CN105610812A - Method and device for preventing hijacking of webpage - Google Patents
Method and device for preventing hijacking of webpage Download PDFInfo
- Publication number
- CN105610812A CN105610812A CN201510983406.0A CN201510983406A CN105610812A CN 105610812 A CN105610812 A CN 105610812A CN 201510983406 A CN201510983406 A CN 201510983406A CN 105610812 A CN105610812 A CN 105610812A
- Authority
- CN
- China
- Prior art keywords
- address
- reference index
- webpage
- domain name
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
Abstract
The invention relates to a method and a device for preventing hijacking of a webpage.The method comprises the following steps of obtaining a user domain name request instruction; parsing the user domain name request instruction to obtain a first IP (Internet Protocol) address and a second IP address; utilizing the first IP address and the second IP address to obtain a reference index; and according to the reference index, notifying a client side of display of a correctpage, thereby realizing preventing the hijacking of the webpage.
Description
Technical field
The present invention relates to network security technology field, particularly method and the device of the anti-abduction of a kind of webpage.
Background technology
Along with the universal and development of internet and network application, a large amount of assaults is following, particularly for internetNetwork attack. Wherein, distort the general gimmick that web page files is assault. Webpage tamper attack is inspection in advance oftenIt is more difficult to look into and take precautions against in real time, is difficult to trace responsibility because network environment is complicated, and attack tool is simple and to intelligent development.Although have the safety means such as fire wall, intruding detection system as safety precaution means at present, Web application is attacked and is different fromOther attack patterns, are difficult to be detected by traditional safety means, can easily break through the protection of fire wall and intrusion detection.The simple traditional Network Security Devices such as fire wall and intruding detection system that rely on cannot effectively be taken precautions against webpage tamper attack.
Summary of the invention
The main purpose of the embodiment of the present invention is to propose method and the device of the anti-abduction of a kind of webpage, overcomes common abduction and asksTopic, such as DNS is held as a hostage, page jump is walked or the page goes out operator's advertisement etc.
For achieving the above object, the invention provides the method for the anti-abduction of a kind of webpage, comprising:
Obtain user's domain name request instruction;
User's domain name request instruction is resolved, obtain an IP address and the 2nd IP address;
Utilize an IP address and the 2nd IP address to obtain reference index;
Show the correct page according to reference index in client, realize the anti-abduction of webpage.
In one embodiment, reference index is whether an IP address is identical with the 2nd IP address.
In one embodiment, reference index obtaining step comprises:
Obtain an IP address from business name server, obtain the 2nd IP address from client;
Relatively whether an IP address is identical with the 2nd IP address, and comparative result is reference index.
In one embodiment, show that according to reference index notice client the step of the correct page is specially:
With the 2nd IP address when not identical, judge that user's domain name is held as a hostage in an IP address, notice client shows firstThe webpage that IP address is corresponding; Otherwise, judge that user's domain name is not held as a hostage, notice client shows an IP address correspondenceWebpage or the 2nd webpage corresponding to IP address.
In one embodiment, reference index is whether web page characteristics information corresponding to the 2nd IP address is in white list.
In one embodiment, reference index obtaining step comprises:
By the dom tree of webpage corresponding to JavaScript engine scanning the 2nd IP address;
The web page characteristics information that scanning is obtained is compared with the information in white list, judges the webpage spy that the 2nd IP address is correspondingWhether reference breath is in white list, and comparative result is reference index.
In one embodiment, show that according to reference index notice client the step of the correct page is specially:
Web page characteristics information corresponding to the 2nd IP address, not in white list, judges that user's domain name is held as a hostage, notice clientShow a webpage corresponding to IP address; Otherwise notice client shows the 2nd webpage corresponding to IP address.
Accordingly, for achieving the above object, the present invention also provides the device of the anti-abduction of a kind of webpage, comprising:
Domain name request acquiring unit, for obtaining user's domain name request instruction;
Domain name mapping unit, for user's domain name request instruction is resolved, obtains an IP address and the 2nd IP address;
Reference index acquiring unit, for utilizing an IP address and the 2nd IP address to obtain reference index;
Anti-abduction unit, for showing the correct page according to reference index notice client, realizes the anti-abduction of webpage.
