CN101778137A - System and method for preventing webpage from being falsified - Google Patents
System and method for preventing webpage from being falsified Download PDFInfo
- Publication number
- CN101778137A CN101778137A CN201010019424A CN201010019424A CN101778137A CN 101778137 A CN101778137 A CN 101778137A CN 201010019424 A CN201010019424 A CN 201010019424A CN 201010019424 A CN201010019424 A CN 201010019424A CN 101778137 A CN101778137 A CN 101778137A
- Authority
- CN
- China
- Prior art keywords
- webpage
- file
- monitoring
- distorted
- state
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Information Transfer Between Computers (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a system and a method for preventing a webpage from being falsified, which relates to the field of network safety, and is used for preventing a webpage from being falsified and eliminating postmortem influences. The system comprises a domino administrator, a management center server and a monitoring agent client. The method comprises the following steps: configuring a webpage monitoring policy; monitoring the state of the webpage in real time based on the webpage monitoring policy; and when the state of the webpage is changed, restoring the webpage to the state before the change. By the mechanism of monitoring the state of the webpage in real time and the mechanism of restoring the webpage to the state before the change when the state of the webpage is changed, the invention can restore the webpage to the state before the change as soon as possible after the webpage is falsified, thereby achieving the effect of preventing the webpage from being falsified.
Description
Technical field
The present invention relates to network safety filed, particularly relate to a kind of system and method that prevents that webpage from being distorted.
Background technology
China's Informatization Development was swift and violent in recent years, and all trades and professions have mostly been carried out Web Hosting according to self needs, was used for information issue, online ecommerce, online working, information inquiry or the like, and the website is being brought into play important effect in actual applications.Especially carrying out energetically of China's E-Government, ecommerce, Web Hosting has obtained developing on an unprecedented scale.Yet unfortunately, the performance desire that the hacker is strong, the illegal attempt of illegal organization both at home and abroad, commercial competition adversary's malicious attack, giving vent to or the like of discontented mood ex-employee all will cause webpage by " Face Changing ".The webpage tamper attack has following characteristics: distort that the Website page propagation velocity is fast, the reading crowd is many; Duplicate easily, the difficulty of afterwards eliminating the effects of the act, check and take precautions against in real time difficulty in advance, the network environment complexity is difficult to trace responsibility, attack tool is simple and to intelligent trend development, according to incompletely statistics, the website of China more than 95% all has been assault in various degree, that attacks is of a great variety, and safety precaution becomes the focus that everybody pays close attention to day by day.But present technology can't prevent effectively that webpage from being distorted.
Summary of the invention
The invention provides a kind of system and method that prevents that webpage from being distorted,, eliminate influence afterwards in order to prevent that webpage from being distorted.
The system that prevents that webpage from being distorted of the present invention comprises: administrative client, management center server and monitoring agent client; Wherein, administrative client is used for the login management central server, and in management center server the configuration webpage monitoring strategies; Management center server is used for administrative client and monitoring agent client alternately, and the webpage monitoring strategies is issued to the monitoring agent client; The monitoring agent client is used for according to the real-time web page monitored state of webpage monitoring strategies, and when the webpage Status Change, and this webpage is reverted to before changing state.
Further, the monitoring agent client adopts the attribute of each file in the file of hash fast algorithm real time scan webpage place according to the webpage monitoring strategies, finishes real-time web page monitored state.Monitoring agent customer end adopted bottom document Driving technique by the safe copy mode, covers monitored webpage place file with the backup path file, and webpage is reverted to before changing state.
The method that prevents that webpage from being distorted of the present invention comprises the following steps: the configuration webpage monitoring strategies; According to the real-time web page monitored state of webpage monitoring strategies; When the webpage Status Change, this webpage is reverted to before changing state.
Further, the web page monitored state is the attribute that adopts each file in the file of hash fast algorithm real time scan webpage place in real time.The state that webpage is reverted to before changing specifically adopts the bottom document Driving technique, by the safe copy mode, covers monitored webpage place file with the backup path file.
Beneficial effect of the present invention is as follows:
The present invention is by the mechanism of real-time web page monitored state, and when the webpage Status Change, this webpage reverted to the mechanism of state before changing, can be after webpage to be distorted, the very first time reverts to before changing state with this webpage, thereby has reached the effect that prevents that webpage from being distorted.
Description of drawings
Fig. 1 is the system configuration schematic diagram in the embodiment of the invention;
Fig. 2 is the schematic diagram of system deployment example 1 of the present invention;
Fig. 3 is the schematic diagram of system deployment example 2 of the present invention;
Fig. 4 is the schematic diagram of system deployment example 3 of the present invention;
Fig. 5 is the method step flow chart in the embodiment of the invention.
