A kind of website attack protection checking system and method
Technical field
The present invention relates to technical field of network security, be specifically related to a kind of website attack protection checking system and method.
Background technology
Net cast website is when daily execution miscellaneous service at present, needs to preserve various sensitive information, such as user
People's identity information, Credit Card Payments data and website business information, the most easily become the target of attack of illegal user.In order to protect
Protect the interests of user and website, need the client that request is connected to verify to defend the various illegal request of illegal user
Or network attack, client refers generally to browser or app application.But internet site, especially net cast website
User numerous, visit capacity is huge, the most both ensured validated user to the access of website and maintain website properly functioning, again can
Enough guarantee the safety of validated user and website, have become as urgent problem.
Summary of the invention
For defect present in prior art, present invention is primarily targeted at a kind of website of offer attack protection checking system
System, another object of the present invention is to provide a kind of website attack protection verification method, uses the mode of checking authentication password, can
Enough ensure that the request of secured user is unaffected, also can effectively intercept the connection request of insecure user, take precautions against website
Illegal request and network attack, it is ensured that web portal security runs.
The present invention provides a kind of website attack protection checking system, including:
Whether one-level detection module, be the secured user that system was assert for using authentication password detection user;
Secondary detection module, for by user ask access uniform resource locator URL, user access the time and
User IP judges whether the user behavior of the insecure user of one-level detection module identification is network attack.
On the basis of technique scheme, described authentication password includes the first authentication password and authenticates with described first
Second authentication password of password pairing;Described system also includes secret generation module, and described secret generation module is for described
The user behavior of secondary detection module identification belongs to the user of network attack and sends identifying code, and identifying code encryption is generated the first mirror
Power password, and judge that the identifying code that this user inputs is the most correct, after identifying code is correct, generate and the first authentication password pairing
Second authentication password, and be sent to input correct user browser by described first authentication password and the second authentication password
In cookie, and in the cookie of the user browser that described first authentication password is sent to input error, and will checking
Code error message is sent to the user of input error.
On the basis of technique scheme, described second authentication password includes described identifying code and key.
On the basis of technique scheme, described secret generation module uses HMACMD5 AES to be added by identifying code
Described first authentication password of close generation, and identifying code and key are encrypted described second authentication password of generation.
On the basis of technique scheme, described system also includes that memory module, described memory module are used for preserving institute
State identifying code, key, authentication password and monitoring table, URL that described monitoring table record need to monitor, need storage and monitoring time segment and need
Monitoring User IP.
On the basis of technique scheme, the described time period needing each URL of monitoring period segment record to monitor.
On the basis of technique scheme, the URL that the need obtained by big data analysis are monitored by secondary detection module
It is stored in described monitoring table with User IP need to be monitored.
The present invention also provides for a kind of website attack protection verification method, comprises the following steps:
S1. whether one-level detection module uses authentication password detection user to be the secured user that system was assert, described mirror
Power password includes the first authentication password and the second authentication password with described first authentication password pairing, if so, enters S4;If
No, enter S2;
S2. secondary detection module asks the uniform resource locator URL accessed, user to access time and user by user
IP judges whether the user behavior of the insecure user of one-level detection module identification is network attack;If it is not, enter S6;If so,
Enter S3;
S3. the user that secret generation module belongs to network attack to the user behavior of described secondary detection module identification sends
Identifying code, generates identifying code encryption the first authentication password, and judges that the identifying code that this user inputs is the most correct, if it is not, enter
Enter S4;If so, S5 is entered;
S4. described first authentication password and identifying code error message are sent to the user of input error, terminate;
S5. generate and the second authentication password of described first authentication password pairing, by described first authentication password and second
Authentication password is sent to input in the cookie of correct user browser;
S6. show the content that user asks, terminate.
On the basis of technique scheme, step S1 specifically includes:
One-level detection module receive user send request, and detect whether the cookie of user browser has authentication close
Code, and whether authentication password match, if having authentication password and pairing in the cookie of user browser, then judges that this user is
The secured user that system was assert.
On the basis of technique scheme, step S2 specifically includes:
Secondary detection module detects user successively asks the URL accessed, user whether to access time and User IP for needing prison
Control URL, need storage and monitoring time segment and User IP need to be monitored, be then to judge this use if the testing result of secondary detection module is
Family behavior is network attack.
