CN105678193A - Tamper-proof processing method and device - Google Patents

Tamper-proof processing method and device Download PDF

Info

Publication number
CN105678193A
CN105678193A CN 201610010211 CN201610010211A CN105678193A CN 105678193 A CN105678193 A CN 105678193A CN 201610010211 CN201610010211 CN 201610010211 CN 201610010211 A CN201610010211 A CN 201610010211A CN 105678193 A CN105678193 A CN 105678193A
Authority
CN
Grant status
Application
Patent type
Prior art keywords
information
web server
tampered
system
web
Prior art date
Application number
CN 201610010211
Other languages
Chinese (zh)
Other versions
CN105678193B (en )
Inventor
齐普军
Original Assignee
杭州数梦工场科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network-specific arrangements or communication protocols supporting networked applications
    • H04L67/02Network-specific arrangements or communication protocols supporting networked applications involving the use of web-based technology, e.g. hyper text transfer protocol [HTTP]
    • H04L67/025Network-specific arrangements or communication protocols supporting networked applications involving the use of web-based technology, e.g. hyper text transfer protocol [HTTP] for remote control or remote monitoring of the application
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2115Third party

Abstract

The invention provides a tamper-proof processing method and device. The method comprises the steps that a cloud monitoring system acquires tampered information of an Internet WEB server; the cloud monitoring system sends the tampered information to a user device; the cloud monitoring system receives a command issued by the user device according to the tampered information; the cloud monitoring system conducts tamper-proof processing on the WEB server according to the command. By means of the technical scheme, when it is detected that the WEB page information configured on the WEB server is tampered, the tampered information can be found in time, and a webmaster is notified to conduct intervention in time. The cloud monitoring system can also find the tampered information of the WEB page information even if a local tamper-proof system of the WEB server is turned off by an attacker, the problem that malignant tampering of the webpage can not be prevented is avoided, the risk that the tampered information leaks can be prevented, and diffusion of the tampered information is effectively prevented.

Description

一种防篡改的处理方法和装置 A method and apparatus for processing tamperproof

技术领域 FIELD

[0001]本发明涉及通信技术领域,尤其涉及一种防篡改的处理方法和装置。 [0001] The present invention relates to communications technologies, and in particular relates to a method and apparatus for processing tamper-resistant.

背景技术 Background technique

[0002]网页被恶意篡改是目前比较严重的互联网安全威胁之一,攻击者通过篡改网页可以达到某种炫耀(比如,篡改政府网页来进行主权、人权等宣示),或者,通过网页挂马等方式来获取访问被篡改网页的用户信息。 [0002] page malicious tampering is one of the more serious Internet security threats, by tampering with the attacker can achieve some web showing off (for example, tampering with government website to declare sovereignty, human rights, etc.), or through the Web page linked to horse way to gain access to user information being tampered web page.

[0003]因此,如何防范网页被恶意篡改成为很多用户关注的问题。 [0003] Therefore, how to prevent malicious tampering pages an issue a lot of user attention. 在已知的一种方式中,可以在WEB(互联网)服务器上部署一个防篡改软件,该防篡改软件用于对WEB服务器上配置的文件进行防篡改检查。 In a known manner, a tamper-resistant software can be deployed on the WEB (Internet) server, the tamper resistant software files for the WEB server configured to check for tamper-proof. 当有用户修改WEB服务器上配置的文件时,会触发防篡改软件自动检查网页是否被恶意篡改。 When a user modifies the configuration file on the WEB server, it will trigger a tamper-resistant software automatically checks whether the website is malicious tampering.

[0004]但是,如果攻击者关闭WEB服务器上的防篡改软件,则无法在对WEB服务器上配置的文件进行防篡改检查,导致仍然无法防范网页被恶意篡改。 [0004] However, if the attacker closed tamper-proof software on the WEB server, you can not check in tamper-proof files on WEB server configuration, causing the page still can not prevent malicious tampering.

发明内容 SUMMARY

[0005]本发明提供一种防篡改的处理方法,所述方法包括以下步骤: [0005] The present invention provides a tamper-proof treatment, the method comprising the steps of:

[0006]云端监控系统获得互联网WEB服务器的被篡改的信息; The information has been tampered [0006] cloud monitoring system to obtain Internet WEB server;

[0007]所述云端监控系统将所述被篡改的信息发送给用户设备; [0007] The cloud monitoring system transmits the information to the user equipment has been tampered with;

[0008]所述云端监控系统接收用户设备根据所述被篡改的信息下发的命令; [0008] The monitoring system receives a user Drive apparatus according to the issued information is tampered command;

[0009]所述云端监控系统根据所述命令对所述WEB服务器进行防篡改处理。 The [0009] Drive monitoring system anti-tampering process the WEB server according to the command.

[0010]所述云端监控系统获得WEB服务器的被篡改的信息的过程,具体包括: [0010] The WEB server cloud monitoring system obtains the process information has been tampered with, comprises:

[0011]所述云端监控系统接收所述WEB服务器的本地防篡改系统上报的被篡改的信息;其中,所述本地防篡改系统对所述WEB服务器的WEB页面信息进行监控,并当监控到WEB页面信息被篡改时,上报被篡改的信息;或者, Information has been tampered [0011] The monitoring system receives the cloud WEB server reported local tamper resistant system; wherein the tamper resistant system of the local WEB server WEB page of the monitoring information, and when it is monitored WEB page information has been tampered with, report the information has been tampered with; or,

[0012]所述云端监控系统定期获得所述WEB服务器的WEB页面信息,并通过比较获得的WEB页面信息与预先配置的WEB页面信息是否相同,确定所述获得的WEB页面信息是否被篡改,如果是,则获得被篡改的信息; [0012] The monitoring system periodically obtaining the cloud WEB server WEB page information, and by comparing the WEB page information obtained in the pre-configuration information is the same WEB page, determining whether the acquired WEB page information has been tampered with, if it is to obtain the information has been tampered with;

[0013]其中,所述WEB页面信息具体包括:所述WEB服务器的WEB文件和/或需要展示在所述WEB服务器的WEB页面上的来自数据库的内容。 [0013] wherein the WEB page information comprises: WEB server WEB the file and / or database need to display content from the WEB page on a WEB server.

[0014]所述方法进一步包括: [0014] The method further comprising:

[0015]在所述云端监控系统获得WEB服务器的被篡改的信息之后,所述云端监控系统将所述被篡改的信息发送给内容识别系统,由所述内容识别系统对所述被篡改的信息进行内容识别;所述云端监控系统接收所述内容识别系统返回的内容识别结果,并将所述内容识别结果发送给所述用户设备; [0015] After the information has been tampered monitoring system obtains the cloud WEB server, the information of the monitoring system cloud be tampered sent to the content identification system, the information provided by the content identification system is tampered identifying content; the cloud content monitoring system receives a recognition result returned by the content identification system and the content identification result to the user equipment;

[0016]所述云端监控系统定期检查所述WEB服务器的本地防篡改系统是否处于开启状态;如果否,则将本地防篡改系统异常的信息发送给所述用户设备。 The [0016] Drive monitoring system periodically checking the local WEB server tamper resistant system is in an open state; if not, the tamper resistant system local anomaly information transmitted to the user equipment.

[0017]所述云端监控系统根据所述命令对所述WEB服务器进行防篡改处理的过程,具体包括:当所述命令为还原被篡改信息时,则所述云端监控系统将所述WEB服务器的备份文件发送给所述WEB服务器的本地防篡改系统,以使所述本地防篡改系统利用所述备份文件还原所述WEB服务器的WEB页面信息;当所述命令为终止WEB服务时,则所述云端监控系统向所述WEB服务器对应的出口路由器下发黑洞路由,以使所述出口路由器拦截所有目的IP地址为所述WEB服务器的流量;和/或,所述云端监控系统将智能DNS系统记录的所述WEB服务器对应的DNS,由所述WEB服务器的IP地址修改为备份页面或者维护页面所在的第三方服务器的IP地址,以使访问所述WEB服务器的流量被指定到备份页面或者维护页面所在的第三方服务器。 [0017] The monitoring system the command cloud WEB server according to the tamper resistant processing procedure comprises: when the command to restore the information has been tampered with, then the monitoring system of the cloud WEB server local tamper resistant system backup file is sent to the WEB server, so that the local anti-tampering system using the backup file to restore the WEB server WEB page information; command is terminated when the WEB service, then the Drive monitoring system to the WEB server corresponding to the egress router routes issued black hole, so that the egress router to intercept all traffic destination IP address of the WEB server; and / or, the intelligent monitoring system cloud DNS system records the WEB server corresponding to the DNS, an IP address modified by the WEB server to backup the page or pages located by third parties server IP address, so that traffic to the WEB server is assigned to the backup page or maintenance page third-party server is located.