In one embodiment, the reference index that reference index acquiring unit is obtained is whether phase of an IP address and the 2nd IP addressWith.
In one embodiment, reference index acquiring unit comprises:
Initialization module, for obtain an IP address from business name server, obtains the 2nd IP address from client;
IP address comparison module, for relatively whether an IP address is identical with the 2nd IP address, comparative result is with reference to referring toMark.
In one embodiment, anti-abduction unit specifically for:
With the 2nd IP address when not identical, judge that user's domain name is held as a hostage in an IP address, notice client shows firstThe webpage that IP address is corresponding; Otherwise, judge that user's domain name is not held as a hostage, notice client shows an IP address correspondenceWebpage or the 2nd webpage corresponding to IP address.
In one embodiment, the reference index that reference index acquiring unit is obtained is web page characteristics information corresponding to the 2nd IP addressWhether in white list.
In one embodiment, reference index acquiring unit comprises:
Scan module, for setting by the dom of webpage corresponding to JavaScript engine scanning the 2nd IP address;
Web page characteristics information comparison module, compares with the information in white list for the web page characteristics information that scanning is obtained,Judge that web page characteristics information corresponding to the 2nd IP address is whether in white list, comparative result is reference index.
In one embodiment, anti-abduction unit specifically for:
Web page characteristics information corresponding to the 2nd IP address, not in white list, judges that user's domain name is held as a hostage, notice clientShow a webpage corresponding to IP address; Otherwise notice client shows the 2nd webpage corresponding to IP address.
Technique scheme has following beneficial effect:
The technical program is by the analysis result of the analysis result of operator domain name resolution server and business domain name resolution serverContrast, judges whether User DN S is held as a hostage, and can eradicate domain name mapping abnormal, while avoiding User DN S to be held as a hostage, causesNormally access service situation occur.
In addition, the technical program can also be by the dom tree of webpage corresponding to JavaScript engine scans I P address; WillThe information obtained of scanning is compared with the information in white list, judges that webpage corresponding to IP address is whether in white list, therebyObtain page-out and whether be tampered and kidnap, can effectively avoid content of pages to be tampered.
Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to better understand technological means of the present invention, and canContent according to description is implemented, and for allow above and other objects of the present invention, feature and advantage can be brighterAobvious understandable, below especially exemplified by the specific embodiment of the present invention.
Brief description of the drawings
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, below will be to embodiment or existing skillIn art description, the accompanying drawing of required use is briefly described, and apparently, the accompanying drawing in the following describes is only the present inventionSome embodiment, for those of ordinary skill in the art, do not paying under the prerequisite of creative work, can also rootObtain other accompanying drawing according to these accompanying drawings.
Fig. 1 illustrates the method flow diagram of the anti-abduction of a kind of webpage;
Fig. 2 illustrates one of reference index obtaining step flow chart;
Fig. 3 illustrates one of anti-abduction schematic diagram of the present embodiment;
Fig. 4 illustrates two of reference index obtaining step flow chart;
Fig. 5 illustrate the present embodiment abduction schematic diagram two;
Fig. 6 illustrates the device block diagram of the anti-abduction of a kind of webpage;
Fig. 7 illustrates one of reference index acquiring unit functional block diagram in this device;
Fig. 8 illustrates two of reference index acquiring unit functional block diagram in this device;
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clearly and completelyDescribe, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiment. Based on thisEmbodiment in invention, those of ordinary skill in the art are not making the every other reality obtaining under creative work prerequisiteExecute example, all belong to the scope of protection of the invention.
The embodiment of the present invention provides method and the device of the anti-abduction of a kind of webpage. Below in conjunction with accompanying drawing, the present invention is carried out in detailExplanation.
The embodiment of the present invention provides the method for the anti-abduction of a kind of webpage, as shown in Figure 1. Comprise:
Step S101: obtain user's domain name request instruction;
Step S102: user's domain name request instruction is resolved, obtain an IP address and the 2nd IP address;
Step S103: utilize an IP address and the 2nd IP address to obtain reference index;
Step S104: show the correct page according to reference index notice client, realize the anti-abduction of webpage.
