020-09-05 | Webpage tamper-proofing method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111967064A true CN111967064A (en) | 2020-11-20 |
Family
ID=73392353
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010924432.7A Pending CN111967064A (en) | 2020-09-05 | 2020-09-05 | Webpage tamper-proofing method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111967064A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112733205A (en) * | 2021-01-20 | 2021-04-30 | 天地(常州)自动化股份有限公司 | Data tampering rapid identification method, device, equipment and medium |
| CN114201370A (en) * | 2022-02-21 | 2022-03-18 | 山东捷瑞数字科技股份有限公司 | Webpage file monitoring method and system |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102710652A (en) * | 2012-06-12 | 2012-10-03 | 北京星网锐捷网络技术有限公司 | Web application intrusion prevention method and device as well as network equipment and network system |
| CN103593615A (en) * | 2013-11-29 | 2014-02-19 | 北京奇虎科技有限公司 | Method and device for detecting webpage tampering |
| CN103605926A (en) * | 2013-11-29 | 2014-02-26 | 北京奇虎科技有限公司 | Webpage tampering detecting method and device |
| CN107835191A (en) * | 2017-11-29 | 2018-03-23 | 中科信息安全共性技术国家工程研究中心有限公司 | A kind of method and apparatus for detecting webpage malicious and distorting |
| CN108427881A (en) * | 2018-03-16 | 2018-08-21 | 北京知道创宇信息技术有限公司 | Webpage tamper monitoring method, device, monitoring device and readable storage medium storing program for executing |
| CN109257340A (en) * | 2018-08-29 | 2019-01-22 | 北京中科锐链科技有限公司 | A kind of website falsification-proof system and method based on block chain |
| CN109344661A (en) * | 2018-09-06 | 2019-02-15 | 南京聚铭网络科技有限公司 | A kind of webpage integrity assurance of the micro code based on machine learning |
-
2020
- 2020-09-05 CN CN202010924432.7A patent/CN111967064A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102710652A (en) * | 2012-06-12 | 2012-10-03 | 北京星网锐捷网络技术有限公司 | Web application intrusion prevention method and device as well as network equipment and network system |
| CN103593615A (en) * | 2013-11-29 | 2014-02-19 | 北京奇虎科技有限公司 | Method and device for detecting webpage tampering |
| CN103605926A (en) * | 2013-11-29 | 2014-02-26 | 北京奇虎科技有限公司 | Webpage tampering detecting method and device |
| CN107835191A (en) * | 2017-11-29 | 2018-03-23 | 中科信息安全共性技术国家工程研究中心有限公司 | A kind of method and apparatus for detecting webpage malicious and distorting |
| CN108427881A (en) * | 2018-03-16 | 2018-08-21 | 北京知道创宇信息技术有限公司 | Webpage tamper monitoring method, device, monitoring device and readable storage medium storing program for executing |
| CN109257340A (en) * | 2018-08-29 | 2019-01-22 | 北京中科锐链科技有限公司 | A kind of website falsification-proof system and method based on block chain |
| CN109344661A (en) * | 2018-09-06 | 2019-02-15 | 南京聚铭网络科技有限公司 | A kind of webpage integrity assurance of the micro code based on machine learning |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112733205A (en) * | 2021-01-20 | 2021-04-30 | 天地(常州)自动化股份有限公司 | Data tampering rapid identification method, device, equipment and medium |
| CN114201370A (en) * | 2022-02-21 | 2022-03-18 | 山东捷瑞数字科技股份有限公司 | Webpage file monitoring method and system |
| CN114201370B (en) * | 2022-02-21 | 2022-06-03 | 山东捷瑞数字科技股份有限公司 | Webpage file monitoring method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109257340B (en) | Website tamper-proof system and method based on block chain | |
| EP2729895B1 (en) | Syntactical fingerprinting | |
| CN104767757B (en) | Various dimensions safety monitoring method and system based on WEB service | |
| CN112787992B (en) | Method, device, equipment and medium for detecting and protecting sensitive data | |
| CN108718298B (en) | Malicious external connection flow detection method and device | |
| CN102082792A (en) | Phishing webpage detection method and device | |
| CN113162953B (en) | Network threat message detection and source tracing evidence obtaining method and device | |
| CN103685575A (en) | Website security monitoring method based on cloud architecture | |
| CN101924760A (en) | Method and system for downloading executable file securely | |
| CN111967064A (en) | Webpage tamper-proofing method and system | |
| CN114079579B (en) | Malicious encryption traffic detection method and device | |
| CN103716315A (en) | Method and device for detecting web page tampering | |
| CN112560029A (en) | Website content monitoring and automatic response protection method based on intelligent analysis technology | |
| US20230418943A1 (en) | Method and device for image-based malware detection, and artificial intelligence-based endpoint detection and response system using same | |
| CN114172703A (en) | Malicious software identification method, device and medium | |
| CN108446543B (en) | Mail processing method, system and mail proxy gateway | |
| CN113704328A (en) | User behavior big data mining method and system based on artificial intelligence | |
| CN108171054A (en) | The detection method and system of a kind of malicious code for social deception | |
| CN113704772B (en) | Safety protection processing method and system based on user behavior big data mining | |
| Khade et al. | Detection of phishing websites using data mining techniques | |
| CN110837646A (en) | Risk investigation device of unstructured database | |
| CN112600828B (en) | Attack detection and protection method and device for power control system based on data message | |
| CN116248406B (en) | Information security storage method and information security device thereof | |
| WO2024051017A1 (en) | Distributed website tampering detection system and method | |
| CN109190408B (en) | Data information security processing method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201120 |
|
| RJ01 | Rejection of invention patent application after publication |