[0018]所述方法进一步包括: [0018] The method further comprising:

[0019]所述云端监控系统定期检查智能DNS系统记录的所述WEB服务器对应的DNS,如果所述WEB服务器的IP地址被修改为非法网站所在服务器的IP地址,则将所述智能DNS系统异常的信息发送给所述用户设备。 [0019] The cloud monitoring system periodically checks intelligent DNS system records the corresponding WEB server DNS, if the IP address of the WEB server is modified to the server where the site's IP address illegal, then the intelligent DNS system abnormalities the information is sent to the user equipment.

[0020]本发明提供一种防篡改的处理装置,所述防篡改的处理装置应用在云端监控系统上,所述防篡改的处理装置具体包括: [0020] The present invention provides an apparatus for processing a tamper-resistant, tamper resistant processing means processing said application apparatus monitoring system in the cloud, the tamper-proof comprises:

[0021]获得模块,用于获得互联网WEB服务器的被篡改的信息; [0021] obtaining means for obtaining the information has been tampered Internet WEB server;

[0022]发送模块,用于将所述被篡改的信息发送给用户设备; [0022] transmitting means for transmitting information to a user of the equipment has been tampered with;

[0023]接收模块,用于接收用户设备根据所述被篡改的信息下发的命令; [0023] a receiving module, configured to receive a user equipment according to the information sent by the command is tampered with;

[0024]处理模块,用于根据所述命令对所述WEB服务器进行防篡改处理。 [0024] The processing module, for performing the anti-tampering process according to the command WEB server.

[0025]所述获得模块,具体用于在获得WEB服务器的被篡改的信息的过程中,接收所述WEB服务器的本地防篡改系统上报的被篡改的信息;所述本地防篡改系统对所述WEB服务器的WEB页面信息进行监控,并当监控到WEB页面信息被篡改时,上报被篡改的信息;或者,定期获得所述WEB服务器的WEB页面信息,并通过比较获得的WEB页面信息与预先配置的WEB页面信息是否相同,确定所述获得的WEB页面信息是否被篡改,如果是,则获得被篡改的信息;所述WEB页面信息包括:所述WEB服务器的WEB文件和/或需要展示在所述WEB服务器的WEB页面上的来自数据库的内容。 [0025] the obtaining module is used for obtaining the information has been tampered WEB server process information has been tampered with, the WEB server receives the tamper resistant system reported by the local; the tamper resistant system of the local WEB page information or periodically obtaining the WEB server and WEB page by comparing the information with a second predetermined configuration; WEB server WEB page monitoring information, and when the monitoring information to the WEB page is tampered with, the reported information is tampered WEB page information is identical, determining whether the acquired WEB page information has been tampered with, and if so, will obtain the information has been tampered with; the WEB page information comprises: WEB WEB server of the file and / or the need to show the content from the database on the WEB page mentioned WEB server.

[0026]所述发送模块,还用于在获得WEB服务器的被篡改的信息后,将所述被篡改的信息发送给内容识别系统,由所述内容识别系统对所述被篡改的信息进行内容识别;所述接收模块,还用于接收所述内容识别系统返回的内容识别结果;所述发送模块,还用于将所述内容识别结果发送给所述用户设备; [0026] The sending module is further configured to, after the information has been tampered with to obtain the WEB server transmits the information to the tampered content identification system, the information content is tampered by the content identification system recognition; the receiving module is further configured to receive said content identification result returned by the content identification system; the sending module is further configured to send the contents of the recognition result to the user equipment;

[0027]所述发送模块,还用于定期检查所述WEB服务器的本地防篡改系统是否处于开启状态;如果否,则将本地防篡改系统异常的信息发送给用户设备。 [0027] The sending module is further configured to periodically check the local tamper resistant system of the WEB server is in an on state; if not, the tamper resistant system transmits local information to the user equipment abnormality.

[0028]所述处理模块,具体用于在根据所述命令对所述WEB服务器进行防篡改处理的过程中,当所述命令为还原被篡改信息时,则将所述WEB服务器的备份文件发送给所述WEB月艮务器的本地防篡改系统,以使所述本地防篡改系统利用所述备份文件还原所述WEB服务器的WEB页面信息; [0028] The processing module is configured to process the anti-tampering process according to the WEB server command, when the command to restore the information has been tampered with, then the backup files of the WEB server transmits to the local tamper resistant system that works to the WEB month's, so that the local anti-tampering system using the backup file to restore the WEB server WEB page information;

[0029]当所述命令为终止WEB服务时,则向所述WEB服务器对应的出口路由器下发黑洞路由,以使所述出口路由器拦截所有目的IP地址为所述WEB服务器的流量;和/或,将智能DNS系统记录的所述WEB服务器对应的DNS,由所述WEB服务器的IP地址修改为备份页面或者维护页面所在的第三方服务器的IP地址,以使访问所述WEB服务器的流量被指定到备份页面或者维护页面所在的第三方服务器。 [0029] When the egress router routes issued the black hole is a termination command WEB service, the WEB server corresponding to the, so that the egress router to intercept all traffic destination IP address of the WEB server; and / or , the WEB server intelligent DNS system corresponding DNS record, modify the IP address of the WEB server as a backup server page or pages where the third-party maintenance of IP addresses, so that traffic to the WEB server is specified to maintain backup page or a third-party server page is located.

[0030]所述发送模块,还用于定期检查智能DNS系统记录的所述WEB服务器对应的0呢,如果所述WEB服务器的IP地址被修改为非法网站所在服务器的IP地址,则将所述智能DNS系统异常的信息发送给所述用户设备。 The WEB server [0030] The sending module is further configured to periodically check intelligent DNS system records corresponding to 0 then, if the IP address of the WEB server is modified to the server where the site's IP address illegal, then the intelligent DNS system abnormality transmits information to the user equipment.

[0031]基于上述技术方案,本发明实施例中,通过部署在公网的云端监控系统对WEB服务器进行防篡改处理,可以在检测到WEB服务器上配置的WEB页面信息被篡改时,及时发现被篡改的信息,并及时通知网站管理员进行干涉。 [0031] Based on the above technical solution, embodiments of the present invention, by deploying the cloud monitoring system public network to the WEB server tamper-proof treatment, upon detecting a WEB page configuration information on the WEB server is tampered with, to discover the information tampering, and promptly notify the site administrator intervention. 而且,即使WEB服务器的本地防篡改系统被攻击者关闭,云端监控系统也能够发现WEB页面信息被篡改的信息,避免无法防范网页被恶意篡改的问题,能够防范被篡改信息外泄的风险,有效阻止被篡改信息扩散。 Moreover, even if the local WEB server tamper-proof system is turned off attackers, cloud monitoring system can also find information WEB page information has been tampered with, can not avoid the issue to prevent malicious tampering page, it is possible to prevent the risk of information leakage has been tampered with, and effective prevent the proliferation of information has been tampered with.

附图说明 BRIEF DESCRIPTION

[0032]图1是本发明一种实施方式中的系统结构示意图; [0032] FIG. 1 is a system structure diagram of the embodiment of the present invention;

[0033]图2是本发明一种实施方式中的防篡改的处理方法的流程图; [0033] FIG 2 is a flowchart of a method of tamper-resistant manner in one embodiment of the present invention;

[0034]图3是本发明另一种实施方式中的防篡改的处理方法的流程图; [0034] FIG. 3 is a flowchart of another processing method of tamper-proof manner in the embodiment of the present invention;

[0035]图4是本发明一种实施方式中的云端监控系统的硬件结构图; [0035] FIG. 4 is a hardware configuration diagram of the cloud in the monitoring system according to embodiments of the present invention;

[0036]图5是本发明一种实施方式中的防篡改的处理装置的结构图。 [0036] FIG 5 is a configuration diagram of the processing device tamper-resistant manner in the embodiment of the present invention.