Compared with prior art, advantages of the present invention is as follows:
(1) present invention includes one-level detection module and secondary detection module, and one-level detection module is used for using authentication password
Whether detection user is the secured user that system was assert, secondary detection module for asking the unified resource accessed by user
Localizer URL, user access the time and whether User IP judges the user behavior of insecure user that one-level detection module assert
For network attack.Therefore, can either ensure that the request of secured user is unaffected, also can effectively intercept the company of insecure user
Connect request, take precautions against the illegal request to website and network attack, it is ensured that web portal security runs.
(2) present invention includes secret generation module, and secret generation module is for the user's row assert to secondary detection module
Send identifying code for belonging to the user of network attack, identifying code encryption is generated the first authentication password, and judges that this user inputs
Identifying code whether correct, after identifying code is correct, generates and the second authentication password of the first authentication password pairing, and reflect first
Power password and the second authentication password are sent to input in the cookie of correct user browser, complete to recognize secured user
Fixed.And in the cookie of the user browser that the first authentication password is sent to input error, and identifying code mistake is believed
Breath is sent to the user of input error, intercepts the connection request of network attack user.
(3) secret generation module in the present invention uses HMACMD5 AES that identifying code encryption is generated authentication password,
Authentication password includes the first authentication password and the second authentication password with the first authentication password pairing, wherein, the first authentication password
Including identifying code, the second authentication password includes identifying code and key.Therefore, authentication password safety is high, it can be ensured that website
Safe operation.
(4) URL and the User IP that the need obtained by big data analysis are monitored by the secondary detection module in the present invention is deposited
Enter in monitoring table.Monitoring table record need to monitor URL, need storage and monitoring time segment and User IP need to be monitored, need monitoring period segment record
The time period that each URL need to monitor, therefore, it is possible to take flexible counter-measure according to practical situation, it is ensured that to need to monitor
URL, need the reasonable management and control of storage and monitoring time segment and User IP.
Accompanying drawing explanation
Fig. 1 is embodiment of the present invention website attack protection checking system block diagram;
Fig. 2 is embodiment of the present invention website attack protection verification method flow chart.
Reference:
One-level detection module 1, secondary detection module 2, secret generation module 3, memory module 4.
Detailed description of the invention
Term illustrates:
Lua is the script embedding server.
Nginx is the Web server of a lightweight, Reverse Proxy and Email (IMAP/POP3) agency
Server.
Identifying code is that user identifies that picture carries out behavior checking.
TCP (Transmission Control Protocol transmission control protocol).
MD5 (Message Digest Algorithm Message Digest Algorithm 5) is that computer safety field extensively makes
A kind of hash function, in order to provide the integrity protection of message.
HMAC (Hash-based Message Authentication Code) is the Hash operation message that key is relevant
Authentication code, HMAC computing utilizes hash algorithm, with a key and message for input, generates an eap-message digest as defeated
Go out.
HMACMD5 is a kind of keying hash algorithm from MD5 hash function structure, is used as information authentication based on Hash
Code.Key is mixed by this HMAC process with message data, uses hash function mixing resultant to be carried out Hash calculation, by gained
Cryptographic Hash mixes with this key, the most again applies hash function.A length of 128 of the cryptographic Hash of output.
Below in conjunction with the accompanying drawings and specific embodiment the present invention is described in further detail.
Shown in Figure 1, the embodiment of the present invention provides a kind of website attack protection checking system, including one-level detection module 1,
Secondary detection module 2, secret generation module 3 and memory module 4.This system is saved in server end, wherein:
Whether one-level detection module 1, be the secured user that system was assert for using authentication password detection user;
Secondary detection module 2, for by user ask access uniform resource locator URL, user access the time and
User IP judges whether the user behavior of the insecure user that one-level detection module 1 assert is network attack.
The present invention includes one-level detection module 1 and secondary detection module 2, and one-level detection module 1 is used for using authentication password
Whether detection user is the secured user that system was assert, secondary detection module 2 for asking the unified money accessed by user
Source location device URL, user access the time and User IP judges that the user behavior of insecure user of one-level detection module identification is
No for network attack.Therefore, can either ensure that the request of secured user is unaffected, also can effectively intercept insecure user
Connection request, takes precautions against the illegal request to website and network attack, it is ensured that web portal security runs.