Accordingly, the present invention also provides the device of the anti-abduction of a kind of webpage, as shown in Figure 6. Comprise:
Domain name request acquiring unit 601, for obtaining user's domain name request instruction;
Domain name mapping unit 602, for user's domain name request instruction is resolved, obtains an IP address and the 2nd IP address;
Reference index acquiring unit 603, for utilizing an IP address and the 2nd IP address to obtain reference index;
Anti-abduction unit 604, for showing the correct page according to reference index notice client, realizes the anti-abduction of webpage.
In one embodiment, reference index is whether an IP address is identical with the 2nd IP address. As shown in Figure 2, for reference refers toOne of mark obtaining step flow chart. Step comprises:
Step S1031: obtain an IP address from business name server, obtain the 2nd IP address from client;
Step S1032: relatively whether an IP address is identical with the 2nd IP address, and comparative result is reference index.
Correspondingly, show that in client the step of the correct page is specially according to reference index:
With the 2nd IP address when not identical, judge that user's domain name is held as a hostage in an IP address, notice client shows firstThe webpage that IP address is corresponding; Otherwise, judge that user's domain name is not held as a hostage, notice client shows an IP address correspondenceWebpage or the 2nd webpage corresponding to IP address.
Accordingly, in same embodiment, for virtual bench, the reference that reference index acquiring unit 603 is obtainedIndex is whether an IP address is identical with the 2nd IP address. As shown in Figure 7, be the merit of reference index acquiring unit in this deviceOne of energy block diagram. Comprise:
Initialization module 6031, for obtain an IP address from business name server, obtains the 2nd IP ground from clientLocation;
IP address comparison module 6032, for relatively whether an IP address is identical with the 2nd IP address, comparative result is ginsengExamine index.
In like manner, anti-abduction unit 604 specifically for:
With the 2nd IP address when not identical, judge that user's domain name is held as a hostage in an IP address, notice client shows firstThe webpage that IP address is corresponding; Otherwise, judge that user's domain name is not held as a hostage, notice client shows an IP address correspondenceWebpage or the 2nd webpage corresponding to IP address.
As shown in Figure 3, user input fields name " M.haosou.com ", operator DNS server and business DNS serviceDevice all obtains this domain name, and it is right that operator DNS server obtains domain name " M.haosou.com " according to the domain name mapping table of selfThe IP address of answering is 127.0.0.1, and business dns server obtains domain name " M.haosou.com " according to the domain name mapping table of selfCorresponding IP address is 125.88.193.213, and the IP address parsing is back to operator DNS by business dns serverServer, and operator DNS server is not that the page that 125.88.193.213 is corresponding is back to client by IP addressEnd, but be that the corresponding webpage of 127.0.0.1 is back to client by IP address, secure domain name resolution server obtains fortuneThe IP address that the business of battalion dns server returns, judges whether distort this IP address, and the process judging is: from businessOn dns server, obtain the IP address of parsing, by the IP address obtaining from client with obtain from business dns serverThe IP address of getting contrasts, if IP address is identical, there is not DNS and distorts, if IP address is not identical,DNS has occurred to be distorted. In this case, secure domain name resolution server is that 125.88.193.213 returns by IP addressTo client, client shows that IP address is the corresponding webpage of 125.88.193.213.
From above-described embodiment, the IP that the technical program can be obtained according to user provides best parsing scheme, thereby ensuresThe normal access service of user, reduces the possibility that company's key benefits are encroached on.
In another embodiment, reference index is whether web page characteristics information corresponding to the 2nd IP address is in white list. As figureShown in 4, it is two of reference index obtaining step flow chart. Comprise:
Step S1031 ': by the dom tree of webpage corresponding to JavaScript engine scanning the 2nd IP address;
Step S1032 ': the web page characteristics information that scanning is obtained is compared with the information in white list, judges the 2nd IP addressWhether corresponding web page characteristics information is in white list, and comparative result is reference index.