具体实施方式 detailed description

[0037]针对现有技术中存在的问题,本发明实施例中提出了一种防篡改的处理方法,以图1为本发明实施例的应用场景示意图,该方法可以应用在至少包括部署在公网的云端监控系统、部署在公网的智能DNS(Domain Name System,域名系统)系统、部署在公网的内容识别系统、WEB网站系统、网站管理员使用的用户设备、普通用户使用的终端设备的系统中。 [0037] For the problems in the prior art, embodiments of the present invention proposes a tamper-proof treatment to FIG. 1 a schematic view of an application scenario according to an embodiment of the present invention, the method can be applied in a well includes deploying at least cloud network monitoring system, deployed in intelligent DNS (domain Name system, domain Name system) system, content identification system deployed in the public network, wEB site system, the user equipment webmasters use of terminal equipment ordinary users of the public network system.

[0038] 其中,该WEB网站系统具体可以包括本地防篡改系统、WEB服务器、数据库服务器。 [0038] wherein the specific WEB site system may include a local tamper resistant system, WEB server, database server. 本地防篡改系统可以部署在WEB服务器上,也可以分开部署。 Local anti-tampering system can be deployed on WEB server can be deployed separately. 数据库服务器可以部署在WEB服务器上,也可以分开部署。 The database server can be deployed on WEB server can be deployed separately.

[0039] 在上述应用场景下,如图2所示,该防篡改的处理方法包括以下步骤: [0039] In the above scenario, the processing method shown in Figure 2 tamper resistant comprising the steps of:

[0040]步骤201,云端监控系统获得WEB服务器的被篡改的信息。 [0040] Step 201, the cloud monitoring system to obtain information of the WEB server has been tampered with.

[0041]本发明实施例中,云端监控系统获得WEB服务器的被篡改的信息的过程,具体可以包括但不限于如下方式:方式一、云端监控系统接收WEB服务器的本地防篡改系统上报的被篡改的信息;其中,本地防篡改系统对WEB服务器的WEB页面信息进行监控,并当监控到WEB页面信息被篡改时,上报被篡改的信息。 [0041] Examples of process information is tampered with, the cloud monitoring system obtains the WEB server of the embodiment of the present invention, specifically including but not limited to, the following mode: Mode 1 cloud monitoring system receives WEB server's local tamper resistant system is reported to be tampered information; wherein the tamper resistant system of the local WEB server WEB page monitoring information, and when the monitoring information to the WEB page is tampered with, the reported information has been tampered with. 或者,方式二、云端监控系统定期获得WEB服务器的WEB页面信息,并通过比较获得的WEB页面信息与预先配置的WEB页面信息是否相同,确定获得的WEB页面信息是否被篡改,如果是,则获得被篡改的信息。 Alternatively, the second approach, the cloud monitoring system periodically obtained WEB server WEB page information through WEB page information obtained by comparing with the pre-configured WEB page information are the same, determining whether the acquired WEB page information has been tampered with, if so, to obtain the information has been tampered with. 针对方式一和方式二、WEB页面信息具体可以包括:WEB服务器的WEB文件和/或需要展示在WEB服务器的WEB页面上的来自数据库的内容。 And a way for the second approach, WEB page information may specifically include: WEB WEB server files and / or need to show content from a database on the WEB page WEB server.

[0042]针对方式一、本地防篡改系统实时对WEB服务器的WEB页面信息进行监控,并当监控到WEB页面信息被篡改时,将被篡改的信息上报给云端监控系统。 [0042] a way for local tamper-proof system for real-time information WEB page WEB server monitoring, and when it is monitored WEB page information has been tampered with, falsified information will be reported to the cloud monitoring system. 在一个例子中,针对WEB服务器的WEB文件,本地防篡改系统可以预先维护完整的WEB文件,并对WEB服务器上配置的WEB文件进行实时监控,当有用户修改WEB服务器上配置的WEB文件时,本地防篡改系统通过比较修改后的WEB文件以及预先维护的完整的WEB文件,确定出被篡改的信息,并将被篡改的信息上报给云端监控系统。 In one example, the file for WEB WEB server, the local anti-tampering system can maintain the integrity of the pre-WEB files, configuration files on the WEB WEB server and real-time monitoring, when a user to modify the configuration file on the WEB WEB server, local anti-tampering system WEB files by comparing the modified files as well as full WEB maintained in advance, determines the information has been tampered with, and reporting information from being tampered with to cloud monitoring system. 在另一个例子中,针对需要展示在WEB服务器的WEB页面上的来自数据库的内容,即数据库服务器中存储的内容,本地防篡改系统可以对数据库服务器维护的数据库表项进行实时监控,当数据库表项发生变化时,基于变化后的数据库表项,本地防篡改系统可以确定出被篡改的信息,并将被篡改的信息上报给云端监控系统。 In another example, for the need to show on the WEB page WEB server content from the database, the content database that is stored in the server, the local anti-tampering system for database server maintains a database entry for real-time monitoring, when a database table when entry changes, the changed entries in the database, based on the local tamper resistant system may determine that the information has been tampered with, and to report information to the cloud is tampered monitoring system.

[0043]针对方式二、为了避免本地防篡改系统异常,导致无法向云端监控系统上报被篡改的信息,或者,本地防篡改系统出现检查遗漏的情况,未能及时检测到被篡改的信息,则云端监控系统还可以定期获得WEB服务器的WEB页面信息,并比较当前获得的WEB页面信息与预先配置的WEB页面信息(即未修改之前的WEB页面信息,用于检测WEB服务器的WEB页面信息是否被修改)是否相同,如果二者不同,确定当前获得的WEB页面信息被篡改,并可以基于获得的WEB页面信息与预先配置的WEB页面信息,分析出被篡改的信息。 [0043] for the second approach, in order to avoid local anti-tampering system abnormalities, making it impossible to report information to the cloud monitoring system has been tampered with, or missing Check local anti-tampering system appears, failed to detect the information has been tampered with, the Drive WEB page information monitoring system may also be obtained periodically WEB server WEB page information, and compares the current WEB page information obtained in the pre-configured (i.e., before the unmodified WEB page information, for detecting a WEB server WEB page information whether Review) are the same, if they are different, to determine the current WEB page information obtained been tampered with, and may be based on information obtained in the WEB page WEB page preconfigured information, analyze the information has been tampered with. 如果二者相同,则确定当前获得的WEB页面信息没有被篡改。 If they are identical, it is determined that the WEB page information currently available have not been tampered with.

[0044]步骤202,云端监控系统将被篡改的信息发送给用户设备。 [0044] Step 202, the cloud information monitoring system has been tampered with to the user equipment.

[0045]其中,云端监控系统在获得WEB服务器的被篡改的信息之后,可以直接将被篡改的信息发送给用户设备。 [0045] wherein, after obtaining the cloud monitoring system information WEB server has been tampered with, the information may be sent directly to the user tampering device. 或者,云端监控系统可以将被篡改的信息发送给内容识别系统,由内容识别系统对被篡改的信息进行内容识别,并将内容识别结果返回给云端监控系统。 Alternatively, the cloud information monitoring system may be transmitted to the tampered content identification system, content identification information identifying the content has been tampered with by the system, and return the results to the content identification Drive monitoring system. 云端监控系统接收内容识别系统返回的内容识别结果,并将内容识别结果和被篡改的信息一起发送给用户设备。 Drive monitoring system receiving content identification system returns the contents of the recognition result, and transmits the recognition result information and the contents are tampered with to the user equipment.

[0046]实际应用中,被篡改的信息可能是一段简单内容,如涉及政治言论、黄赌毒等内容的一句话,此时云端监控系统可以直接将被篡改的信息发送给网站管理员使用的用户设备,网站管理员直接基于此该被篡改的信息分析出被篡改的信息的类型。 [0046] practical application, the information has been tampered with may be a simple piece of content, such as those involving political speech, pornography, gambling and other content word, cloud monitoring system information at this time can directly be tampered sent to the site administrators user equipment, site managers to directly analyze the type of information has been tampered with based on this information that has been tampered with. 或者,被篡改的信息还可能是一个图片内容或者一段复杂内容,如涉及黄色的图片内容、或网站管理员可能无法直接分析出类型的复杂内容,此时云端监控系统可以将被篡改的信息发送给内容识别系统,由内容识别系统进行内容识别,接收内容识别系统返回的内容识别结果,并将内容识别结果和被篡改的信息一起发送给网站管理员使用的用户设备,网站管理员基于此内容识别结果和被篡改的信息分析出被篡改的信息的类型。 Alternatively, the information has been tampered with may also be a complex picture content, or for some content, such as those involving yellow graphic content, or webmaster may not be able to analyze complex content type of direct information at this time cloud monitoring system can be tampered with to send a content identification system, content identified by the content identification system, receiving content identification system returns the contents of the recognition result, the recognition result is transmitted together and the contents and information to the user equipment has been tampered webmaster use, based on this content webmaster and recognition result information is tampered tampering of the analyzed type of information.

