CN105610812B - Method and device for preventing webpage from being hijacked - Google Patents
Method and device for preventing webpage from being hijacked Download PDFInfo
- Publication number
- CN105610812B CN105610812B CN201510983406.0A CN201510983406A CN105610812B CN 105610812 B CN105610812 B CN 105610812B CN 201510983406 A CN201510983406 A CN 201510983406A CN 105610812 B CN105610812 B CN 105610812B
- Authority
- CN
- China
- Prior art keywords
- address
- webpage
- domain name
- client
- reference index
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/09—Mapping addresses
- H04L61/10—Mapping addresses of different types
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H04L61/4505—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
- H04L61/4511—Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention relates to a method and a device for preventing hijacking of a webpage, wherein the method comprises the following steps: acquiring a user domain name request instruction; analyzing the user domain name request instruction to obtain a first IP address and a second IP address; obtaining a reference index by using the first IP address and the second IP address; and informing the client to display a correct page according to the reference index so as to realize the anti-hijack of the webpage.
Description
Technical Field
The invention relates to the technical field of network security, in particular to a method and a device for preventing webpage hijacking.
background
with the popularization and development of the internet and network applications, a great number of hacking attacks come along, especially network attacks against the internet. Among them, tampering with web documents is a common technique of hacking. Webpage tampering attack events are often difficult to pre-check and prevent in real time, responsibility cannot be traced due to the complex network environment, and an attack tool is simple and develops towards intellectualization. Although security devices such as a firewall and an intrusion detection system are used as security prevention means at present, Web application attacks are different from other attack modes, are difficult to detect by traditional security devices, and can easily break through the protection of the firewall and intrusion detection. The traditional network security devices such as a firewall, an intrusion detection system and the like are simply relied on, and the webpage tampering attack cannot be effectively prevented.
disclosure of Invention
The embodiment of the invention mainly aims to provide a method and a device for preventing a webpage from being hijacked, and the method and the device can be used for overcoming common hijacked problems, such as DNS hijacked, page jump away or page out of operator advertisements.
in order to achieve the above object, the present invention provides a method for preventing hijacking of a web page, comprising:
Acquiring a user domain name request instruction;
Analyzing the user domain name request instruction to obtain a first IP address and a second IP address;
Obtaining a reference index by using the first IP address and the second IP address;
and displaying a correct page on the client according to the reference index to realize the anti-hijack of the webpage.
in one embodiment, the reference indicator is whether the first IP address and the second IP address are the same.
in one embodiment, the reference index obtaining step includes:
acquiring a first IP address from a service domain name server, and acquiring a second IP address from a client;
and comparing whether the first IP address is the same as the second IP address, wherein the comparison result is a reference index.
in an embodiment, the step of notifying the client to display the correct page according to the reference index specifically includes:
when the first IP address is different from the second IP address, judging that the domain name of the user is hijacked, and informing the client to display a webpage corresponding to the first IP address; otherwise, judging that the domain name of the user is not hijacked, and informing the client to display the webpage corresponding to the first IP address or the webpage corresponding to the second IP address.
in an embodiment, the reference indicator is whether the web page feature information corresponding to the second IP address is in a white list.
in one embodiment, the reference index obtaining step includes:
Scanning a dom tree of a webpage corresponding to the second IP address through a Java Script engine;
And comparing the scanned webpage characteristic information with the information in the white list, and judging whether the webpage characteristic information corresponding to the second IP address is in the white list, wherein the comparison result is the reference index.
In an embodiment, the step of notifying the client to display the correct page according to the reference index specifically includes:
if the webpage characteristic information corresponding to the second IP address is not in the white list, judging that the domain name of the user is hijacked, and informing the client to display the webpage corresponding to the first IP address; otherwise, the client is informed to display the webpage corresponding to the second IP address.