Embodiment
In order to realize that taking precautions against webpage is in real time distorted, eliminate influence afterwards, promote the safety precaution rank, the invention provides a kind of system and method that prevents that webpage from being distorted, below describe in detail by some embodiment.
Referring to shown in Figure 1, the system of present embodiment can be the C/S structure, comprising: the monitoring agent client, management center server and administrative client, communication can be taked complete encrypted transmission between the each several part, comprises transfer of data, authentification of users etc. are guaranteed the confidentiality of communicating by letter.The each several part function is as follows:
Administrative client (Console Setup) can be deployed in any computer of net administrator, can be substituted by separate unit pc machine.Be mainly used in the login management central server, and in management center server the configuration webpage monitoring strategies.
Management center server (Center Server Setup) can be deployed on the independent pc server, if the web number of servers of being managed is less, also can be deployed in monitored agent client simultaneously.Be mainly used in administrative client and monitoring agent client alternately, the webpage monitoring strategies is issued to the monitoring agent client.Also can take into account user management, the daily record monitoring, and manage each agent client.
Monitoring agent client (Moniter Client Setup) can be installed on the Web website.Be mainly used in according to the real-time web page monitored state of webpage monitoring strategies, and when the webpage Status Change, this webpage is reverted to before changing state.Concrete, kernel program with monitoring in this enforcement is embedded in the Web server by Microsoft's file bottom layer driving, automatically monitor by the Event triggered mode, All Files content (comprising Miscellaneous Documents types such as html, asp, jsp, php, jpeg, gif, bmp, psd, png, flash) to monitored webpage place file contrasts its a plurality of attributes, through built-in hash fast algorithm, the attribute of each file in the file of the monitored webpage of real time scan place, thus realize monitoring in real time.If find the attribute change, by non-protocol mode, pure safe copy mode copies backup path file content to monitored webpage place file relevant position.Owing to be by the bottom document Driving technique, whole file copy process is calculated with Millisecond, and the page is distorted so that the public can't see by institute, and its runnability and detection real-time all reach the industry highest level.Above-mentioned backup path file can be when the webpage issue of website, backs up earlier, afterwards externally issue again; In the time of also can being the webpage issue of website, finish backup and externally issue simultaneously.
Monitoring agent client in the system of the present invention, the deployment way of management center server and three parts of administrative client is comparatively flexible, can be deployed in respectively in three different systems, also can be deployed in same the system, the user designs as required flexibly, (annotate: the zone that mail server, name server are disposed, we are referred to as the mesozone below to introduce three kinds of typical deployed structures.Webmaster net, service network and office net etc. are referred to as internal lan, below repeat no more):
Dispose 1: referring to shown in Figure 2, monitoring agent client and management center server separate part are deployed in the mesozone, and administrative client is deployed in the webmaster net of internal lan, and administrative client lands at internal lan, authentication and manage central server.
Dispose 2: referring to shown in Figure 3, monitoring agent client and management center server are deployed in the mesozone, different with deployment 1, be exactly monitoring agent client and management center server be to be deployed in same system, administrative client is deployed in the webmaster net of internal lan, and administrative client lands at internal lan, authentication and manage central server.
Dispose 3: referring to shown in Figure 4, monitoring agent client and management center server are deployed in IDC trustship center, and administrative client is deployed in the webmaster net of internal lan, by Internet, and telnet, authentication and manage central server.
Referring to shown in Figure 5, the method for this enforcement comprises following key step:
S1, configuration webpage monitoring strategies.
S2, according to the real-time web page monitored state of webpage monitoring strategies.
S3, when the webpage Status Change, this webpage is reverted to before changing state.
More specifically in step S1, the webpage monitoring strategies of configuration can be that the All Files content of monitored webpage place file (comprising Miscellaneous Documents types such as html, asp, jsp, php, jpeg, gif, bmp, psd, png, flash) is contrasted its a plurality of attributes.
In step S2, the kernel program of monitoring can be embedded in the Web server by Microsoft's file bottom layer driving, through built-in hash fast algorithm, the attribute of each file in the file of the monitored webpage of real time scan place, thus realize monitoring in real time.