Correspondingly, show that in client the step of the correct page is specially according to reference index:
Web page characteristics information corresponding to the 2nd IP address, not in white list, judges that user's domain name is held as a hostage, and notifies clientEnd shows a webpage corresponding to IP address; Otherwise notice client shows the 2nd webpage corresponding to IP address.
Accordingly, in same embodiment, for virtual bench, the reference that reference index acquiring unit 603 is obtainedIndex is whether web page characteristics information corresponding to the 2nd IP address is in white list. As shown in Figure 8, be reference index in this deviceTwo of the functional block diagram of acquiring unit. Reference index acquiring unit 603 comprises:
Scan module 6031 ', for setting by the dom of webpage corresponding to JavaScript engine scanning the 2nd IP address;
Web page characteristics information comparison module 6032 ', for web page characteristics information that scanning is obtained compared with information in white list, judge that web page characteristics information corresponding to the 2nd IP address is whether in white list, comparative result is reference index.
In like manner, anti-abduction unit 604 specifically for:
Web page characteristics information corresponding to the 2nd IP address, not in white list, judges that user's domain name is held as a hostage, notice clientShow a webpage corresponding to IP address; Otherwise notice client shows the 2nd webpage corresponding to IP address.
For the present embodiment, when user is in search column " degree of supercooling ", according to this keyword, produce user's domain name requestInstruction, business domain name resolution server obtains corresponding IP address according to this request instruction. In client, according to this IP groundLocation shows corresponding webpage. But actual generation of webpage distorted, the webpage showing in client as shown in Figure 5. Now,The dom tree of the webpage that client front end JavaScript engine scans I P address is corresponding, by the web page characteristics information of obtaining withInformation in white list compares, and finds that this info web does not appear in white list, can know now clientThe webpage showing has occurred to distort. Show the result of makeing mistakes in order to revise, need to be by webpage corresponding an IP address visitorOn the end of family, show, can occur normal info web.
Described from above-described embodiment, the technical program needs to go scanning objective in the free time after page main body has loadedThe page info that family end shows, and then carry out correction process, client shows the ageing not strong of the correct page. For overcomingThis situation, through once anti-abduction, web page characteristics information corresponding to known the 2nd IP address being tampered is for illegally distortingInformation, directly JavaScript engine is scanned to the web page characteristics information of obtaining as foundation, produce again " degree of supercooling " laterWhen corresponding domain name mapping, just directly judge the page whether similar distorting in the past occurs. In the time occurring similarly distorting,Can not be used in client and demonstrate the page being tampered, directly demonstrate correct page info in client. Like this, noOnly ensureing on the basis of user normal access service, promoting user's Experience Degree and ageing.
From above-mentioned two embodiment, the technical program can reduce the possibility that company's key benefits are encroached on, and ensuresThe Experience Degree of the normal access service of user.
In the description that provided herein, a large amount of details are described. But, can understand embodiments of the inventionCan in the situation that there is no these details, put into practice. In some instances, be not shown specifically known method, structureAnd technology, so that not fuzzy understanding of this description.
Similarly, should be appreciated that in order to simplify the disclosure and to help to understand one or more in each inventive aspect, upperIn the face of in the description of exemplary embodiment of the present invention, each feature of the present invention be sometimes grouped together into single embodiment,Figure or in its description. But, the method for the disclosure should be construed to the following intention of reflection: require to protectThe present invention who protects requires than the more feature of the feature of clearly recording in each claim. Or rather, as belowClaims reflect like that, inventive aspect is to be less than all features of disclosed single embodiment above. Therefore,Claims of following detailed description of the invention are incorporated to this detailed description of the invention thus clearly, wherein each claim itselfAll as independent embodiment of the present invention.
Those skilled in the art are appreciated that and can adaptively change the module in the equipment in embodimentAnd they are arranged in one or more equipment different from this embodiment. Can be the module in embodiment or unit orAssembly is combined into a module or unit or assembly, and can put them in addition multiple submodules or subelement or subgroupPart. At least some in such feature and/or process or unit are, mutually repelling, can adopt any combinationTo disclosed all features in this description (comprising claim, summary and the accompanying drawing followed) and so disclosed anyAll processes or the unit of method or equipment combine. Unless clearly statement in addition, this description (comprises the power of followingProfit requirement, summary and accompanying drawing) in disclosed each feature can be by providing identical, be equal to or the alternative features of similar object is comeReplace.