Correspondingly, in order to achieve the above object, the present invention further provides a device for preventing web page hijacking, comprising:
a domain name request obtaining unit, configured to obtain a user domain name request instruction;
the domain name resolution unit is used for resolving the user domain name request instruction to obtain a first IP address and a second IP address;
a reference index obtaining unit configured to obtain a reference index using the first IP address and the second IP address;
and the anti-hijack unit is used for informing the client to display a correct page according to the reference index so as to realize webpage anti-hijack.
in an embodiment, the reference index acquired by the reference index acquiring unit is whether the first IP address and the second IP address are the same.
in one embodiment, the reference index acquiring unit includes:
The initialization module is used for acquiring a first IP address from a service domain name server and acquiring a second IP address from a client;
and the IP address comparison module is used for comparing whether the first IP address is the same as the second IP address or not, and the comparison result is the reference index.
in an embodiment, the anti-hijacking unit is specifically configured to:
When the first IP address is different from the second IP address, judging that the domain name of the user is hijacked, and informing the client to display a webpage corresponding to the first IP address; otherwise, judging that the domain name of the user is not hijacked, and informing the client to display the webpage corresponding to the first IP address or the webpage corresponding to the second IP address.
in an embodiment, the reference indicator obtained by the reference indicator obtaining unit is whether the web page feature information corresponding to the second IP address is in a white list.
In one embodiment, the reference index acquiring unit includes:
The scanning module is used for scanning a dom tree of a webpage corresponding to the second IP address through a Java Script engine;
and the webpage characteristic information comparison module is used for comparing the scanned and obtained webpage characteristic information with the information in the white list and judging whether the webpage characteristic information corresponding to the second IP address is in the white list or not, and the comparison result is the reference index.
In an embodiment, the anti-hijacking unit is specifically configured to:
if the webpage characteristic information corresponding to the second IP address is not in the white list, judging that the domain name of the user is hijacked, and informing the client to display the webpage corresponding to the first IP address; otherwise, the client is informed to display the webpage corresponding to the second IP address.
the technical scheme has the following beneficial effects:
the technical scheme compares the analysis result of the operator domain name analysis server with the analysis result of the service domain name analysis server, judges whether the user DNS is hijacked or not, can eradicate the domain name analysis abnormity, and avoids the condition that the user DNS cannot normally access the service when being hijacked.
in addition, the technical scheme can also scan a dom tree of a webpage corresponding to the IP address through a Java Script engine; and comparing the information obtained by scanning with the information in the white list, and judging whether the webpage corresponding to the IP address is in the white list, so that whether the page is tampered and hijacked is obtained, and the content of the page can be effectively prevented from being tampered.
the foregoing description is only an overview of the technical solutions of the present invention, and the embodiments of the present invention are described below in order to make the technical means of the present invention more clearly understood and to make the above and other objects, features, and advantages of the present invention more clearly understandable.
drawings
in order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 shows a flow diagram of a method for preventing hijacking of a web page;
FIG. 2 shows one of the flowcharts of the reference index acquisition step;
FIG. 3 shows one of the anti-hijacking schematics of the present embodiment;
FIG. 4 is a flowchart showing a second step of reference index obtaining;
FIG. 5 shows a second hijacking diagram of the present embodiment;
FIG. 6 shows a block diagram of an apparatus for anti-hijacking a web page;
FIG. 7 shows one of the functional block diagrams of a reference index acquisition unit in the present apparatus;
FIG. 8 is a second functional block diagram of a reference index acquiring unit in the present apparatus;
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
the embodiment of the invention provides a method and a device for preventing hijacking of a webpage. The present invention will be described in detail below with reference to the accompanying drawings.
The embodiment of the invention provides a method for preventing hijacking of a webpage, which is shown in figure 1. The method comprises the following steps:
Step S101: acquiring a user domain name request instruction;
Step S102: analyzing the user domain name request instruction to obtain a first IP address and a second IP address;
Step S103: obtaining a reference index by using the first IP address and the second IP address;
Step S104: and informing the client to display a correct page according to the reference index so as to realize the anti-hijack of the webpage.
correspondingly, the invention also provides a device for preventing the hijacking of the webpage, which is shown in fig. 6. The method comprises the following steps:
A domain name request obtaining unit 601, configured to obtain a user domain name request instruction;
A domain name resolution unit 602, configured to resolve the user domain name request instruction to obtain a first IP address and a second IP address;
A reference index obtaining unit 603 configured to obtain a reference index using the first IP address and the second IP address;
and the anti-hijack unit 604 is configured to notify the client to display a correct page according to the reference index, so as to achieve webpage anti-hijack.