[0047]其中,内容识别系统提供对各类被篡改的信息进行精确识别的功能,比如识别出被篡改的信息为黄色图片、政治言论、黄赌毒等信息。 [0047] wherein the content recognition system to provide various types of information being tampered with precise identification features, such as the identification information has been tampered with pictures of yellow, political speech, pornography, gambling and other information. 对于内容识别系统接收到被篡改的信息后的具体识别过程,在此不再详加赘述。 Content ID for identifying the specific process after receiving the information has been tampered with, which is not further described in detail.

[0048]步骤203,云端监控系统接收用户设备根据被篡改的信息下发的命令。 [0048] Step 203, the user device receives the cloud monitoring system according to a command issued by the information has been tampered with.

[0049]网站管理员可以通过用户设备向云端监控系统下发命令,该命令可以为不处理、还原被篡改信息、终止WEB服务等。 [0049] Webmaster by the user equipment to the monitoring system under the cloud send command, which can not handle, reducing the information has been tampered with, terminate WEB services. 当网站管理员基于被篡改的信息(或内容识别结果和被篡改的信息)分析出被篡改的信息的类型是正常网站更新时,向云端监控系统下发不处理的命令。 When the webmaster based on information (or content recognition results and information has been tampered with) analysis of the type of information it has been tampered with is normal site updates, send the command does not process the next cloud monitoring system has been tampered with. 当网站管理员基于被篡改的信息(或内容识别结果和被篡改的信息)分析出被篡改的信息的类型是入侵攻击时,向云端监控系统下发还原被篡改信息或终止WEB服务的命令。 When the webmaster based on information (or content recognition results and information has been tampered with) analysis of the type of information has been tampered with is the invasion attack, sent to restore order has been tampered with or terminated WEB information services to the cloud under the monitoring system has been tampered with.

[0050]步骤204,云端监控系统根据命令对WEB服务器进行防篡改处理。 [0050] Step 204, the cloud monitoring system anti-tampering process according to the command of the WEB server.

[0051]本发明实施例中,云端监控系统根据命令对WEB服务器进行防篡改处理的过程,具体可以包括但不限于如下方式:当命令为不处理时,则云端监控系统从WEB服务器上获取最新的WEB文件,并更新本地备份的WEB文件。 [0051] The embodiments of the present invention, the cloud monitoring system during anti-tampering process on the WEB server according to the command, specifically including but not limited to, the following manner: When the command is not processed, the cloud monitoring system for the latest from the WEB server the WEB file, and update the local copy of the file WEB. 当命令为还原被篡改信息时,则云端监控系统将WEB服务器的备份文件(即WEB服务器的未被篡改之前的WEB文件)发送给WEB服务器的本地防篡改系统,以使本地防篡改系统利用该备份文件还原WEB服务器的WEB页面信息。 When the command to restore the information has been tampered with, the monitoring system adds the cloud WEB server backup file (i.e. not been tampered with before WEB server WEB file) to the local WEB server tamper resistant system, so that the local use of the tamper resistant system backup file restore WEB server WEB page information. 当命令为终止WEB服务时,则云端监控系统向WEB服务器对应的出口路由器下发黑洞路由,以使出口路由器拦截所有目的IP地址为WEB服务器的流量;和/或,云端监控系统将智能DNS系统记录的WEB服务器对应的DNS,由WEB服务器的IP地址修改为备份页面或者维护页面所在的第三方服务器的IP地址,以使访问WEB服务器的流量被指定到备份页面或者维护页面所在的第三方服务器。 When hair black hole routing at exit router command is terminated WEB service, cloud monitoring system corresponding to the WEB server, so that egress router to intercept all the destination IP address traffic WEB server; and / or, cloud monitoring system will be intelligent DNS system WEB server corresponding DNS records, modified by the IP address of the WEB server as a backup server page or pages where the third-party maintenance of IP addresses, so that traffic to the WEB server is assigned to the backup page or pages where the third-party server maintenance .

[0052]本发明实施例中,为了防止本地防篡改系统被攻击者关闭后,一直处于关闭状态,则云端监控系统还可以定期检查WEB服务器的本地防篡改系统是否处于开启状态;如果是,则结束该过程;如果否,则云端监控系统将本地防篡改系统异常的信息发送给网站管理员使用的用户设备。 Embodiment [0052] of the present invention, in order to prevent local tamper resistant system after closing the attacker has been turned off, the cloud monitoring system may also check periodically whether the local tamper resistant system WEB server is enabled; if so, end of the process; if not, then the cloud monitoring system sends information about the local anti-tampering system abnormalities to the user equipment used by the site administrator. 之后,如果网站管理员分析出本地防篡改系统是由于异常情况导致被关闭,则网站管理员可以通过用户设备向云端监控系统下发重启本地防篡改系统的命令。 After that, if the webmaster to analyze the local anti-tampering system is due to the unusual circumstances leading to be closed, the site administrator can send commands to restart the local tamper-proof system to the cloud under the monitoring system by the user equipment. 如果网站管理员分析出本地防篡改系统是由于入侵攻击导致被关闭,则网站管理员可以通过用户设备向云端监控系统下发终止WEB服务的命令。 If the webmaster to analyze the local anti-tampering system because of the intrusion lead is closed, the site administrator can send a command to terminate WEB services under a cloud monitoring system by the user equipment.

[0053]云端监控系统在接收到重启本地防篡改系统的命令之后,直接重启本地防篡改系统。 [0053] Drive monitoring system after receiving a command to restart the tamper resistant system of the local, direct local restart tamper resistant system. 云端监控系统在接收到终止WEB服务的命令之后,则云端监控系统可以向WEB服务器对应的出口路由器下发黑洞路由,以使出口路由器拦截所有目的IP地址为WEB服务器的流量;和/或,云端监控系统可以将智能DNS系统记录的WEB服务器对应的DNS,由WEB服务器的IP地址修改为备份页面或者维护页面所在的第三方服务器的IP地址,以使访问WEB服务器的流量被指定到备份页面或者维护页面所在的第三方服务器。 Drive monitoring system after receiving a command to terminate the WEB service, the cloud monitoring system may correspond to a WEB server egress router issued black hole route to the outlet router intercepts all destination IP address for traffic WEB server; and / or, cloud the monitoring system can be intelligent DNS system records WEB server corresponding DNS, modify the IP address of the WEB server as a backup server page or pages where the third-party maintenance of IP addresses, so that traffic to the WEB server is assigned to the backup page or maintenance of third-party server page is located.

[0054]黑洞路由是一条特殊的静态路由,黑洞路由的下一跳指向一个不存在的出接口,这样,当收到匹配黑洞路由的流量时,会丢弃匹配到这条黑洞路由的所有流量。 [0054] A black hole is a special routing static route, black hole next hop point that the interface does not exist, so that, when the flow rate matches the received routing black hole, matched to discards all traffic routes this black hole. 基于此,通过向WEB服务器对应的出口路由器下发黑洞路由,且黑洞路由能够匹配到目的IP地址为WEB服务器的流量,这样,当出口路由器接收到目的IP地址为WEB服务器的流量时,会匹配到该黑洞路由,从而丢弃目的IP地址为WEB服务器的流量,不会将流量发送给WEB服务器。 Based on this, by sending black hole corresponding to the route to the WEB server egress router at, and black hole route matches the destination IP address traffic WEB server, so that, when the outlet router receives the destination IP address traffic WEB server, will match route to the black hole, so that the flow rate dropped destination IP address of the WEB server, does not send the traffic to the WEB server.

