CN104065657A - Method for dynamically controlling user behavior based on IP access and system thereof - Google Patents
Method for dynamically controlling user behavior based on IP access and system thereof Download PDFInfo
- Publication number
- CN104065657A CN104065657A CN201410293679.8A CN201410293679A CN104065657A CN 104065657 A CN104065657 A CN 104065657A CN 201410293679 A CN201410293679 A CN 201410293679A CN 104065657 A CN104065657 A CN 104065657A
- Authority
- CN
- China
- Prior art keywords
- user
- information
- blacklist
- access
- active user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Abstract
The invention relates to a method for dynamically controlling a user behavior based on IP access. The method comprises the following steps that: (1) receiving a user request and recording an access log, (2) extracting IP information in the access log and storing the IP information in an IP statistics file, (3) judging whether a blacklist database exists or not at present, if so, executing a step (4), otherwise, executing a step (5), (4) comparing the IP information of a current user with the blacklist database, if the IP information is matched with the blacklist database, judging the current user as an illegal user and executing a step (7), otherwise, executing the step (5), (5) counting the current user access time at a specified time interval, (6) judging whether the access time is larger than a preset value, if so, judging the current user as the illegal user and executing the step (7), otherwise, judging the current user as a legal user and executing a step (8), (7) storing the IP information of the illegal user into the blacklist database, and ending the method, and (8) responding to the current user request. The website traffic is automatically monitored and shielded, the malicious large-traffic attack is avoided, and the website security is improved.
Description
Technical field
The method and system that the present invention relates to a kind of dynamic control user behavior based on IP access, belong to software technology field.
Background technology
Along with the development of Internet technology, most of websites suffer the attacks such as the large flow of hacker, pressure test checking until systemic breakdown.At present, a lot of websites lack the dynamically access control of carrying out site resource of (according to user's behavior dynamic control authorization) for a certain class user.
Shell script, Shell is a kind of command lanuage, is again a kind of programming language, i.e. script, " .bat " of similar windows, effect is exactly to follow certain grammer system is explained and passed to the command routing of input.
Nginx server, is front-end WEB server, and high performance HTTP and Reverse Proxy, have simple load balancing and fault tolerance.
Summary of the invention
Technical problem to be solved by this invention is, large flow attacking website for prior art due to certain customers' malice, cause website traffic to increase sharply, server handling ability declines, the deficiency that the domestic consumer causing cannot normally be used, provide a kind of website traffic is reasonably controlled, increase the method for the dynamic control user behavior based on IP access of the fail safe of website.
The technical scheme that the present invention solves the problems of the technologies described above is as follows: a kind of method of the dynamic control user behavior based on IP access, specifically comprises the following steps:
Step 1: receive user's request, the user's that record sends request access log and access times;
Step 2: the IP information in extraction user's access log, is saved in IP information in IP statistics file;
Step 3: judge currently whether have blacklist database, if had, execution step 4; Otherwise, set up blacklist database, execution step 5;
Step 4: the IP information in active user's IP information and blacklist database is contrasted one by one, if coupling judges that active user is disabled user, execution step 7; Otherwise, execution step 5;
Step 5: at interval of certain hour, user's access times in statistics active user's IP statistics file;
Step 6: judge whether described access times are greater than preset value, if so, judge that active user is disabled user, execution step 7; Otherwise, judge that active user is for validated user, execution step 8;
Step 7: disabled user's IP information is deposited in blacklist database, finish;
Step 8: response active user request, return to corresponding information according to active user's request.
The invention has the beneficial effects as follows: the present invention carries out automatic monitoring and shielding to website traffic, avoid the large flow attacking of malice, increase web portal security; The dynamic control user behavior of accessing based on IP is mainly by configuration of IP monitoring script and then realize website traffic automatic monitoring and control, realizes the control technology to the large flow attacking in website; Based on the user access logs of the Nginx server of increasing income, the IP Information Statistics that conduct interviews, for monitoring script provides metadata, limit for the user of large flow.
On the basis of technique scheme, the present invention can also do following improvement.
Further, described blacklist database comprise timing section blacklist and the same day blacklist, described timing section blacklist is effective in setting-up time section, automatically empty all IP information of wherein preserving at interval of setting-up time, IP information to new disabled user is added up again, arranges as new timing section blacklist; Described same day, blacklist was effective the same day, automatically emptied the IP information of wherein preserving every day, and new disabled user's IP information is added up again, arranged as new blacklist on the same day.