In step S3, if find above-mentioned attribute change, then judge the webpage Status Change, send monitoring by the Event triggered mode afterwards and unusual result occurs.Then, by non-protocol mode, pure safe copy mode copies backup path file content to monitored webpage place file relevant position.Owing to be by the bottom document Driving technique, whole file copy process is calculated with Millisecond, and the page is distorted so that the public can't see by institute, and its runnability and detection real-time all reach the industry highest level.Above-mentioned backup path file can be when the webpage issue of website, backs up earlier, afterwards externally issue again; In the time of also can being the webpage issue of website, finish backup and externally issue simultaneously.
To sum up, the present invention is by the mechanism of real-time web page monitored state, and when the webpage Status Change this webpage reverted to the mechanism of state before changing, can be after webpage is distorted, the very first time reverts to before changing state with this webpage, thereby has reached the effect that prevents that webpage from being distorted.And characteristics such as the present invention also has that the response resume speed is fast, accuracy of judgement, deployment are flexible, integrated level is higher, does not rely on original web system architecture, disposes and also do not influence the website overall structure.
Obviously, those skilled in the art can carry out various changes and modification to the present invention and not break away from the spirit and scope of the present invention.Like this, if of the present invention these are revised and modification belongs within the scope of claim of the present invention and equivalent technologies thereof, then the present invention also is intended to comprise these changes and modification interior.
Claims (10)
1. a system that prevents that webpage from being distorted is characterized in that, comprising: administrative client, management center server and monitoring agent client;
Wherein, administrative client is used for the login management central server, and in management center server the configuration webpage monitoring strategies;
Management center server is used for administrative client and monitoring agent client alternately, and the webpage monitoring strategies is issued to the monitoring agent client;
The monitoring agent client is used for according to the real-time web page monitored state of webpage monitoring strategies, and when the webpage Status Change, and this webpage is reverted to before changing state.
2. prevent the system that webpage is distorted according to claim 1, it is characterized in that the webpage monitoring strategies that management center server issues comprises: at least two attributes that contrast each file in the file of described webpage place.
3. prevent the system that webpage is distorted according to claim 1, it is characterized in that the monitoring agent client adopts the attribute of each file in the file of hash fast algorithm real time scan webpage place according to the webpage monitoring strategies, finishes real-time web page monitored state.
4. prevent the system that webpage is distorted according to claim 1, it is characterized in that the monitoring agent client realizes real-time monitoring by the Event triggered mode when the webpage Status Change.
5. prevent the system that webpage is distorted according to claim 1, it is characterized in that monitoring agent customer end adopted bottom document Driving technique is by the safe copy mode, cover monitored webpage place file with the backup path file, webpage is reverted to before changing state.
6. a method that prevents that webpage from being distorted is characterized in that, comprises the following steps:
The configuration webpage monitoring strategies;
According to the real-time web page monitored state of webpage monitoring strategies;
When the webpage Status Change, this webpage is reverted to before changing state.
7. as described in claim 6, prevent the method that webpage is distorted, it is characterized in that the webpage monitoring strategies comprises: at least two attributes that contrast each file in the file of described webpage place.
8. as described in claim 6, prevent the method that webpage is distorted, it is characterized in that described real-time web page monitored state is the attribute that adopts each file in the file of hash fast algorithm real time scan webpage place.
9. as described in claim 6, prevent the method that webpage is distorted, it is characterized in that, when the webpage Status Change, realize real-time monitoring by the Event triggered mode.