[0055] 在智能DNS系统中,会维护各个WEB服务器对应的DNS,该DNS中记录该WEB服务器的域名与该WEB服务器的IP地址之间的对应关系。 [0055] In the intelligent DNS system, maintains each corresponding WEB server DNS, the DNS record in the correspondence between the domain name of the WEB server and IP address of the WEB server. 在此基础上,通过将智能DNS系统记录的WEB服务器对应的DNS,由WEB服务器的IP地址修改为备份页面或者维护页面所在的第三方服务器的IP地址,使得该DNS中记录该WEB服务器的域名与第三方服务器的IP地址之间的对应关系。 On this basis, through the intelligent DNS system records WEB server corresponding DNS, IP address changes from the IP address of the WEB server for backup page or maintenance page where the third-party server, WEB server so that the domain name in the DNS record correspondence between the IP address with a third party server. 这样,当普通用户通过终端设备访问WEB服务器时,会发送携带WEB服务器的域名的DNS请求给智能DNS系统,而智能DNS系统会通过DNS响应将该域名对应的第三方服务器的IP地址发送给终端设备,而终端设备会通过第三方服务器的IP地址访问WEB服务器,即终端设备会访问到备份页面或者维护页面,而不会访问到WEB服务器的被篡改的页面。 Thus, when the ordinary user accesses the WEB server device through the terminal, it sends the domain name to the WEB server of the DNS request to the intelligent DNS system, the DNS system in response to the third-party smart server corresponding to the domain name through the DNS IP address to the terminal equipment and terminal equipment will be accessed via a third-party server IP address of the WEB server, that is, the terminal device accesses to the backup page or maintenance page, and will not be tampered with access to the page WEB server.

[0056]其中,备份页面或者维护页面所在的第三方服务器,可以是一个公有云服务器,也可以是云端监控系统对外提供的一个第三方服务器。 [0056] in which backup page or pages where a third party server maintenance can be a public cloud server, it can be a third-party server cloud monitoring system provided externally.

[0057]本发明实施例中,云端监控系统还可以定期检查智能DNS系统记录的WEB服务器对应的DNS,如果该WEB服务器的IP地址被修改为非法网站所在服务器的IP地址,则将智能DNS系统异常的信息发送给网站管理员使用的用户设备。 Embodiment [0057] embodiment of the present invention, the monitoring system may also check the cloud intelligent DNS system records the corresponding WEB server DNS regularly, if the IP address of the WEB server is modified to the server where the IP address of the illegal site, will intelligent DNS system abnormal information to the user equipment used by the site administrator.

[0058]具体的,如果攻击者通过网页挂马等方式来获取访问被篡改网页的用户信息,则攻击者会修改智能DNS系统记录的WEB服务器对应的DNS,将DNS中记录的该WEB服务器的域名与该WEB服务器的IP地址之间的对应关系,修改为该WEB服务器的域名与非法网站所在服务器的IP地址之间的对应关系,这样当普通用户通过终端设备访问WEB服务器时,终端设备会通过非法网站所在服务器的IP地址访问WEB服务器,即终端设备会访问到非法网站,从而泄露用户信息。 [0058] Specifically, if an attacker to obtain the user access to information is tampered pages through pages linked to horse, etc., an attacker modifies intelligent DNS system WEB server corresponding to the recorded DNS, to the WEB server in DNS recorded domain correspondence between the IP address of the server and WEB, modified to the corresponding relationship between domain names and IP address of the server WEB server where the illegal websites, so that when an ordinary user to access WEB server through a terminal equipment, terminal equipment will IP address of the site where the server through illegal access WEB server, that is, the terminal device will have access to illegal sites, thus disclosure of user information. 基于此,云端监控系统通过检查智能DNS系统记录的WEB服务器对应的DNS,如果该WEB服务器的IP地址被修改为非法网站所在服务器的IP地址,则将智能DNS系统异常的信息发送给网站管理员使用的用户设备,由网站管理员进行后期维护,以避免用户信息泄露,可以防范智能DNS系统被攻击者入侵并劫持DNS记录的情况。 Based on this, a cloud monitoring system intelligent DNS system by examining the record of the corresponding WEB server DNS, if the IP address of the WEB server is modified to the server where the site's IP address illegal, then the intelligent DNS system abnormalities send a message to webmaster user equipment, and conduct post-maintenance by the site administrator to avoid the disclosure of user information, you can prevent the situation intelligent DNS system has been invaded and the attacker hijack DNS records.

[0059]本发明实施例的上述过程中,云端监控系统与网站管理员使用的用户设备之间的交互方式可以为短信方式、微信方式等,在此不再赘述。 [0059] The above-described process embodiment of the present invention, the interaction between the user device webmaster cloud surveillance system may be used in text messages, micro-channel mode, etc., are not repeated here.

[0060]基于上述技术方案,本发明实施例中,通过部署在公网的云端监控系统对WEB服务器进行防篡改处理,可以在检测到WEB服务器上配置的WEB页面信息被篡改时,及时发现被篡改的信息,并及时通知网站管理员进行干涉。 [0060] Based on the above technical solution, embodiments of the present invention, by deploying the cloud monitoring system public network to the WEB server tamper-proof treatment, upon detecting a WEB page configuration information on the WEB server is tampered with, to discover the information tampering, and promptly notify the site administrator intervention. 而且,即使WEB服务器的本地防篡改系统被攻击者关闭,云端监控系统也能够发现WEB页面信息被篡改的信息,避免无法防范网页被恶意篡改的问题,能够防范被篡改信息外泄的风险,有效阻止被篡改信息扩散。 Moreover, even if the local WEB server tamper-proof system is turned off attackers, cloud monitoring system can also find information WEB page information has been tampered with, can not avoid the issue to prevent malicious tampering page, it is possible to prevent the risk of information leakage has been tampered with, and effective prevent the proliferation of information has been tampered with.

[0061]具体的,可以快速发现被篡改信息,能够及时发现被攻击者篡改的页面,并通过分析及时通知网站管理员进行干涉。 [0061] In particular, the information can be quickly found to be tampered with, the ability to detect the tampered attacker pages and notify the site administrator intervention through timely analysis. 而且,在发现网页被篡改后,可以通过还原被篡改信息、终止WEB服务等方式阻止被篡改信息的扩散。 Moreover, after the discovery of the page has been tampered with, the information can be tampered with by the reduction, termination WEB services, etc. to prevent diffusion of information has been tampered with. 而且,可以有效防范攻击者直接关闭本地防篡改系统,也可以防范攻击者入侵智能DNS系统进行DNS劫持。 Also, can effectively prevent the attacker directly off the local anti-tampering system, it can also prevent the attacker to perform DNS hijacking intelligent DNS system. 而且,由本地防篡改系统直接对WEB文件及数据库信息进行篡改检测,对性能影响很小。 Further, on the WEB file and database information directly by the local tamper detection tamper resistant system, it has little effect on performance. 而且,网站管理员可以通过短信/微信方式与云端监控系统进行联动,当终止WEB服务器对外提供的服务之后,还可以采用备份页面或者维护页面对外展示,用户良好体验。 Moreover, webmasters can be via SMS / micro-channel way with cloud monitoring system linkage, after termination of service provided by the external WEB server, can also be used to back up a page or maintenance page external display, a good user experience.

[0062]以下结合图3所示的流程图,对上述过程进行进一步的说明。 [0062] below with reference to the flowchart shown in FIG. 3, the above process is further illustrated.

[0063]步骤301,本地防篡改系统将被篡改的信息上报给云端监控系统。 [0063] Step 301, the tamper resistant system local information to be reported to the cloud tampered monitoring system.

[0064]步骤302,云端监控系统将被篡改的信息发送给内容识别系统。 [0064] Step 302, the cloud information monitoring system has been tampered transmitted to the content identification system.

[0065]步骤303,云端监控系统接收内容识别系统返回的内容识别结果。 [0065] Step 303, the cloud content monitoring system receives recognition system returns the contents of the recognition result.

[0066]步骤304,云端监控系统将被篡改的信息和内容识别结果发给用户设备。 [0066] Step 304, the cloud monitoring system has been tampered with and the contents of the recognition result information sent to the user equipment.

[0067]步骤305,云端监控系统接收网站管理员通过用户设备下发的命令。 [0067] Step 305, the monitoring system receives the cloud delivered by the website administrator user equipment commands.

[0068]步骤306,如果命令为还原被篡改信息,云端监控系统将备份文件发送给本地防篡改系统,本地防篡改系统利用备份文件还原WEB页面信息。 [0068] Step 306, if the command to restore the information has been tampered with, the monitoring system to the cloud backup file sent to the local system tamper resistant, the tamper resistant system using local backup files to restore WEB page information. 如果命令为终止WEB服务,云端监控系统向WEB服务器对应的出口路由器下发黑洞路由,将智能DNS系统记录的WEB服务器对应的DNS,由WEB服务器的IP地址修改为备份页面或者维护页面所在的第三方服务器的IP地址。 If the command is terminated WEB services, issued egress router cloud monitoring system corresponding to the WEB server black hole routing, intelligent DNS system records WEB server corresponding DNS, modify the backup page by the IP address of the WEB server or maintenance page where the first IP address of the three-way servers.