Further, described step 4 specifically comprises the following steps:
Step 4.1: active user's IP information and the IP information in timing section blacklist are contrasted one by one, if coupling judges that active user is disabled user, execution step 7; Otherwise, execution step 4.2;
Step 4.2: the IP information in active user's IP information and same day blacklist is contrasted one by one, if coupling judge that active user is disabled user, perform step 7; Otherwise, execution step 5.
Further, in described step 7, disabled user's IP information is deposited in simultaneously in current timing section blacklist and same day blacklist.
Technical problem to be solved by this invention is, large flow attacking website for prior art due to certain customers' malice, cause website traffic to increase sharply, server handling ability declines, the deficiency that the domestic consumer causing cannot normally be used, provide a kind of website traffic is reasonably controlled, increase the system of the dynamic control user behavior based on IP access of the fail safe of website.
The technical scheme that the present invention solves the problems of the technologies described above is as follows: a kind of system of the dynamic control user behavior based on IP access, comprising: receiver module, extraction module, blacklist database, judge module, access times statistical module and server;
Described receiver module receives user's request, the user's that record sends request access log and access times, and described access log and access times are sent in extraction module;
IP information in described extraction module extraction user's access log, is saved in IP information in IP statistics file, and described IP statistics file is sent in judge module;
Described blacklist database is for storing disabled user's IP information;
Described judge module contrasts the IP information in the IP information in the IP statistics file receiving and blacklist database, and the user of IP information matches is judged as to disabled user, and unmatched IP information IP statistics file is sent to access times statistical module;
Described access times statistical module is at interval of certain hour, user's access times in statistics active user's IP statistics file; If described access times are greater than preset value, judge that active user is disabled user; If access times are not more than preset value, active user's request is sent to server;
Described server response active user request, returns to corresponding information according to active user's request.
The invention has the beneficial effects as follows: the present invention carries out automatic monitoring and shielding to website traffic, avoid the large flow attacking of malice, increase web portal security; The dynamic control user behavior of accessing based on IP is mainly by configuration of IP monitoring script and then realize website traffic automatic monitoring and control, realizes the control technology to the large flow attacking in website; Based on the user access logs of the Nginx server of increasing income, the IP Information Statistics that conduct interviews, for monitoring script provides metadata, limit for the user of large flow.
On the basis of technique scheme, the present invention can also do following improvement.
Further, described blacklist database comprise timing section blacklist and the same day blacklist, described timing section blacklist is effective in setting-up time section, automatically empty all IP information of wherein preserving at interval of setting-up time, IP information to new disabled user is added up again, arranges as new timing section blacklist; Described same day, blacklist was effective the same day, automatically emptied the IP information of wherein preserving every day, and new disabled user's IP information is added up again, arranged as new blacklist on the same day.
Further, first described judge module contrasts active user's IP information and the IP information in timing section blacklist one by one, just the IP information in active user's IP information and same day blacklist contrasts one by one again, if there is a coupling, judges that active user is disabled user;
Active user's IP information not with timing section blacklist in IP information matches, while coupling with the IP in same day blacklist again, active user's IP statistics file is sent to access times statistical module by described judge module.
Further, described judge module judges that active user is when the disabled user, and disabled user's IP information is deposited in current timing section blacklist and same day blacklist simultaneously.
Brief description of the drawings
Fig. 1 is the method flow diagram of a kind of dynamic control user behavior based on IP access of the present invention;
Fig. 2 is the system architecture diagram of a kind of dynamic control user behavior based on IP access of the present invention;
Fig. 3 is that the present invention is method user's browsing process figure of a kind of dynamic control user behavior based on IP access of the present invention.
In accompanying drawing, the list of parts of each label representative is as follows:
1, receiver module, 2, extraction module, 3, blacklist database, 4, judge module, 5, access times statistical module, 6, server.
Embodiment
Below in conjunction with accompanying drawing, principle of the present invention and feature are described, example, only for explaining the present invention, is not intended to limit scope of the present invention.