In addition, although those skilled in the art will appreciate that embodiment more described herein comprise institute in other embodimentSome feature instead of the further feature that comprise, but the combination of the feature of different embodiment means in scope of the present inventionWithin and form different embodiment. For example, in claims, embodiment required for protection one of any allCan use with combination arbitrarily.
All parts embodiment of the present invention can realize with hardware, or soft with what move on one or more processorPart module realizes, or realizes with their combination. It will be understood by those of skill in the art that can use in practice micro-Processor or digital signal processor (DSP) are realized according to location, image border in the natural background of the embodiment of the present inventionThe some or all functions of the some or all parts in device. The present invention can also be embodied as for carry out retouch hereThe equipment of part or all of the method for stating or device program (for example, computer program and computer program).Realizing program of the present invention and can be stored on computer-readable medium like this, or can there is one or more signalForm. Such signal can be downloaded and obtain from internet website, or provides on carrier signal, or with anyOther forms provide.
It should be noted above-described embodiment the present invention will be described instead of limit the invention, and this area skillArt personnel can design alternative embodiment in the case of not departing from the scope of claims. In the claims, should notAny reference symbol between bracket is configured to limitations on claims. Word " comprises " not to be got rid of existence and is not listed asElement in the claims or step. Be positioned at word " " before element or " one " do not get rid of exist so multipleElement. The present invention can be by means of including the hardware of some different elements and coming real by means of the computer of suitably programmingExisting. In the unit claim of having enumerated some devices, several in these devices can be by same hardware branchCarry out imbody. The use of word first, second and C grade does not represent any order. Can be by these word explanationsTitle.
So far, although those skilled in the art will appreciate that and detailedly herein illustrate and described of the present invention multiple exemplaryEmbodiment, still, without departing from the spirit and scope of the present invention, still can be directly true according to content disclosed by the inventionFixed or derive many other modification or the amendment that meet the principle of the invention. Therefore, scope of the present invention should be understood and assertFor having covered all these other modification or amendments.
Based on one aspect of the present invention, embodiments of the invention disclose:
The method of A1, the anti-abduction of a kind of webpage, is characterized in that, comprising:
Obtain user's domain name request instruction;
Described user's domain name request instruction is resolved, obtain an IP address and the 2nd IP address;
Utilize a described IP address and the 2nd IP address to obtain reference index;
Show the correct page according to described reference index notice client, realize the anti-abduction of webpage.
A2, method as described in claim A1, is characterized in that, described reference index is an IP address and the 2nd IP groundWhether location is identical.
A3, method as described in claim A2, is characterized in that, described reference index obtaining step comprises:
Obtain an IP address from business name server, obtain the 2nd IP address from client;
Whether a more described IP address is identical with described the 2nd IP address, and comparative result is reference index.
A4, method as described in claim A3, is characterized in that, describedly shows according to described reference index notice clientThe step of the correct page is specially:
With the 2nd IP address when not identical, judge that user's domain name is held as a hostage, described in notice client shows in an IP addressThe one webpage corresponding to IP address; Otherwise, judge that user's domain name is not held as a hostage, notice client shows a described IPThe webpage that address is corresponding or described the 2nd webpage corresponding to IP address.
A5, method as described in claim A1, is characterized in that, described reference index is the 2nd webpage corresponding to IP addressWhether characteristic information is in white list.
A6, method as described in claim A5, is characterized in that, described reference index obtaining step comprises:
By the dom tree of webpage corresponding to JavaScript engine scanning the 2nd IP address;
The web page characteristics information that scanning is obtained is compared with the information in white list, judges described the 2nd net corresponding to IP addressWhether page characteristic information is in described white list, and comparative result is reference index.