[0069]基于与上述方法同样的发明构思,本发明实施例中还提供了一种防篡改的处理装置,该防篡改的处理装置应用在云端监控系统上。 [0069] The above-described method based on the same inventive concept, the present invention embodiment further provides an anti-tamper processing apparatus, the processing device tamper-resistant applications in the cloud monitoring system. 其中,该防篡改的处理装置可以通过软件实现,也可以通过硬件或者软硬件结合的方式实现。 Wherein the tamper resistant processing means may be implemented by software may be realized by way of hardware or a combination of hardware and software. 以软件实现为例,作为一个逻辑意义上的装置,是通过其所在的云端监控系统的处理器,读取非易失性存储器中对应的计算机程序指令形成的。 Implemented in software, for example, as a device on the logical sense, by the processor in its cloud monitoring system, read the computer program instructions corresponding to the non-volatile memory formed. 从硬件层面而言,如图4所示,为本发明提出的防篡改的处理装置所在的云端监控系统的一种硬件结构图,除了图4所示的处理器、非易失性存储器外,云端监控系统还可以包括其他硬件,如负责处理报文的转发芯片、网络接口、内存等;从硬件结构上来讲,该本端云端监控系统还可能是分布式设备,可能包括多个接口卡,以便在硬件层面进行报文处理的扩展。 From the hardware level, a hardware configuration of the monitoring system of FIG cloud processing apparatus of the present invention proposes a tamper-resistant as shown in Figure 4 where, in addition to the processor shown in Figure 4, a nonvolatile memory, the Drive monitoring system may also include other hardware, such as handles packet forwarding chip, network interfaces, memory, and the like; the terms of the hardware architecture, the local monitoring system may also cloud distributed devices, which may include a plurality of interface cards, for extended packets to be processed at the hardware level.

[0070]如图5所示,为本发明提出的防篡改的处理装置的结构图,所述防篡改的处理装置应用在云端监控系统上,所述防篡改的处理装置具体包括: [0070], the structure of FIG processing apparatus of the present invention proposes a tamper resistant, the tamper resistant processing apparatus of the processing apparatus used in the monitoring system of the cloud, the tamper-5 comprises:

[0071 ]获得模块11,用于获得互联网WEB服务器的被篡改的信息; [0071] The acquisition module 11, to obtain the information has been tampered Internet WEB server;

[0072]发送模块12,用于将所述被篡改的信息发送给用户设备; [0072] The sending module 12, configured to send the information to the user equipment has been tampered with;

[0073]接收模块13,用于接收用户设备根据所述被篡改的信息下发的命令; [0073] The receiving module 13 for receiving user information of the apparatus according to the issued command is tampered;

[0074]处理模块14,用于根据所述命令对所述WEB服务器进行防篡改处理。 [0074] The processing module 14, anti-tampering process for the WEB server according to the command.

[0075]所述获得模块11,具体用于在获得WEB服务器的被篡改的信息的过程中,接收所述WEB服务器的本地防篡改系统上报的被篡改的信息;所述本地防篡改系统对所述WEB服务器的WEB页面信息进行监控,并当监控到WEB页面信息被篡改时,上报被篡改的信息;或者,定期获得所述WEB服务器的WEB页面信息,并通过比较获得的WEB页面信息与预先配置的WEB页面信息是否相同,确定所述获得的WEB页面信息是否被篡改,如果是,则获得被篡改的信息;所述WEB页面信息包括:所述WEB服务器的WEB文件和/或需要展示在所述WEB服务器的WEB页面上的来自数据库的内容。 [0075] The obtaining module 11, configured to process information has been tampered with information obtained in the WEB server is tampered with, the WEB server receives the tamper resistant system reported by the local; the tamper resistant system of the local WEB page information or periodically obtaining the WEB server, and by comparing the obtained information with a predetermined WEB page; WEB server WEB page information of said monitored, and when the monitoring information to the WEB page is tampered with, the reported information is tampered WEB page configuration information is the same, determining whether the acquired WEB page information has been tampered with, and if so, will obtain the information has been tampered with; the WEB page information comprises: WEB server WEB the file and / or the need to show content from the database on the WEB page in the WEB server.

[0076]所述发送模块12,还用于在获得WEB服务器的被篡改的信息后,将所述被篡改的信息发送给内容识别系统,由所述内容识别系统对所述被篡改的信息进行内容识别;所述接收模块13,还用于接收所述内容识别系统返回的内容识别结果;所述发送模块12,还用于将所述内容识别结果发送给所述用户设备; [0076] The sending module 12 is further configured to, after the information has been tampered with to obtain the WEB server, and transmits the information to the tampered content identification system, by the content identification information of the system is tampered content identification; the receiving module 13 is further configured to receive said content identification result returned by the content identification system; the sending module 12 is further configured to transmit the recognition result to the content to the user equipment;

[0077]所述发送模块12,还用于定期检查所述WEB服务器的本地防篡改系统是否处于开启状态;如果否,则将本地防篡改系统异常的信息发送给用户设备。 [0077] The sending module 12 is further configured to periodically check the local tamper resistant system of the WEB server is in an on state; if not, the tamper resistant system transmits local information to the user equipment abnormality.

[0078]所述处理模块14,具体用于在根据所述命令对所述WEB服务器进行防篡改处理的过程中,当所述命令为还原被篡改信息时,则将所述WEB服务器的备份文件发送给所述WEB服务器的本地防篡改系统,以使所述本地防篡改系统利用所述备份文件还原所述WEB服务器的WEB页面信息; [0078] The processing module 14, in particular for anti-tampering process according to the command processing in the WEB server, when the command to restore the information when it is tampered with, then the WEB server backup file local tamper resistant system to send the WEB server, so that the local anti-tampering system using the backup file to restore the WEB server WEB page information;

[0079]当所述命令为终止WEB服务时,则向所述WEB服务器对应的出口路由器下发黑洞路由,以使所述出口路由器拦截所有目的IP地址为所述WEB服务器的流量;和/或,将智能DNS系统记录的所述WEB服务器对应的DNS,由所述WEB服务器的IP地址修改为备份页面或者维护页面所在的第三方服务器的IP地址,以使访问所述WEB服务器的流量被指定到备份页面或者维护页面所在的第三方服务器。 [0079] When the egress router routes issued the black hole is a termination command WEB service, the WEB server corresponding to the, so that the egress router to intercept all traffic destination IP address of the WEB server; and / or , the WEB server intelligent DNS system corresponding DNS record, modify the IP address of the WEB server as a backup server page or pages where the third-party maintenance of IP addresses, so that traffic to the WEB server is specified to maintain backup page or a third-party server page is located.

[0080]所述发送模块12,还用于定期检查智能DNS系统记录的所述WEB服务器对应的DNS,如果所述WEB服务器的IP地址被修改为非法网站所在服务器的IP地址,则将所述智能DNS系统异常的信息发送给所述用户设备。 [0080] The sending module 12 is further configured to periodically check the intelligent DNS system records corresponding WEB server DNS, if the IP address of the WEB server is modified to the server where the IP address of the illegal web site, then the intelligent DNS system abnormality transmits information to the user equipment.

[0081]其中,本发明装置的各个模块可以集成于一体,也可以分离部署。 [0081] wherein each module of the present invention may be integrated in one apparatus, may be deployed separately. 上述模块可以合并为一个模块,也可以进一步拆分成多个子模块。 The above-described modules may be combined into one module, or split into multiple submodules.

[0082]通过以上的实施方式的描述,本领域的技术人员可以清楚地了解到本发明可借助软件加必需的通用硬件平台的方式来实现,当然也可以通过硬件,但很多情况下前者是更佳的实施方式。 [0082] By the above described embodiments, those skilled in the art may clearly understand that the present invention may be implemented by software plus a necessary universal hardware platform, also be implemented by hardware, but the former is in many cases more good embodiments. 基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述的方法。 Based on such understanding, the technical solutions of the present invention in essence or the part contributing to the prior art may be embodied in a software product, which computer software product is stored in a storage medium and includes several instructions to enable a a computer device (may be a personal computer, a server, or network device) to execute the methods according to embodiments of the present invention. 本领域技术人员可以理解附图只是一个优选实施例的示意图,附图中的模块或流程并不一定是实施本发明所必须的。 Those skilled in the art will be appreciated the drawings are merely schematic diagram of a preferred embodiment, the modules or processes in the accompanying drawings are not necessarily embodiments of the present invention it is necessary.