As shown in Figure 1, be the method for a kind of dynamic control user behavior based on IP access of the present invention, specifically comprise the following steps:
Step 1: receive user's request, the user's that record sends request access log and access times;
Step 2: the IP information in extraction user's access log, is saved in IP information in IP statistics file;
Step 3: judge currently whether have blacklist database, if had, execution step 4; Otherwise, set up blacklist database, execution step 5;
Step 4: the IP information in active user's IP information and blacklist database is contrasted one by one, if coupling judges that active user is disabled user, execution step 7; Otherwise, execution step 5;
Step 5: at interval of certain hour, user's access times in statistics active user's IP statistics file;
Step 6: judge whether described access times are greater than preset value, if so, judge that active user is disabled user, execution step 7; Otherwise, judge that active user is for validated user, execution step 8;
Step 7: disabled user's IP information is deposited in blacklist database, finish;
Step 8: response active user request, return to corresponding information according to active user's request.
Described blacklist database comprise timing section blacklist and the same day blacklist, described timing section blacklist is effective in setting-up time section, automatically empty all IP information of wherein preserving at interval of setting-up time, IP information to new disabled user is added up again, arranges as new timing section blacklist; Described same day, blacklist was effective the same day, automatically emptied the IP information of wherein preserving every day, and new disabled user's IP information is added up again, arranged as new blacklist on the same day.
Described step 4 specifically comprises the following steps:
Step 4.1: active user's IP information and the IP information in timing section blacklist are contrasted one by one, if coupling judges that active user is disabled user, execution step 7; Otherwise, execution step 4.2;
Step 4.2: the IP information in active user's IP information and same day blacklist is contrasted one by one, if coupling judge that active user is disabled user, perform step 7; Otherwise, execution step 5.
In described step 7, disabled user's IP information is deposited in simultaneously in current timing section blacklist and same day blacklist.
As shown in Figure 2, for the system of a kind of dynamic control user behavior based on IP access of the present invention, comprising: receiver module 1, extraction module 2, blacklist database 3, judge module 4, access times statistical module 5 and server 6;
Described receiver module 1 receives user's request, the user's that record sends request access log and access times, and described access log and access times are sent in extraction module 2;
Described extraction module 2 extracts the IP information in user's access log, IP information is saved in IP statistics file, and described IP statistics file is sent in judge module 4;
Described blacklist database 3 is for storing disabled user's IP information;
Described judge module 4 contrasts the IP information in the IP information in the IP statistics file receiving and blacklist database 3, the user of IP information matches is judged as to disabled user, unmatched IP information IP statistics file is sent to access times statistical module 5;
Described access times statistical module 5 is at interval of certain hour, user's access times in statistics active user's IP statistics file; If described access times are greater than preset value, judge that active user is disabled user; If access times are not more than preset value, active user's request is sent to server 6;
Described server 6 responds active user's request, returns to corresponding information according to active user's request.
Described blacklist database 3 comprise timing section blacklist and the same day blacklist, described timing section blacklist is effective in setting-up time section, automatically empty all IP information of wherein preserving at interval of setting-up time, IP information to new disabled user is added up again, arranges as new timing section blacklist; Described same day, blacklist was effective the same day, automatically emptied the IP information of wherein preserving every day, and new disabled user's IP information is added up again, arranged as new blacklist on the same day.
First described judge module 4 contrasts active user's IP information and the IP information in timing section blacklist one by one, just the IP information in active user's IP information and same day blacklist contrasts one by one again, if there is a coupling, judge that active user is disabled user;
Active user's IP information not with timing section blacklist in IP information matches, while coupling with the IP in same day blacklist again, active user's IP statistics file is sent to access times statistical module 5 by described judge module 4.
Described judge module 4 judges when active user is disabled user, and disabled user's IP information is deposited in current timing section blacklist and same day blacklist simultaneously.
The dynamic control user behavior of accessing based on IP is mainly by configuration of IP monitoring script and then realize website traffic automatic monitoring and control, realizes the control technology to the large flow attacking in website.Specific implementation: (Shell is a kind of command lanuage to utilize SHELL script, again that a kind of programming language is, script, the .bat effect of similar windows is exactly to follow certain grammer system is explained and passed to the command routing of input), based on the Nginx that increases income (front-end WEB server, high performance HTTP and Reverse Proxy, there is simple load balancing and fault tolerance) user access logs of server, IP Information Statistics conduct interviews, for monitoring script provides metadata, limit for the user of large flow.