Authentication password includes the first authentication password and the second authentication password with the first authentication password pairing.Password generates
The user that module 3 belongs to network attack for the user behavior assert to secondary detection module 2 sends identifying code, is added by identifying code
Close generation the first authentication password, and judge that the identifying code that this user inputs is the most correct, after identifying code is correct, generate the second authentication
Password, and be sent to the first authentication password and the second authentication password to input in the cookie of correct user browser, and
It is sent to the first authentication password to input in the cookie of correct user browser, and identifying code error message is sent to
The user of input error.
When high concurrency is asked, if big by produce by being used for verifying that the authentication password of user is stored in server end
Amount TCP connects, and in order to avoid server end hydraulic performance decline, therefore the authentication password being used for verifying user is stored in use by the present invention
In the cookie of family browser.
Secret generation module 3 in the present invention by the first authentication password and with first authentication password pairing second authentication close
Code is sent to input in the cookie of correct user browser, completes the identification to secured user, and by the first authentication password
In the cookie of the user browser being sent to input error, and identifying code error message is sent to the use of input error
Family, intercepts the connection request of network attack user.
Second authentication password includes identifying code and key.
Secret generation module 3 uses HMACMD5 AES that identifying code encryption generates the first authentication password, and will checking
Code and key encryption generate the second authentication password.
Secret generation module 3 in the present invention uses HMACMD5 AES that identifying code encryption is generated authentication password, mirror
Power password includes the first authentication password and the second authentication password with the first authentication password pairing, wherein, the first authentication password bag
Including identifying code, the second authentication password includes identifying code and key.Therefore, authentication password safety is high, it can be ensured that the peace of website
Row for the national games.
Memory module 4 is used for preserving identifying code, key, authentication password and monitoring table, and monitoring table record need to monitor
URL, need storage and monitoring time segment and User IP need to be monitored.
Need the time period that each URL of monitoring period segment record need to monitor.
The URL that the need obtained by big data analysis are monitored by secondary detection module 2 and User IP need to be monitored be stored in monitoring
In table.
URL and User IP that the need obtained by big data analysis are monitored by the secondary detection module 2 in the present invention are stored in
In monitoring table.Monitoring table record need to monitor URL, need storage and monitoring time segment and User IP need to be monitored, need monitoring period segment record every
The time period that individual URL need to monitor, therefore, it is possible to take flexible counter-measure according to practical situation, it is ensured that to the URL that need to monitor,
Need the reasonable management and control of storage and monitoring time segment and User IP.
One-level detection module 1, secondary detection module 2 and secret generation module 3 can use lua script based on
Above-mentioned functions is realized on the server end of Nginx server.
Shown in Figure 2, the embodiment of the present invention also provides for a kind of website attack protection verification method, comprises the following steps:
S1. whether one-level detection module uses authentication password detection user to be the secured user that system was assert, authenticates close
Code includes the first authentication password and the second authentication password with the first authentication password pairing, if so, enters S4;If it is not, enter
S2。
Step S1 specifically includes:
One-level detection module receive user send request, and detect whether the cookie of user browser has authentication close
Code, and whether authentication password match, if having authentication password and pairing in the cookie of user browser, then judges that this user is
The secured user that system was assert.
S2. secondary detection module asks the uniform resource locator URL accessed, user to access time and user by user
IP judges whether the user behavior of the insecure user of one-level detection module identification is network attack;If it is not, enter S6;If so,
Enter S3.
Step S2 specifically includes:
Secondary detection module 2 detects user successively asks the URL accessed, user whether to access time and User IP for needing prison
Control URL, need storage and monitoring time segment and User IP need to be monitored, be then to judge this use if the testing result of secondary detection module 2 is
Family behavior is network attack.
S3. user's transmission that secret generation module 3 belongs to network attack to the user behavior that secondary detection module 2 is assert is tested
Card code, generates identifying code encryption the first authentication password, and judges that the identifying code that this user inputs is the most correct, if it is not, enter
S4;If so, S5 is entered.
S4. the first authentication password and identifying code error message are sent to the user of input error, terminate.
S5. generate and the second authentication password of the first authentication password pairing, by the first authentication password and the second authentication password
It is sent to input in the cookie of correct user browser.
S6. show the content that user asks, terminate.
The present invention is not limited to above-mentioned embodiment, for those skilled in the art, without departing from
On the premise of the principle of the invention, it is also possible to make some improvements and modifications, these improvements and modifications are also considered as the protection of the present invention
Within the scope of.The content not being described in detail in this specification belongs to prior art known to professional and technical personnel in the field.