In one embodiment, the reference indicator is whether the first IP address and the second IP address are the same. Fig. 2 is a flowchart of the reference index obtaining step. The method comprises the following steps:
Step S1031: acquiring a first IP address from a service domain name server, and acquiring a second IP address from a client;
step S1032: and comparing whether the first IP address is the same as the second IP address, wherein the comparison result is a reference index.
Correspondingly, the step of displaying the correct page at the client according to the reference index specifically comprises:
when the first IP address is different from the second IP address, judging that the domain name of the user is hijacked, and informing the client to display a webpage corresponding to the first IP address; otherwise, judging that the domain name of the user is not hijacked, and informing the client to display the webpage corresponding to the first IP address or the webpage corresponding to the second IP address.
Correspondingly, in the same embodiment, the reference index acquired by the reference index acquisition unit 603 is whether the first IP address and the second IP address are the same for the virtual device. As shown in fig. 7, this is one of the functional block diagrams of the reference index acquiring unit in the present apparatus. The method comprises the following steps:
an initialization module 6031, configured to obtain a first IP address from a service domain name server, and obtain a second IP address from a client;
the IP address comparing module 6032 is configured to compare whether the first IP address is the same as the second IP address, where the comparison result is a reference indicator.
Similarly, the anti-hijack unit 604 is specifically configured to:
when the first IP address is different from the second IP address, judging that the domain name of the user is hijacked, and informing the client to display a webpage corresponding to the first IP address; otherwise, judging that the domain name of the user is not hijacked, and informing the client to display the webpage corresponding to the first IP address or the webpage corresponding to the second IP address.
as shown in fig. 3, a user inputs a domain name "m.haosou.com", both an operator DNS server and a service DNS server acquire the domain name, the operator DNS server acquires an IP address corresponding to the domain name "m.haosou.com" as 127.0.0.1 according to a domain name resolution table of the operator DNS server, the service DNS server acquires an IP address corresponding to the domain name "m.haosou.com" as 125.88.193.213 according to a domain name resolution table of the operator DNS server, the service DNS server returns the resolved IP address to the operator DNS server, the operator DNS server does not return a page corresponding to the IP address 125.88.193.213 to the client, but returns a page corresponding to the IP address of 127.0.0.1 to the client, the security domain name resolution server acquires an IP address returned by the operator DNS server, and determines whether the IP address is tampered, and the determining process is as follows: and obtaining the analyzed IP address from the service DNS server, comparing the IP address obtained from the client with the IP address obtained from the service DNS server, wherein if the IP addresses are the same, DNS tampering does not occur, and if the IP addresses are different, DNS tampering occurs. In this case, the security domain name resolution server returns the IP address 125.88.193.213 to the client, and the client displays the web page corresponding to the IP address 125.88.193.213.
According to the embodiment, the technical scheme can provide the optimal resolution scheme according to the IP acquired by the user, so that the user can normally access the service, and the possibility of damaging the core benefits of the company is reduced.
In another embodiment, the reference indicator is whether the web page feature information corresponding to the second IP address is in a white list. FIG. 4 shows a second flowchart of the reference index obtaining step. The method comprises the following steps:
step S1031': scanning a dom tree of a webpage corresponding to the second IP address through a Java Script engine;
step S1032': and comparing the scanned webpage characteristic information with the information in the white list, and judging whether the webpage characteristic information corresponding to the second IP address is in the white list, wherein the comparison result is the reference index.
correspondingly, the step of displaying the correct page at the client according to the reference index specifically comprises:
If the webpage characteristic information corresponding to the second IP address is not in the white list, judging that the domain name of the user is hijacked, and informing the client to display the webpage corresponding to the first IP address; otherwise, the client is informed to display the webpage corresponding to the second IP address.
correspondingly, in the same embodiment, for the virtual device, the reference index acquired by the reference index acquiring unit 603 is whether the web page feature information corresponding to the second IP address is in a white list. Fig. 8 is a second functional block diagram of a reference index acquiring unit in the present apparatus. The reference index acquisition unit 603 includes:
A scanning module 6031' configured to scan a dom tree of a webpage corresponding to the second IP address by using a Java Script engine;
The web page feature information comparing module 6032' is configured to compare the scanned web page feature information with information in the white list, and determine whether the web page feature information corresponding to the second IP address is in the white list, where a comparison result is a reference indicator.