Disabled user's definition: normal user starts, to finishing service operation, to need to have the regular hour to consume from access, also has certain interval in the frequency of operation; For example: in 3 minutes (time is set according to concrete system situation), user's visit capacity is greater than the situation of 200 (visit capacity is set according to system situation), and system is looked this user's illegal operation, and its behavior is shielded; Other operational circumstances is considered as Lawful access user.
IP monitors process description:
Nginx server receives after user's request, according to configuring condition red, blacklist, filters.If have Red List or do not exist in blacklist, user's request will be processed by agency in application server; If there is no Red List, exists in blacklist, and user's request will directly be returned by Nginx server, gives friendly prompting page of user.
1) by IPcount.sh script timing by IP information separated in user's access log to IP statistics file;
2), according to IP statistics file, add up the current visit capacity of user in every 5 minutes by the timing of IPmin.sh script, and disabled user's IP information is written in blockIP_hour.conf (blacklist hourly) file; The term of validity of this blacklist is 1 hour, plays the effect of mid-event control, after the term of validity, automatically empties blacklist by IPblock.sh script;
3) according to IP statistics file, add up by current by the timing of IPblock.sh script, each user's on the same day visit capacity, and disabled user's IP information is written in blockIP.conf (blacklist on the same day) file; The execution per hour of this script once, is played the effect of afterwards processing, and this blacklist term of validity is 1 day, after the term of validity, and statistics again;
4) blacklist, Red List file are loaded in the configuration file of Nginx server;
5) ngreload.sh script, function are carried out in timing: timing restart Nginx server, make blacklist, Red List configuration take-effective, automatic shield disabled user.
SHELL script is explained in detail:
1) IPcount.sh: this file is mainly for separating of the log access log information of nginx, a user's of generation per hour IP statistics file.
#!/bin/sh
.$HOME/.profile
cp/echnweb/nginx/logs/access.log/echnweb/nginx/logs/bak/access.`date+%Y%m%d%H`
>/echnweb/nginx/logs/access.log
cd/echnweb/nginx/logs/bak
awk'{print$1}'access.`date+%Y%m%d%H`|more>IP.`date+%Y%m%d%H`
gzIP-9access.`date+%Y%m%d%H`
2) IPblock.sh: the IP information by user's access on the same day at 8000 times, write in IP blacklist file every day, shield.
#!/bin/sh
export IPLOG_PATH=/echnweb/nginx/logs/bak
export IPHOST_PATH=/echnweb/nginx/conf/vhosts
cat $IPLOG_PATH/IP.`date+%Y%m%d`*|sort|uniq-c|sort-n-r|head-n10|awk'$1>8000{print"deny"$2";"}'>>$IPHOST_PATH/tmp/blockIP.conf`date+%Y%m%d%H`
cat $IPHOST_PATH/tmp/blockIP.conf2011*|sort-u>$IPHOST_PATH/blockIP.conf
echo`date+%Y%m%d%H%M`
3) IPmin.sh: in the middle of the record of statistics recent visit 10000, exceed 200 and belong to same IP address if had, join so blacklist file blockIP_hour.conf per hour.
#!/bin/sh
export IPHOST_PATH=/echnweb/nginx/conf/vhosts
tail-10000/echnweb/nginx/logs/access.log|awk'{print$1}'|sort|uniq-c|sort-n-r|head-n10|awk'$1>2000{print"deny"$2";"}'>$IPHOST_PATH/blockIP_hour.conf
echo`date+%Y%m%d%H%M`
4) ngreload.sh: the server nginx configuration file script that automatically comes into force.
#!/bin/sh
.$HOME/.profile
cd/echnweb/nginx/sbin
nginx-s reload
echo"open.sh end at"`date+%Y%m%d%H%M%S-d`
5) Nginx server profile: red part, must be in the following order for increasing part, and before Red List configuration file is placed on, blacklist is rear.
Script startup mode:
In server, start timed task:
59****/echnweb/shell/IPmoni/IPcount.sh>>/echnweb/shell/IPmoni/IPcount.log
3****/echnweb/shell/IPmoni/IPblock.sh>>/echnweb/shell/IPmoni/IPblock.log
0,5,10,15,20,25,30,35,40,45,50,55****/echnweb/shell/IPmoni/IPmin.sh>>/echnweb/shell/IPmoni/IPmin.log
2,7,12,17,22,27,32,37,42,47,52,57****/echnweb/shell/IPmoni/ngreload.sh>>/echnweb/shell/IPmoni/ngreload.log
The foregoing is only preferred embodiment of the present invention, in order to limit the present invention, within the spirit and principles in the present invention not all, any amendment of doing, be equal to replacement, improvement etc., within all should being included in protection scope of the present invention.