[0083]本领域技术人员可以理解实施例中的装置中的模块可以按照实施例描述进行分布于实施例的装置中,也可以进行相应变化位于不同于本实施例的一个或多个装置中。 [0083] Those skilled in the art will be appreciated apparatus embodiment that the modules can be distributed in accordance with an embodiment of the apparatus of the embodiment may be performed according to the present embodiment which are different from one case or more devices. 上述实施例的模块可以合并为一个模块,也可进一步拆分成多个子模块。 Modules of the embodiments may be combined into one module may be further split into multiple submodules. 上述本发明实施例序号仅仅为了描述,不代表实施例的优劣。 Example No. embodiment of the present invention are merely for description, and do not represent embodiments of the merits.

[0084]以上公开的仅为本发明的几个具体实施例,但是,本发明并非局限于此,任何本领域的技术人员能思之的变化都应落入本发明的保护范围。 Only a few [0084] The above disclosed specific embodiments of the present invention, however, the present invention is not limited thereto, anyone skilled in the art can think of variations shall fall within the scope of the present invention.

Claims (10)

  1. 1.一种防篡改的处理方法,其特征在于,所述方法包括以下步骤: 云端监控系统获得互联网WEB服务器的被篡改的信息; 所述云端监控系统将所述被篡改的信息发送给用户设备; 所述云端监控系统接收用户设备根据所述被篡改的信息下发的命令; 所述云端监控系统根据所述命令对所述WEB服务器进行防篡改处理。 1. A processing method of tamper-proof, characterized in that the method comprises the steps of: monitoring the cloud system obtains information is tampered Internet WEB server; transmission information monitoring system of the cloud to the user equipment has been tampered ; the cloud monitoring system receiving user equipment according to the information delivered by the command is tampered with; the cloud monitoring system anti-tampering process the WEB server according to the command.
  2. 2.根据权利要求1所述的方法,其特征在于,所述云端监控系统获得互联网WEB服务器的被篡改的信息的过程,具体包括: 所述云端监控系统接收所述WEB服务器的本地防篡改系统上报的被篡改的信息;其中,所述本地防篡改系统对所述WEB服务器的WEB页面信息进行监控,并当监控到WEB页面信息被篡改时,上报被篡改的信息;或者, 所述云端监控系统定期获得所述WEB服务器的WEB页面信息,并通过比较获得的WEB页面信息与预先配置的WEB页面信息是否相同,确定所述获得的WEB页面信息是否被篡改,如果是,则获得被篡改的信息; 其中,所述WEB页面信息具体包括:所述WEB服务器的WEB文件和/或需要展示在所述WEB服务器的WEB页面上的来自数据库的内容。 2. The method according to claim 1, wherein the process of obtaining information cloud monitoring system has been tampered with Internet WEB server, comprises: a local system receives the cloud monitoring tamper resistant system of the WEB server information has been tampered reported; wherein the tamper resistant system of the local WEB server WEB page of the monitoring information, and when the monitoring information to the WEB page is tampered with, the reported information is tampered with; or the monitoring Drive the system periodically obtaining the WEB server WEB page information, and by comparing the WEB page information obtained in the pre-configuration information is the same WEB page, determining whether the acquired WEB page information has been tampered with, if so, obtaining tampered information; wherein, the WEB page information comprises: WEB server WEB the file and / or database need to display content from the WEB page on a WEB server.
  3. 3.根据权利要求1所述的方法,其特征在于,所述方法进一步包括: 在所述云端监控系统获得WEB服务器的被篡改的信息之后,所述云端监控系统将所述被篡改的信息发送给内容识别系统,由所述内容识别系统对所述被篡改的信息进行内容识别;所述云端监控系统接收所述内容识别系统返回的内容识别结果,并将所述内容识别结果发送给所述用户设备; 所述云端监控系统定期检查所述WEB服务器的本地防篡改系统是否处于开启状态;如果否,则将本地防篡改系统异常的信息发送给所述用户设备。 3. The method according to claim 1, characterized in that, said method further comprising: information after the information has been tampered with to obtain the cloud WEB server monitoring system, the monitoring system to the cloud transmission is tampered a content identification system, by the content identification information of the system is tampered content identification; the cloud content monitoring system receives a recognition result returned by the content identification system and the recognition result is sent to the content the user equipment; the cloud monitoring system periodically checking the local WEB server tamper resistant system is in an open state; if not, the tamper resistant system local anomaly information transmitted to the user equipment.
  4. 4.根据权利要求1所述的方法,其特征在于,所述云端监控系统根据所述命令对所述WEB服务器进行防篡改处理的过程,具体包括: 当所述命令为还原被篡改信息时,则所述云端监控系统将所述WEB服务器的备份文件发送给所述WEB服务器的本地防篡改系统,以使所述本地防篡改系统利用所述备份文件还原所述WEB服务器的WEB页面信息; 当所述命令为终止WEB服务时,则所述云端监控系统向所述WEB服务器对应的出口路由器下发黑洞路由,以使所述出口路由器拦截所有目的IP地址为所述WEB服务器的流量;和/或,所述云端监控系统将智能DNS系统记录的所述WEB服务器对应的DNS,由所述WEB服务器的IP地址修改为备份页面或者维护页面所在的第三方服务器的IP地址,以使访问所述WEB服务器的流量被指定到备份页面或者维护页面所在的第三方服务器。 4. The method according to claim 1, wherein said monitoring system cloud procedure of the anti-tampering process according to the command WEB server specifically comprises: when the command to restore the information has been tampered with, the tamper resistant system is a local cloud monitoring system transmits the WEB server to the backup file WEB server, so that the tamper resistant system by using the local backup files to restore the WEB server WEB page information; when the WEB service termination command, then the monitoring system corresponding to the cloud sent to the WEB server egress router routing the black hole, so that the egress router IP address for all purposes to intercept the flow of the WEB server; and / or the monitoring system to the cloud server WEB intelligent DNS system corresponding DNS record, modify the IP address of the WEB server for backup page or maintaining IP address of the page where the third-party server, so that access to the WEB server traffic is assigned to the backup page or a third-party server maintenance page is located.
  5. 5.根据权利要求1所述的方法,其特征在于,所述方法进一步包括: 所述云端监控系统定期检查智能DNS系统记录的所述WEB服务器对应的DNS,如果所述WEB服务器的IP地址被修改为非法网站所在服务器的IP地址,则将所述智能DNS系统异常的信息发送给所述用户设备。 5. The method according to claim 1, characterized in that, said method further comprising: monitoring the system checks the cloud intelligent DNS system records the corresponding WEB server DNS, if the IP address of the WEB server is modify the server where the site's IP address illegal, intelligent DNS system will send the error information to the user equipment.
  6. 6.—种防篡改的处理装置,其特征在于,所述防篡改的处理装置应用在云端监控系统上,所述防篡改的处理装置具体包括: 获得模块,用于获得互联网WEB服务器的被篡改的信息; 发送模块,用于将所述被篡改的信息发送给用户设备; 接收模块,用于接收用户设备根据所述被篡改的信息下发的命令; 处理模块,用于根据所述命令对所述WEB服务器进行防篡改处理。 6.- species tamper resistant processing means, wherein said processing means processing device tamper resistant applications in the cloud monitoring system, the tamper-proof comprises: obtaining means for obtaining Internet WEB server has been tampered information; transmitting means for transmitting information to a user of the device has been tampered with; receiving means for receiving information sent by the user equipment according to the command has been tampered with; a processing module, according to the command the WEB server anti-tampering process.
  7. 7.根据权利要求6所述的装置,其特征在于, 所述获得模块,具体用于在获得WEB服务器的被篡改的信息的过程中,接收所述WEB月艮务器的本地防篡改系统上报的被篡改的信息;所述本地防篡改系统对所述WEB服务器的WEB页面信息进行监控,并当监控到WEB页面信息被篡改时,上报被篡改的信息;或者,定期获得所述WEB服务器的WEB页面信息,并通过比较获得的WEB页面信息与预先配置的WEB页面信息是否相同,确定所述获得的WEB页面信息是否被篡改,如果是,则获得被篡改的信息;所述WEB页面信息包括:所述WEB服务器的WEB文件和/或需要展示在所述WEB服务器的WEB页面上来自数据库的内容。 7. The device according to claim 6, wherein the obtaining module is configured to obtain a WEB server process information has been tampered with, the receiving device that works to the WEB months local anti-tamper system reports information has been tampered with; tamper resistant system of the local WEB server WEB page of the monitoring information, and when the monitoring information to the WEB page is tampered with, the reported information is tampered with; or periodically obtaining the WEB server WEB page information, and by comparing the WEB page information obtained in the pre-configuration information is the same WEB page, it is determined whether the WEB page information obtained is tampered with, if so, will obtain the information has been tampered with; the WEB page information comprises : WEB WEB server of the file and / or need to appear on a content database from the WEB page WEB server.
  8. 8.根据权利要求6所述的装置,其特征在于, 所述发送模块,还用于在获得WEB服务器的被篡改的信息后,将所述被篡改的信息发送给内容识别系统,由所述内容识别系统对所述被篡改的信息进行内容识别;所述接收模块,还用于接收所述内容识别系统返回的内容识别结果;所述发送模块,还用于将所述内容识别结果发送给所述用户设备; 所述发送模块,还用于定期检查所述WEB服务器的本地防篡改系统是否处于开启状态;如果否,则将本地防篡改系统异常的信息发送给用户设备。 8. The apparatus according to claim 6, wherein the transmitting module is further configured to, after the information has been tampered with to obtain the WEB server, and transmits the information to the tampered content identification system, by the the system of the content identification information identifying the content has been tampered with; the receiving module is further configured to receive said content identification result returned by the content identification system; the sending module is further configured to send the identification result to the content the user equipment; the sending module is further configured to periodically check the local WEB server tamper resistant system is in an open state; if not, the tamper resistant system transmits local information to the user equipment abnormality.
  9. 9.根据权利要求6所述的装置,其特征在于, 所述处理模块,具体用于在根据所述命令对所述WEB服务器进行防篡改处理的过程中,当所述命令为还原被篡改信息时,则将所述WEB服务器的备份文件发送给所述WEB服务器的本地防篡改系统,以使所述本地防篡改系统利用所述备份文件还原所述WEB服务器的WEB页面信息; 当所述命令为终止WEB服务时,则向所述WEB服务器对应的出口路由器下发黑洞路由,以使所述出口路由器拦截所有目的IP地址为所述WEB服务器的流量;和/或,将智能DNS系统记录的所述WEB服务器对应的DNS,由所述WEB服务器的IP地址修改为备份页面或者维护页面所在的第三方服务器的IP地址,以使访问所述WEB服务器的流量被指定到备份页面或者维护页面所在的第三方服务器。 9. The apparatus according to claim 6, wherein the processing module is configured to process the anti-tampering process according to the command of the WEB server, when the command to restore the information has been tampered local anti-tamper system, the backup file will be sent to the WEB server WEB server, so that the local anti-tampering system using the backup file to restore the WEB server WEB page information; when the command WEB service is terminated, the WEB server corresponding to the egress router routes issued black hole, so that the egress router to intercept all traffic destination IP address of the WEB server; and / or, the intelligent system DNS records the WEB server corresponding to the DNS, an IP address modified by the WEB server to backup the page or pages located by third parties server IP address, so that traffic to the WEB server is assigned to the backup page or pages located maintenance third-party servers.
  10. 10.根据权利要求6所述的装置,其特征在于, 所述发送模块,还用于定期检查智能DNS系统记录的所述WEB服务器对应的DNS,如果所述WEB服务器的IP地址被修改为非法网站所在服务器的IP地址,则将所述智能DNS系统异常的信息发送给所述用户设备。 10. The apparatus according to claim 6, wherein the sending module is further configured to periodically check the intelligent DNS system records the corresponding WEB server DNS, if the IP address of the WEB server is modified illegally IP address of the server site, then the intelligent DNS system abnormalities send a message to the user equipment.
CN 201610010211 2016-01-06 2016-01-06 Processing method and apparatus of the tamper-resistant species CN105678193B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN 201610010211 CN105678193B (en) 2016-01-06 2016-01-06 Processing method and apparatus of the tamper-resistant species