Similarly, the anti-hijack unit 604 is specifically configured to:
If the webpage characteristic information corresponding to the second IP address is not in the white list, judging that the domain name of the user is hijacked, and informing the client to display the webpage corresponding to the first IP address; otherwise, the client is informed to display the webpage corresponding to the second IP address.
For this embodiment, when the user has a "supercooling degree" in the search field, a user domain name request instruction is generated according to the keyword, and the service domain name resolution server obtains a corresponding IP address according to the request instruction. And displaying a corresponding webpage according to the IP address at the client. However, the web page is actually falsified, and the web page displayed on the client side is as shown in fig. 5. At this time, the client front-end Java Script engine scans the dom tree of the webpage corresponding to the IP address, compares the acquired webpage characteristic information with the information in the white list, finds that the webpage information does not appear in the white list, and can know that the webpage displayed by the client is tampered at this time. In order to correct the result of the display error, the web page corresponding to the first IP address needs to be displayed on the client, and normal web page information can appear.
as can be seen from the above description of the embodiment, in the technical solution, the page information displayed by the client needs to be scanned in the idle time after the page body loading is completed, and then error correction processing is performed, so that the timeliness of the client displaying the correct page is not strong. In order to overcome the situation, after once hijack prevention, the webpage characteristic information corresponding to the tampered second IP address is known to be illegal tampering information, the webpage characteristic information obtained by scanning of the Java Script engine is directly used as a basis, and when domain name resolution corresponding to 'supercooling degree' is generated later, whether the page is tampered similarly in the past or not is directly judged. When similar tampering occurs, the tampered page can be directly displayed on the client without displaying the tampered page on the client. Therefore, the experience degree and the timeliness of the user are improved on the basis of guaranteeing the normal service access of the user.
According to the two embodiments, the technical scheme can reduce the possibility of damaging the core benefits of the company and ensure the experience of the user in normally accessing the service.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the claims, any of the claimed embodiments may be used in any combination.
The various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functions of some or all of the components in the image edge location apparatus in the natural context of embodiments in accordance with the invention. The present invention may also be embodied as apparatus or device programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
it should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.
thus, it should be appreciated by those skilled in the art that while a number of exemplary embodiments of the invention have been illustrated and described in detail herein, many other variations or modifications consistent with the principles of the invention may be directly determined or derived from the disclosure of the present invention without departing from the spirit and scope of the invention. Accordingly, the scope of the invention should be understood and interpreted to cover all such other variations or modifications.
The above embodiments are provided to further explain the objects, technical solutions and advantages of the present invention in detail, it should be understood that the above embodiments are merely exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalents, improvements, etc. made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (8)
1. A method for preventing hijacking of a webpage is characterized by comprising the following steps:
Acquiring a user domain name request instruction;
Analyzing the user domain name request instruction to obtain a first IP address and a second IP address;
Obtaining a reference index by using the first IP address and the second IP address; acquiring a first IP address from a service domain name server, and acquiring a second IP address returned by an operator domain name server from a client;
Informing the client to display a correct page according to the reference index so as to realize the anti-hijack of the webpage;
comparing whether the first IP address is the same as the second IP address, wherein the obtained comparison result of whether the first IP address is the same as the second IP address is a reference index;
When the first IP address is different from the second IP address, judging that the domain name of the user is hijacked, and informing the client to display a webpage corresponding to the first IP address; otherwise, judging that the domain name of the user is not hijacked, and informing the client to display the webpage corresponding to the first IP address or the webpage corresponding to the second IP address.
2. The method of claim 1, wherein the reference indicator is whether the web page characteristic information corresponding to the second IP address is in a white list.