Claims (8)
1. a method for the dynamic control user behavior based on IP access, is characterized in that, specifically comprises the following steps:
Step 1: receive user's request, the user's that record sends request access log and access times;
Step 2: the IP information in extraction user's access log, is saved in IP information in IP statistics file;
Step 3: judge currently whether have blacklist database, if had, execution step 4; Otherwise, set up blacklist database, execution step 5;
Step 4: the IP information in active user's IP information and blacklist database is contrasted one by one, if coupling judges that active user is disabled user, execution step 7; Otherwise, execution step 5;
Step 5: at interval of certain hour, user's access times in statistics active user's IP statistics file;
Step 6: judge whether described access times are greater than preset value, if so, judge that active user is disabled user, execution step 7; Otherwise, judge that active user is for validated user, execution step 8;
Step 7: disabled user's IP information is deposited in blacklist database, finish;
Step 8: response active user request, return to corresponding information according to active user's request.
2. the method for a kind of dynamic control user behavior based on IP access according to claim 1, it is characterized in that, described blacklist database comprise timing section blacklist and the same day blacklist, described timing section blacklist is effective in setting-up time section, automatically empty all IP information of wherein preserving at interval of setting-up time, IP information to new disabled user is added up again, arranges as new timing section blacklist; Described same day, blacklist was effective the same day, automatically emptied the IP information of wherein preserving every day, and new disabled user's IP information is added up again, arranged as new blacklist on the same day.
3. the method for a kind of dynamic control user behavior based on IP access according to claim 2, is characterized in that, described step 4 specifically comprises the following steps:
Step 4.1: active user's IP information and the IP information in timing section blacklist are contrasted one by one, if coupling judges that active user is disabled user, execution step 7; Otherwise, execution step 4.2;
Step 4.2: the IP information in active user's IP information and same day blacklist is contrasted one by one, if coupling judge that active user is disabled user, perform step 7; Otherwise, execution step 5.
4. according to the method for a kind of dynamic control user behavior based on IP access described in claim 1-3 any one, it is characterized in that, in described step 7, disabled user's IP information is deposited in current timing section blacklist and same day blacklist simultaneously.
5. a system for the dynamic control user behavior based on IP access, comprising: receiver module, extraction module, blacklist database, judge module, access times statistical module and server;
Described receiver module receives user's request, the user's that record sends request access log and access times, and described access log and access times are sent in extraction module;
IP information in described extraction module extraction user's access log, is saved in IP information in IP statistics file, and described IP statistics file is sent in judge module;
Described blacklist database is for storing disabled user's IP information;
Described judge module contrasts the IP information in the IP information in the IP statistics file receiving and blacklist database, and the user of IP information matches is judged as to disabled user, and unmatched IP information IP statistics file is sent to access times statistical module;
Described access times statistical module is at interval of certain hour, user's access times in statistics active user's IP statistics file; If described access times are greater than preset value, judge that active user is disabled user; If access times are not more than preset value, active user's request is sent to server;
Described server response active user request, returns to corresponding information according to active user's request.
6. the system of a kind of dynamic control user behavior based on IP access according to claim 5, it is characterized in that, described blacklist database comprise timing section blacklist and the same day blacklist, described timing section blacklist is effective in setting-up time section, automatically empty all IP information of wherein preserving at interval of setting-up time, IP information to new disabled user is added up again, arranges as new timing section blacklist; Described same day, blacklist was effective the same day, automatically emptied the IP information of wherein preserving every day, and new disabled user's IP information is added up again, arranged as new blacklist on the same day.
7. the system of a kind of dynamic control user behavior based on IP access according to claim 6, it is characterized in that, first described judge module contrasts active user's IP information and the IP information in timing section blacklist one by one, just the IP information in active user's IP information and same day blacklist contrasts one by one again, if there is a coupling, judge that active user is disabled user;
Active user's IP information not with timing section blacklist in IP information matches, while coupling with the IP in same day blacklist again, active user's IP statistics file is sent to access times statistical module by described judge module.