A7, method as described in claim A6, is characterized in that, describedly shows according to described reference index notice clientThe step of the correct page is specially:
Web page characteristics information corresponding to described the 2nd IP address, not in described white list, judges that user's domain name is held as a hostage, logicalKnow that client shows a described webpage corresponding to IP address; Otherwise client shows described the 2nd webpage corresponding to IP address.
The device of B8, the anti-abduction of a kind of webpage, is characterized in that, comprising:
Domain name request acquiring unit, for obtaining user's domain name request instruction;
Domain name mapping unit, for described user's domain name request instruction is resolved, obtains an IP address and the 2nd IP groundLocation;
Reference index acquiring unit, for utilizing a described IP address and the 2nd IP address to obtain reference index;
Anti-abduction unit, for showing the correct page according to described reference index notice client, realizes the anti-abduction of webpage.
B9, device as described in claim B8, is characterized in that the reference index that described reference index acquiring unit is obtainedBe whether an IP address is identical with the 2nd IP address.
B10, device as described in claim B9, is characterized in that, described reference index acquiring unit comprises:
Initialization module, for obtain an IP address from business name server, obtains the 2nd IP address from client;
IP address comparison module, whether identical with described the 2nd IP address for a more described IP address, comparative resultFor reference index.
B11, device as described in claim B10, is characterized in that, described anti-abduction unit specifically for:
With the 2nd IP address when not identical, judge that user's domain name is held as a hostage, described in notice client shows in an IP addressThe one webpage corresponding to IP address; Otherwise, judge that user's domain name is not held as a hostage, notice client shows a described IPThe webpage that address is corresponding or described the 2nd webpage corresponding to IP address.
B12, device as described in claim B8, is characterized in that, the reference that described reference index acquiring unit is obtained refers toBe designated as web page characteristics information corresponding to the 2nd IP address whether in white list.
B13, device as described in claim B12, is characterized in that, described reference index acquiring unit comprises:
Scan module, for setting by the dom of webpage corresponding to JavaScript engine scanning the 2nd IP address;
Web page characteristics information comparison module, compares with the information in white list for the web page characteristics information that scanning is obtained,Judge that web page characteristics information corresponding to described the 2nd IP address is whether in described white list, comparative result is reference index.
B14, device as described in claim B13, is characterized in that, described anti-abduction unit specifically for:
Web page characteristics information corresponding to described the 2nd IP address, not in described white list, judges that user's domain name is held as a hostage, logicalKnow that client shows a described webpage corresponding to IP address; Otherwise notice client shows described the 2nd IP address correspondenceWebpage.
Above detailed description of the invention, further describes object of the present invention, technical scheme and beneficial effect,Institute it should be understood that and these are only the specific embodiment of the present invention, the protection domain being not intended to limit the present invention,Within the spirit and principles in the present invention all, any amendment of making, be equal to replacement, improvement etc., all should be included in the present inventionProtection domain within.
Claims (10)
1. a method for the anti-abduction of webpage, is characterized in that, comprising:
Obtain user's domain name request instruction;
Described user's domain name request instruction is resolved, obtain an IP address and the 2nd IP address;
Utilize a described IP address and the 2nd IP address to obtain reference index;
Show the correct page according to described reference index notice client, realize the anti-abduction of webpage.
2. the method for claim 1, is characterized in that, described reference index is an IP address and the 2nd IP addressWhether identical.
3. method as claimed in claim 2, is characterized in that, described reference index obtaining step comprises:
Obtain an IP address from business name server, obtain the 2nd IP address from client;
Whether a more described IP address is identical with described the 2nd IP address, and comparative result is reference index.
4. method as claimed in claim 3, is characterized in that, is describedly just showing according to described reference index notice clientThe step of the true page is specially:
With the 2nd IP address when not identical, judge that user's domain name is held as a hostage, described in notice client shows in an IP addressThe one webpage corresponding to IP address; Otherwise, judge that user's domain name is not held as a hostage, notice client shows a described IPThe webpage that address is corresponding or described the 2nd webpage corresponding to IP address.
5. the method for claim 1, is characterized in that, described reference index is webpage spy corresponding to the 2nd IP addressWhether reference breath is in white list.