3. the method of claim 2, wherein the obtaining the reference metric using the first and second IP addresses step comprises:
Scanning a dom tree of a webpage corresponding to the second IP address through a Java Script engine;
and comparing the scanned and obtained webpage characteristic information with information in a white list, and judging whether the webpage characteristic information corresponding to the second IP address is in the white list, wherein the comparison result is a reference index.
4. The method according to claim 3, wherein the step of notifying the client of displaying the correct page according to the reference index specifically comprises:
if the webpage characteristic information corresponding to the second IP address is not in the white list, judging that the domain name of the user is hijacked, and informing a client to display the webpage corresponding to the first IP address; otherwise, the client displays the webpage corresponding to the second IP address.
5. An apparatus for preventing hijacking of a web page, comprising:
a domain name request obtaining unit, configured to obtain a user domain name request instruction;
the domain name resolution unit is used for resolving the user domain name request instruction to obtain a first IP address and a second IP address;
a reference index obtaining unit, configured to obtain a reference index by using the first IP address and the second IP address; the reference index acquiring unit includes: the initialization module is used for acquiring a first IP address from the service domain name server and acquiring a second IP address returned by the operator domain name server from the client;
The anti-hijack unit is used for informing the client to display a correct page according to the reference index so as to realize webpage anti-hijack;
wherein, the reference index acquiring unit further includes: the IP address comparison module is used for comparing whether the first IP address is the same as the second IP address or not, and the obtained comparison result of whether the first IP address is the same as the second IP address or not is a reference index;
Wherein the anti-hijacking unit is further configured to: when the first IP address is different from the second IP address, judging that the domain name of the user is hijacked, and informing the client to display a webpage corresponding to the first IP address; otherwise, judging that the domain name of the user is not hijacked, and informing the client to display the webpage corresponding to the first IP address or the webpage corresponding to the second IP address.
6. the apparatus of claim 5, wherein the reference index obtained by the reference index obtaining unit is whether the web page feature information corresponding to the second IP address is in a white list.
7. the apparatus of claim 6, wherein the reference index obtaining unit comprises:
The scanning module is used for scanning a dom tree of a webpage corresponding to the second IP address through a Java Script engine;
and the webpage characteristic information comparison module is used for comparing the scanned and obtained webpage characteristic information with information in a white list and judging whether the webpage characteristic information corresponding to the second IP address is in the white list or not, and the comparison result is a reference index.
8. the apparatus of claim 7, wherein the anti-hijacking unit is specifically configured to:
If the webpage characteristic information corresponding to the second IP address is not in the white list, judging that the domain name of the user is hijacked, and informing a client to display the webpage corresponding to the first IP address; otherwise, the client is informed to display the webpage corresponding to the second IP address.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510983406.0A CN105610812B (en) | 2015-12-24 | 2015-12-24 | Method and device for preventing webpage from being hijacked |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510983406.0A CN105610812B (en) | 2015-12-24 | 2015-12-24 | Method and device for preventing webpage from being hijacked |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105610812A CN105610812A (en) | 2016-05-25 |
| CN105610812B true CN105610812B (en) | 2019-12-06 |
Family
ID=55990350
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510983406.0A Active CN105610812B (en) | 2015-12-24 | 2015-12-24 | Method and device for preventing webpage from being hijacked |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105610812B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106230864A (en) * | 2016-09-22 | 2016-12-14 | 安徽云图信息技术有限公司 | Website security detection system |