8. according to the system of a kind of dynamic control user behavior based on IP access described in claim 5-7 any one, it is characterized in that, described judge module judges that active user is when the disabled user, and disabled user's IP information is deposited in current timing section blacklist and same day blacklist simultaneously.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410293679.8A CN104065657A (en) | 2014-06-26 | 2014-06-26 | Method for dynamically controlling user behavior based on IP access and system thereof |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410293679.8A CN104065657A (en) | 2014-06-26 | 2014-06-26 | Method for dynamically controlling user behavior based on IP access and system thereof |
Publications (1)
Publication Number | Publication Date |
---|---|
CN104065657A true CN104065657A (en) | 2014-09-24 |
Family
ID=51553188
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410293679.8A Pending CN104065657A (en) | 2014-06-26 | 2014-06-26 | Method for dynamically controlling user behavior based on IP access and system thereof |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104065657A (en) |
Cited By (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104378361A (en) * | 2014-10-24 | 2015-02-25 | 苏州阔地网络科技有限公司 | Network intrusion detection method and system |
CN104618352A (en) * | 2015-01-16 | 2015-05-13 | 沈文策 | Script-based flow anti-brush method and system |
CN105208035A (en) * | 2015-10-09 | 2015-12-30 | 上海瀚银信息技术有限公司 | Accessing operation blocking method and system and server device |
CN105282047A (en) * | 2015-09-25 | 2016-01-27 | 小米科技有限责任公司 | Access request processing method and device |
CN105812378A (en) * | 2016-04-21 | 2016-07-27 | 北京小米移动软件有限公司 | Access request processing method and device |
CN105827608A (en) * | 2016-03-31 | 2016-08-03 | 微梦创科网络科技(中国)有限公司 | Distributed API service abnormal user identification analysis method and reverse agent service gateway |
CN105915497A (en) * | 2015-12-14 | 2016-08-31 | 乐视网信息技术(北京)股份有限公司 | Processing method for user login jump and processing system thereof |
CN106101079A (en) * | 2016-05-31 | 2016-11-09 | 努比亚技术有限公司 | A kind of method and system realizing encrypted signature |
CN106230855A (en) * | 2016-08-30 | 2016-12-14 | 五八同城信息技术有限公司 | Request message treatment method and device |
CN106294406A (en) * | 2015-05-22 | 2017-01-04 | 阿里巴巴集团控股有限公司 | A kind of method and apparatus accessing data for processing application |
CN106302568A (en) * | 2015-05-13 | 2017-01-04 | 厦门美柚信息科技有限公司 | A kind of user behavior evaluation methodology, Apparatus and system |
CN106911697A (en) * | 2017-02-28 | 2017-06-30 | 北京百度网讯科技有限公司 | Access rights method to set up, device, server and storage medium |
CN107436835A (en) * | 2017-06-21 | 2017-12-05 | 北京小度信息科技有限公司 | Access control method and device |
CN107493279A (en) * | 2017-08-15 | 2017-12-19 | 深圳市慧择时代科技有限公司 | The method and device of security protection based on Nginx |
CN108322418A (en) * | 2017-01-16 | 2018-07-24 | 深圳兆日科技股份有限公司 | The detection method and device of unauthorized access |
CN108345808A (en) * | 2017-01-25 | 2018-07-31 | 三星电子株式会社 | Nonvolatile semiconductor memory member and solid state drive including nonvolatile semiconductor memory member |
CN109600254A (en) * | 2018-11-29 | 2019-04-09 | 恒生电子股份有限公司 | The generation method and related system of full link log |
CN109688094A (en) * | 2018-09-07 | 2019-04-26 | 平安科技(深圳)有限公司 | Suspicious IP configuration method, device, equipment and storage medium based on network security |
CN109995732A (en) * | 2017-12-30 | 2019-07-09 | 中国移动通信集团安徽有限公司 | Web portal security access monitoring method, device, equipment and medium |
CN110602137A (en) * | 2019-09-25 | 2019-12-20 | 光通天下网络科技股份有限公司 | Malicious IP and malicious URL intercepting method, device, equipment and medium |
CN110611673A (en) * | 2019-09-18 | 2019-12-24 | 赛尔网络有限公司 | IP credit calculation method, device, electronic equipment and medium |