6. method as claimed in claim 5, is characterized in that, described reference index obtaining step comprises:
By the dom tree of webpage corresponding to JavaScript engine scanning the 2nd IP address;
The web page characteristics information that scanning is obtained is compared with the information in white list, judges described the 2nd net corresponding to IP addressWhether page characteristic information is in described white list, and comparative result is reference index.
7. method as claimed in claim 6, is characterized in that, is describedly just showing according to described reference index notice clientThe step of the true page is specially:
Web page characteristics information corresponding to described the 2nd IP address, not in described white list, judges that user's domain name is held as a hostage, logicalKnow that client shows a described webpage corresponding to IP address; Otherwise client shows described the 2nd webpage corresponding to IP address.
8. a device for the anti-abduction of webpage, is characterized in that, comprising:
Domain name request acquiring unit, for obtaining user's domain name request instruction;
Domain name mapping unit, for described user's domain name request instruction is resolved, obtains an IP address and the 2nd IP groundLocation;
Reference index acquiring unit, for utilizing a described IP address and the 2nd IP address to obtain reference index;
Anti-abduction unit, for showing the correct page according to described reference index notice client, realizes the anti-abduction of webpage.
9. device as claimed in claim 8, is characterized in that, the reference index that described reference index acquiring unit is obtained isWhether the one IP address is identical with the 2nd IP address.
10. device as claimed in claim 9, is characterized in that, described reference index acquiring unit comprises:
Initialization module, for obtain an IP address from business name server, obtains the 2nd IP address from client;
IP address comparison module, whether identical with described the 2nd IP address for a more described IP address, comparative resultFor reference index.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510983406.0A CN105610812B (en) | 2015-12-24 | 2015-12-24 | Method and device for preventing webpage from being hijacked |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510983406.0A CN105610812B (en) | 2015-12-24 | 2015-12-24 | Method and device for preventing webpage from being hijacked |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105610812A true CN105610812A (en) | 2016-05-25 |
| CN105610812B CN105610812B (en) | 2019-12-06 |
Family
ID=55990350
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510983406.0A Active CN105610812B (en) | 2015-12-24 | 2015-12-24 | Method and device for preventing webpage from being hijacked |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105610812B (en) |
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106230864A (en) * | 2016-09-22 | 2016-12-14 | 安徽云图信息技术有限公司 | Website security detection system |
| CN107979611A (en) * | 2017-12-18 | 2018-05-01 | 北京奇艺世纪科技有限公司 | The decision method and device that a kind of file is kidnapped |
| CN108494728A (en) * | 2018-02-07 | 2018-09-04 | 平安普惠企业管理有限公司 | Blacklist base establishing method, device, equipment and the medium for preventing flow from kidnapping |
| CN108494762A (en) * | 2018-03-15 | 2018-09-04 | 广州优视网络科技有限公司 | Web access method, device and computer readable storage medium, terminal |
| CN112511499A (en) * | 2020-11-12 | 2021-03-16 | 视若飞信息科技(上海)有限公司 | Method and device for processing AIT in HBBTV terminal |
| CN113094619A (en) * | 2021-04-22 | 2021-07-09 | 杭州推啊网络科技有限公司 | Method and system for detecting cheating returned by advertisement landing page |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102685074A (en) * | 2011-03-14 | 2012-09-19 | 国基电子(上海)有限公司 | Anti-phishing network communication system and method |
| CN103118026A (en) * | 2013-02-01 | 2013-05-22 | 北京奇虎科技有限公司 | Method and device for displaying web address security identification information |
| CN103401836A (en) * | 2013-07-01 | 2013-11-20 | 北京卓易讯畅科技有限公司 | Method and device used for judging whether webpage is hijacked by ISP (internet service provider) or not |
| CN103825895A (en) * | 2014-02-24 | 2014-05-28 | 联想(北京)有限公司 | Information processing method and electronic device |