| CN107979611B (en) * | 2017-12-18 | 2020-09-29 | 北京奇艺世纪科技有限公司 | Method and device for judging file hijacking |
| CN108494728B (en) * | 2018-02-07 | 2021-01-26 | 平安普惠企业管理有限公司 | Method, device, equipment and medium for creating blacklist library for preventing traffic hijacking |
| CN108494762A (en) * | 2018-03-15 | 2018-09-04 | 广州优视网络科技有限公司 | Web access method, device and computer readable storage medium, terminal |
| CN112511499B (en) * | 2020-11-12 | 2023-03-24 | 视若飞信息科技(上海)有限公司 | Method and device for processing AIT in HBBTV terminal |
| CN113094619A (en) * | 2021-04-22 | 2021-07-09 | 杭州推啊网络科技有限公司 | Method and system for detecting cheating returned by advertisement landing page |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102685074A (en) * | 2011-03-14 | 2012-09-19 | 国基电子(上海)有限公司 | Anti-phishing network communication system and method |
| CN103118026A (en) * | 2013-02-01 | 2013-05-22 | 北京奇虎科技有限公司 | Method and device for displaying web address security identification information |
| CN103401836A (en) * | 2013-07-01 | 2013-11-20 | 北京卓易讯畅科技有限公司 | Method and device used for judging whether webpage is hijacked by ISP (internet service provider) or not |
| CN103825895A (en) * | 2014-02-24 | 2014-05-28 | 联想(北京)有限公司 | Information processing method and electronic device |
| CN103916490A (en) * | 2014-04-03 | 2014-07-09 | 深信服网络科技(深圳)有限公司 | DNS tamper-proof method and device |
-
2015
- 2015-12-24 CN CN201510983406.0A patent/CN105610812B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102685074A (en) * | 2011-03-14 | 2012-09-19 | 国基电子(上海)有限公司 | Anti-phishing network communication system and method |
| CN103118026A (en) * | 2013-02-01 | 2013-05-22 | 北京奇虎科技有限公司 | Method and device for displaying web address security identification information |
| CN103401836A (en) * | 2013-07-01 | 2013-11-20 | 北京卓易讯畅科技有限公司 | Method and device used for judging whether webpage is hijacked by ISP (internet service provider) or not |
| CN103825895A (en) * | 2014-02-24 | 2014-05-28 | 联想(北京)有限公司 | Information processing method and electronic device |
| CN103916490A (en) * | 2014-04-03 | 2014-07-09 | 深信服网络科技(深圳)有限公司 | DNS tamper-proof method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105610812A (en) | 2016-05-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105610812B (en) | Method and device for preventing webpage from being hijacked | |
| US10708302B2 (en) | Systems and methods for identifying phishing web sites | |
| US9306968B2 (en) | Systems and methods for risk rating and pro-actively detecting malicious online ads | |
| US8683596B2 (en) | Detection of DOM-based cross-site scripting vulnerabilities | |
| US9215242B2 (en) | Methods and systems for preventing unauthorized acquisition of user information | |
| KR102130122B1 (en) | Systems and methods for detecting online fraud | |
| US9251282B2 (en) | Systems and methods for determining compliance of references in a website | |
| CN104935605B (en) | The detection method of fishing website, apparatus and system | |
| WO2015051720A1 (en) | Method and device for detecting suspicious dns, and method and system for processing suspicious dns | |
| CN107360162B (en) | Network application protection method and device | |
| CN102739675B (en) | Website security detection method and device | |
| CN106548075B (en) | Vulnerability detection method and device | |
| US20140041029A1 (en) | Method and system for processing website address risk detection | |
| CN104486140A (en) | Device and method for detecting hijacking of web page | |
| CN107465702B (en) | Early warning method and device based on wireless network intrusion | |
| CN108156121B (en) | Traffic hijacking monitoring method and device and traffic hijacking alarm method and device | |
| CN111460445A (en) | Method and device for automatically identifying malicious degree of sample program | |
| CN103986731A (en) | Method and device for detecting phishing web pages through picture matching | |
| CN103927480A (en) | Method, device and system for identifying malicious web page | |
| CN105282096A (en) | XSS vulnerability detection method and device | |
| CN103019872B (en) | Browser restorative procedure and device | |
| WO2017063274A1 (en) | Method for automatically determining malicious-jumping and malicious-nesting offensive websites | |
| WO2015188604A1 (en) | Phishing webpage detection method and device | |
| CN106250761B (en) | Equipment, device and method for identifying web automation tool | |
| CN111177727A (en) | Vulnerability detection method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20220720 Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015 Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park) Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd. Patentee before: Qizhi software (Beijing) Co.,Ltd. |
|
| TR01 | Transfer of patent right |