CN111770044A (en) * | 2019-04-01 | 2020-10-13 | 广州精选速购网络科技有限公司 | Method and device for defending against website attack |
CN113194095A (en) * | 2021-04-29 | 2021-07-30 | 焦点科技股份有限公司 | Crawler flow preposed limiting method based on Nginx |
CN113489726A (en) * | 2021-07-06 | 2021-10-08 | 中国联合网络通信集团有限公司 | Flow limiting method and device |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101404654A (en) * | 2008-10-30 | 2009-04-08 | 中兴通讯股份有限公司 | Apparatus and method for preventing frequent accesses to electronic program menu server by suspicious users |
CN102137111A (en) * | 2011-04-20 | 2011-07-27 | 北京蓝汛通信技术有限责任公司 | Method and device for preventing CC (Challenge Collapsar) attack and content delivery network server |
-
2014
- 2014-06-26 CN CN201410293679.8A patent/CN104065657A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101404654A (en) * | 2008-10-30 | 2009-04-08 | 中兴通讯股份有限公司 | Apparatus and method for preventing frequent accesses to electronic program menu server by suspicious users |
CN102137111A (en) * | 2011-04-20 | 2011-07-27 | 北京蓝汛通信技术有限责任公司 | Method and device for preventing CC (Challenge Collapsar) attack and content delivery network server |
Cited By (34)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN104378361A (en) * | 2014-10-24 | 2015-02-25 | 苏州阔地网络科技有限公司 | Network intrusion detection method and system |
CN104618352A (en) * | 2015-01-16 | 2015-05-13 | 沈文策 | Script-based flow anti-brush method and system |
CN106302568B (en) * | 2015-05-13 | 2019-05-24 | 厦门美柚信息科技有限公司 | A kind of user behavior evaluation method, apparatus and system |
CN106302568A (en) * | 2015-05-13 | 2017-01-04 | 厦门美柚信息科技有限公司 | A kind of user behavior evaluation methodology, Apparatus and system |
CN106294406B (en) * | 2015-05-22 | 2020-04-17 | 阿里巴巴集团控股有限公司 | Method and equipment for processing application access data |
CN106294406A (en) * | 2015-05-22 | 2017-01-04 | 阿里巴巴集团控股有限公司 | A kind of method and apparatus accessing data for processing application |
CN105282047A (en) * | 2015-09-25 | 2016-01-27 | 小米科技有限责任公司 | Access request processing method and device |
CN105208035B (en) * | 2015-10-09 | 2018-08-14 | 上海瀚银信息技术有限公司 | A kind of access operation screen method and system and server apparatus |
CN105208035A (en) * | 2015-10-09 | 2015-12-30 | 上海瀚银信息技术有限公司 | Accessing operation blocking method and system and server device |
CN105915497A (en) * | 2015-12-14 | 2016-08-31 | 乐视网信息技术(北京)股份有限公司 | Processing method for user login jump and processing system thereof |
CN105827608A (en) * | 2016-03-31 | 2016-08-03 | 微梦创科网络科技(中国)有限公司 | Distributed API service abnormal user identification analysis method and reverse agent service gateway |
CN105827608B (en) * | 2016-03-31 | 2019-02-12 | 微梦创科网络科技(中国)有限公司 | Distributed API service abnormal user identifying and analyzing method and reverse proxy gateway |
CN105812378A (en) * | 2016-04-21 | 2016-07-27 | 北京小米移动软件有限公司 | Access request processing method and device |
CN106101079A (en) * | 2016-05-31 | 2016-11-09 | 努比亚技术有限公司 | A kind of method and system realizing encrypted signature |
CN106230855A (en) * | 2016-08-30 | 2016-12-14 | 五八同城信息技术有限公司 | Request message treatment method and device |
CN108322418A (en) * | 2017-01-16 | 2018-07-24 | 深圳兆日科技股份有限公司 | The detection method and device of unauthorized access |
CN108345808A (en) * | 2017-01-25 | 2018-07-31 | 三星电子株式会社 | Nonvolatile semiconductor memory member and solid state drive including nonvolatile semiconductor memory member |
CN108345808B (en) * | 2017-01-25 | 2021-12-31 | 三星电子株式会社 | Nonvolatile memory device and solid state drive including the same |
CN106911697A (en) * | 2017-02-28 | 2017-06-30 | 北京百度网讯科技有限公司 | Access rights method to set up, device, server and storage medium |
CN107436835A (en) * | 2017-06-21 | 2017-12-05 | 北京小度信息科技有限公司 | Access control method and device |
CN107436835B (en) * | 2017-06-21 | 2020-09-08 | 北京星选科技有限公司 | Access control method and device |
CN107493279A (en) * | 2017-08-15 | 2017-12-19 | 深圳市慧择时代科技有限公司 | The method and device of security protection based on Nginx |