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN 201610010211 CN105678193B (en) 2016-01-06 2016-01-06 Processing method and apparatus of the tamper-resistant species

Publications (2)

Publication Number Publication Date
CN105678193A true true CN105678193A (en) 2016-06-15
CN105678193B CN105678193B (en) 2018-08-14

Family

ID=56299505

Family Applications (1)

Application Number Title Priority Date Filing Date
CN 201610010211 CN105678193B (en) 2016-01-06 2016-01-06 Processing method and apparatus of the tamper-resistant species

Country Status (1)

Country Link
CN (1) CN105678193B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106599242A (en) * 2016-12-20 2017-04-26 福建六壬网安股份有限公司 Webpage change monitoring method and system based on similarity calculation

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN201054604Y (en) * 2007-07-04 2008-04-30 福建伊时代信息科技有限公司 Driver website tamper prevention architecture
CN101292252A (en) * 2005-10-18 2008-10-22 松下电器产业株式会社 Information processing device, and method therefor
CN101888311A (en) * 2009-05-11 2010-11-17 中联绿盟信息技术(北京)有限公司 Equipment, method and system for preventing network contents from being tampered
CN102624570A (en) * 2012-04-27 2012-08-01 杭州东信北邮信息技术有限公司 Monitoring system and method for detecting availability of web server
US8613102B2 (en) * 2004-03-30 2013-12-17 Intellectual Ventures I Llc Method and system for providing document retention using cryptography
CN103561076A (en) * 2013-10-28 2014-02-05 中国科学院信息工程研究所 Webpage trojan-linking real-time protection method and system based on cloud

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8613102B2 (en) * 2004-03-30 2013-12-17 Intellectual Ventures I Llc Method and system for providing document retention using cryptography
CN101292252A (en) * 2005-10-18 2008-10-22 松下电器产业株式会社 Information processing device, and method therefor
CN201054604Y (en) * 2007-07-04 2008-04-30 福建伊时代信息科技有限公司 Driver website tamper prevention architecture
CN101888311A (en) * 2009-05-11 2010-11-17 中联绿盟信息技术(北京)有限公司 Equipment, method and system for preventing network contents from being tampered
CN102624570A (en) * 2012-04-27 2012-08-01 杭州东信北邮信息技术有限公司 Monitoring system and method for detecting availability of web server
CN103561076A (en) * 2013-10-28 2014-02-05 中国科学院信息工程研究所 Webpage trojan-linking real-time protection method and system based on cloud

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106599242A (en) * 2016-12-20 2017-04-26 福建六壬网安股份有限公司 Webpage change monitoring method and system based on similarity calculation

Also Published As

Publication number Publication date Type
CN105678193B (en) 2018-08-14 grant

Similar Documents

Publication Publication Date Title
US7624444B2 (en) Method and apparatus for detecting intrusions on a computer system
US6804778B1 (en) Data quality assurance
US8561181B1 (en) Detecting man-in-the-middle attacks via security transitions
US6981155B1 (en) System and method for computer security
US7832006B2 (en) System and method for providing network security
US7970939B1 (en) Methods and systems for addressing DNS rebinding
US7934253B2 (en) System and method of securing web applications across an enterprise
US7373524B2 (en) Methods, systems and computer program products for monitoring user behavior for a server application
US20080034424A1 (en) System and method of preventing web applications threats
US20090100518A1 (en) System and method for detecting security defects in applications
US20080141342A1 (en) Anti-Phishing System
US20020162017A1 (en) System and method for analyzing logfiles
US20080028444A1 (en) Secure web site authentication using web site characteristics, secure user credentials and private browser
US20040123141A1 (en) Multi-tier intrusion detection system
US6298445B1 (en) Computer security
Dhage et al. Intrusion detection system in cloud computing environment
US20110167474A1 (en) Systems and methods for mobile application security classification and enforcement
US20100235918A1 (en) Method and Apparatus for Phishing and Leeching Vulnerability Detection
US20030208694A1 (en) Network security system and method
US20130291087A1 (en) Systems and methods for integrating cloud services with information management systems
US20090228780A1 (en) Identification of and Countermeasures Against Forged Websites
US20050187934A1 (en) Methods, systems and computer program products for geography and time monitoring of a server application user
US20050188222A1 (en) Methods, systems and computer program products for monitoring user login activity for a server application
US20100077483A1 (en) Methods, systems, and media for baiting inside attackers
US20050188221A1 (en) Methods, systems and computer program products for monitoring a server application

Legal Events

Date Code Title Description
C06 Publication
C10 Entry into substantive examination
GR01