10. as described in claim 6, prevent the method that webpage is distorted, it is characterized in that, the state that described webpage is reverted to before changing specifically adopts the bottom document Driving technique, by the safe copy mode, covers monitored webpage place file with the backup path file.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010019424A CN101778137A (en) | 2010-01-15 | 2010-01-15 | System and method for preventing webpage from being falsified |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010019424A CN101778137A (en) | 2010-01-15 | 2010-01-15 | System and method for preventing webpage from being falsified |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101778137A true CN101778137A (en) | 2010-07-14 |
Family
ID=42514461
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010019424A Pending CN101778137A (en) | 2010-01-15 | 2010-01-15 | System and method for preventing webpage from being falsified |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101778137A (en) |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102801578A (en) * | 2012-06-28 | 2012-11-28 | 郑州郑大信息技术有限公司 | Monitoring system for trading platform |
| WO2013037304A1 (en) * | 2011-09-16 | 2013-03-21 | Tencent Technology (Shenzhen) Company Limited | Apparatus and methods for preventing payment webpage tampering |
| CN103368926A (en) * | 2012-04-10 | 2013-10-23 | 北京四维图新科技股份有限公司 | Method for preventing file tampering and device for preventing file manipulation |
| CN104156665A (en) * | 2014-07-22 | 2014-11-19 | 杭州安恒信息技术有限公司 | Web page tampering monitoring method |
| CN104348914A (en) * | 2014-10-31 | 2015-02-11 | 福建六壬网安股份有限公司 | Tamper-proofing system file synchronizing system and tamper-proofing system file synchronizing method |
| CN104468485A (en) * | 2013-09-23 | 2015-03-25 | 西门子公司 | Webpage scanning method, device and system |
| CN104735090A (en) * | 2015-04-17 | 2015-06-24 | 北京汉柏科技有限公司 | Web server webpage distortion preventing method and web server webpage distortion preventing system |
| CN104766009A (en) * | 2015-03-18 | 2015-07-08 | 杭州安恒信息技术有限公司 | System for preventing webpage document tampering based on operating system bottom layer |
| CN105978908A (en) * | 2016-07-08 | 2016-09-28 | 北京奇虎科技有限公司 | Non-real-time information website security protection method and apparatus |
| CN107124430A (en) * | 2017-06-08 | 2017-09-01 | 腾讯科技(深圳)有限公司 | Pagejack monitoring method, device, system and storage medium |
| CN109150641A (en) * | 2017-06-15 | 2019-01-04 | 北京国双科技有限公司 | A kind of data acquisition, querying method, device, storage medium and processor |
| CN109635592A (en) * | 2018-11-22 | 2019-04-16 | 山东中创软件商用中间件股份有限公司 | A kind of file means of defence, device, equipment, system and storage medium |
| CN110765453A (en) * | 2019-09-27 | 2020-02-07 | 山东高速信联科技有限公司 | Tamper-proof method and system for ETC online recharging service |
| CN111967059A (en) * | 2020-08-11 | 2020-11-20 | 广东堡塔安全技术有限公司 | Website tamper-proofing method and system and computer readable storage medium |
| CN112187787A (en) * | 2020-09-27 | 2021-01-05 | 广州瀚信通信科技股份有限公司 | Digital marketing advertisement page tamper-proof method, device and equipment based on knowledge graph |
| CN114091122A (en) * | 2022-01-21 | 2022-02-25 | 南方电网数字电网研究院有限公司 | Website tamper-proof method and device, computer equipment and storage medium |
| CN114513359A (en) * | 2022-02-16 | 2022-05-17 | 北京仁信证科技有限公司 | End-to-end protected webpage tamper-proof system |
-
2010
- 2010-01-15 CN CN201010019424A patent/CN101778137A/en active Pending
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013037304A1 (en) * | 2011-09-16 | 2013-03-21 | Tencent Technology (Shenzhen) Company Limited | Apparatus and methods for preventing payment webpage tampering |
| CN103368926A (en) * | 2012-04-10 | 2013-10-23 | 北京四维图新科技股份有限公司 | Method for preventing file tampering and device for preventing file manipulation |
| CN102801578B (en) * | 2012-06-28 | 2015-08-05 | 郑州郑大信息技术有限公司 | A kind of supervisory control system of transaction platform |
| CN102801578A (en) * | 2012-06-28 | 2012-11-28 | 郑州郑大信息技术有限公司 | Monitoring system for trading platform |
| CN104468485B (en) * | 2013-09-23 | 2018-11-16 | 西门子公司 | A kind of webpage scan method, device and system |
| CN104468485A (en) * | 2013-09-23 | 2015-03-25 | 西门子公司 | Webpage scanning method, device and system |
| CN104156665B (en) * | 2014-07-22 | 2017-02-01 | 杭州安恒信息技术有限公司 | Web page tampering monitoring method |
| CN104156665A (en) * | 2014-07-22 | 2014-11-19 | 杭州安恒信息技术有限公司 | Web page tampering monitoring method |
| CN104348914A (en) * | 2014-10-31 | 2015-02-11 | 福建六壬网安股份有限公司 | Tamper-proofing system file synchronizing system and tamper-proofing system file synchronizing method |
| CN104766009A (en) * | 2015-03-18 | 2015-07-08 | 杭州安恒信息技术有限公司 | System for preventing webpage document tampering based on operating system bottom layer |