CN107493279B (en) * | 2017-08-15 | 2019-12-17 | 深圳市慧择时代科技有限公司 | nginx-based safety protection method and device |
CN109995732A (en) * | 2017-12-30 | 2019-07-09 | 中国移动通信集团安徽有限公司 | Web portal security access monitoring method, device, equipment and medium |
CN109688094A (en) * | 2018-09-07 | 2019-04-26 | 平安科技(深圳)有限公司 | Suspicious IP configuration method, device, equipment and storage medium based on network security |
CN109688094B (en) * | 2018-09-07 | 2022-05-17 | 平安科技(深圳)有限公司 | Suspicious IP configuration method, device, equipment and storage medium based on network security |
CN109600254A (en) * | 2018-11-29 | 2019-04-09 | 恒生电子股份有限公司 | The generation method and related system of full link log |
CN111770044A (en) * | 2019-04-01 | 2020-10-13 | 广州精选速购网络科技有限公司 | Method and device for defending against website attack |
CN110611673B (en) * | 2019-09-18 | 2021-08-31 | 赛尔网络有限公司 | IP credit calculation method, device, electronic equipment and medium |
CN110611673A (en) * | 2019-09-18 | 2019-12-24 | 赛尔网络有限公司 | IP credit calculation method, device, electronic equipment and medium |
CN110602137A (en) * | 2019-09-25 | 2019-12-20 | 光通天下网络科技股份有限公司 | Malicious IP and malicious URL intercepting method, device, equipment and medium |
CN113194095A (en) * | 2021-04-29 | 2021-07-30 | 焦点科技股份有限公司 | Crawler flow preposed limiting method based on Nginx |
CN113194095B (en) * | 2021-04-29 | 2022-05-31 | 焦点科技股份有限公司 | Crawler flow preposed limiting method based on Nginx |
CN113489726A (en) * | 2021-07-06 | 2021-10-08 | 中国联合网络通信集团有限公司 | Flow limiting method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104065657A (en) | Method for dynamically controlling user behavior based on IP access and system thereof | |
US9769250B2 (en) | Fight-through nodes with disposable virtual machines and rollback of persistent state | |
US8850587B2 (en) | Network security scanner for enterprise protection | |
US8776241B2 (en) | Automatic analysis of security related incidents in computer networks | |
TWI453624B (en) | Information security protection host | |
CN111274583A (en) | Big data computer network safety protection device and control method thereof | |
CN104065644A (en) | Method and apparatus for recognizing CC attacks based on log analysis | |
US9165136B1 (en) | Supervising execution of untrusted code | |
CN103023984B (en) | Terminal application server and application log filtering method thereof | |
CN103294950A (en) | High-power secret information stealing malicious code detection method and system based on backward tracing | |
US20200137087A1 (en) | Methods and cloud-based systems for detecting malwares by servers | |
US11303653B2 (en) | Network threat detection and information security using machine learning | |
CN105610851A (en) | Method and system for defending distributed denial of service (DDoS) attack | |
CN104021015A (en) | E-bank website access method and browser | |
CN106339629A (en) | Application management method and device | |
CN102208002A (en) | Novel computer virus scanning and killing device | |
CN111191243A (en) | Vulnerability detection method and device and storage medium | |
CN114065196A (en) | Java memory horse detection method and device, electronic equipment and storage medium | |
CN104426836A (en) | Invasion detection method and device | |
CN116208432B (en) | Web application security probe management method, system, electronic equipment and storage medium | |
CN109981573B (en) | Security event response method and device | |
CN104468818A (en) | Service processing system and method for internet of things | |
EP3819799B1 (en) | Method of threat detection | |
CN115001724B (en) | Network threat intelligence management method, device, computing equipment and computer readable storage medium | |
CN100414889C (en) | Intermediate system used for distinguishing and tracing user |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20140924 |
|
RJ01 | Rejection of invention patent application after publication |