| CN103916490A (en) * | 2014-04-03 | 2014-07-09 | 深信服网络科技(深圳)有限公司 | DNS tamper-proof method and device |
-
2015
- 2015-12-24 CN CN201510983406.0A patent/CN105610812B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102685074A (en) * | 2011-03-14 | 2012-09-19 | 国基电子(上海)有限公司 | Anti-phishing network communication system and method |
| CN103118026A (en) * | 2013-02-01 | 2013-05-22 | 北京奇虎科技有限公司 | Method and device for displaying web address security identification information |
| CN103401836A (en) * | 2013-07-01 | 2013-11-20 | 北京卓易讯畅科技有限公司 | Method and device used for judging whether webpage is hijacked by ISP (internet service provider) or not |
| CN103825895A (en) * | 2014-02-24 | 2014-05-28 | 联想(北京)有限公司 | Information processing method and electronic device |
| CN103916490A (en) * | 2014-04-03 | 2014-07-09 | 深信服网络科技(深圳)有限公司 | DNS tamper-proof method and device |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106230864A (en) * | 2016-09-22 | 2016-12-14 | 安徽云图信息技术有限公司 | Website security detection system |
| CN107979611A (en) * | 2017-12-18 | 2018-05-01 | 北京奇艺世纪科技有限公司 | The decision method and device that a kind of file is kidnapped |
| CN108494728A (en) * | 2018-02-07 | 2018-09-04 | 平安普惠企业管理有限公司 | Blacklist base establishing method, device, equipment and the medium for preventing flow from kidnapping |
| CN108494762A (en) * | 2018-03-15 | 2018-09-04 | 广州优视网络科技有限公司 | Web access method, device and computer readable storage medium, terminal |
| CN112511499A (en) * | 2020-11-12 | 2021-03-16 | 视若飞信息科技(上海)有限公司 | Method and device for processing AIT in HBBTV terminal |
| CN112511499B (en) * | 2020-11-12 | 2023-03-24 | 视若飞信息科技(上海)有限公司 | Method and device for processing AIT in HBBTV terminal |
| CN113094619A (en) * | 2021-04-22 | 2021-07-09 | 杭州推啊网络科技有限公司 | Method and system for detecting cheating returned by advertisement landing page |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105610812B (en) | 2019-12-06 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105610812A (en) | Method and device for preventing hijacking of webpage | |
| US9215242B2 (en) | Methods and systems for preventing unauthorized acquisition of user information | |
| US8370407B1 (en) | Systems providing a network resource address reputation service | |
| US8533581B2 (en) | Optimizing security seals on web pages | |
| US20070130327A1 (en) | Browser system and method for warning users of potentially fraudulent websites | |
| US11496512B2 (en) | Detecting realtime phishing from a phished client or at a security server | |
| US20090328208A1 (en) | Method and apparatus for preventing phishing attacks | |
| US20130007870A1 (en) | Systems for bi-directional network traffic malware detection and removal | |
| Castiglione et al. | Security and privacy issues in the Portable Document Format | |
| US11960604B2 (en) | Online assets continuous monitoring and protection | |
| CN102739653B (en) | Detection method and device aiming at webpage address | |
| US9521157B1 (en) | Identifying and assessing malicious resources | |
| US20160323107A1 (en) | Secure Optical Codes for Accessing Content | |
| WO2012101623A1 (en) | Web element spoofing prevention system and method | |
| CN109587122B (en) | System and method for realizing self-guarantee of Web subsystem security based on WAF system function | |
| US11164052B2 (en) | Image processing of webpages | |
| Le Pochat et al. | Funny accents: Exploring genuine interest in internationalized domain names | |
| CN103685274A (en) | Method and device for protecting websites | |
| CN104717226A (en) | Method and device for detecting website address | |
| CN103577188B (en) | The method and device of defence cross-site scripting attack | |
| CN105515882A (en) | Website security detection method and website security detection device | |
| CN107341375A (en) | A kind of method and system for the attacker that traced to the source based on Web page picture secret mark | |
| US20150365434A1 (en) | Rotation of web site content to prevent e-mail spam/phishing attacks | |
| CN105516053A (en) | Website security detection method and website security detection device | |
| Albalawi et al. | The Reality of Internet Infrastructure and Services Defacement: A Second Look at Characterizing Web-Based Vulnerabilities |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220720 Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
| TR01 | Transfer of patent right |