| CN104735090A (en) * | 2015-04-17 | 2015-06-24 | 北京汉柏科技有限公司 | Web server webpage distortion preventing method and web server webpage distortion preventing system |
| CN105978908A (en) * | 2016-07-08 | 2016-09-28 | 北京奇虎科技有限公司 | Non-real-time information website security protection method and apparatus |
| CN107124430B (en) * | 2017-06-08 | 2021-07-06 | 腾讯科技(深圳)有限公司 | Page hijacking monitoring method, device, system and storage medium |
| CN107124430A (en) * | 2017-06-08 | 2017-09-01 | 腾讯科技(深圳)有限公司 | Pagejack monitoring method, device, system and storage medium |
| CN109150641A (en) * | 2017-06-15 | 2019-01-04 | 北京国双科技有限公司 | A kind of data acquisition, querying method, device, storage medium and processor |
| CN109150641B (en) * | 2017-06-15 | 2020-04-17 | 北京国双科技有限公司 | Data acquisition and query method, device, storage medium and processor |
| CN109635592A (en) * | 2018-11-22 | 2019-04-16 | 山东中创软件商用中间件股份有限公司 | A kind of file means of defence, device, equipment, system and storage medium |
| CN110765453A (en) * | 2019-09-27 | 2020-02-07 | 山东高速信联科技有限公司 | Tamper-proof method and system for ETC online recharging service |
| CN111967059A (en) * | 2020-08-11 | 2020-11-20 | 广东堡塔安全技术有限公司 | Website tamper-proofing method and system and computer readable storage medium |
| CN112187787A (en) * | 2020-09-27 | 2021-01-05 | 广州瀚信通信科技股份有限公司 | Digital marketing advertisement page tamper-proof method, device and equipment based on knowledge graph |
| CN112187787B (en) * | 2020-09-27 | 2023-10-10 | 广州瀚信通信科技股份有限公司 | Digital marketing advertisement page tamper-proof method, device and equipment based on knowledge graph |
| CN114091122A (en) * | 2022-01-21 | 2022-02-25 | 南方电网数字电网研究院有限公司 | Website tamper-proof method and device, computer equipment and storage medium |
| CN114513359A (en) * | 2022-02-16 | 2022-05-17 | 北京仁信证科技有限公司 | End-to-end protected webpage tamper-proof system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101778137A (en) | System and method for preventing webpage from being falsified | |
| ES2945836T3 (en) | Systems and methods for the detection of behavioral threats | |
| Friedberg et al. | Combating advanced persistent threats: From network event correlation to incident detection | |
| EP2939173B1 (en) | Real-time representation of security-relevant system state | |
| Zhao et al. | Botgraph: large scale spamming botnet detection. | |
| Berrueta et al. | Open repository for the evaluation of ransomware detection tools | |
| EP2076836B1 (en) | Real-time identification of an asset model and categorization of an asset to assist in computer network security | |
| US7644283B2 (en) | Media analysis method and system for locating and reporting the presence of steganographic activity | |
| CN1760791A (en) | Method and system for merging security policies | |
| US20090328210A1 (en) | Chain of events tracking with data tainting for automated security feedback | |
| Toumi et al. | Cooperative trust framework for cloud computing based on mobile agents | |
| CN108027856A (en) | The real-time indicator of attack information is established using credible platform module | |
| Elkhail et al. | Seamlessly safeguarding data against ransomware attacks | |
| Sánchez Sánchez et al. | Robust Federated Learning for execution time-based device model identification under label-flipping attack | |
| US20240171614A1 (en) | System and method for internet activity and health forecasting and internet noise analysis | |
| Dumitrasc et al. | User behavior analysis for malware detection | |
| Peiravi | Application of string matching in Internet Security and Reliability | |
| Helmer et al. | Anomalous intrusion detection system for hostile Java applets | |
| Samet et al. | Big data security problem based on Hadoop framework | |
| McGibney et al. | A service-centric model for intrusion detection in next-generation networks | |
| Verma et al. | Implementation of Web Defacement Detection | |
| Cai et al. | Medical big data intrusion detection system based on virtual data analysis from assurance perspective | |
| Jha et al. | Re-Identification Attacks against the Topics API | |
| KR100862282B1 (en) | Devices for Scanning The Worm Virus Trace Spreaded in Networks and Program Recording Medium | |
| Helmer | Intelligent multi-agent system for intrusion detection and countermeasures |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| DD01 | Delivery of document by public notice |
Addressee: Wu Bingtang Document name: Notification of Passing Preliminary Examination of the Application for Invention |
|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| DD01 | Delivery of document by public notice |
Addressee: Wu Bingtang Document name: Notification of Publication and of Entering the Substantive Examination Stage of the Application for Invention |
|
| DD01 | Delivery of document by public notice |
Addressee: Wu Bingtang Document name: Notification of Passing Examination on Formalities |
|
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20100714 |