CN107896210A - Safety protecting method, device, server and storage medium - Google Patents

Safety protecting method, device, server and storage medium Download PDF

Info

Publication number
CN107896210A
CN107896210A CN201711123714.1A CN201711123714A CN107896210A CN 107896210 A CN107896210 A CN 107896210A CN 201711123714 A CN201711123714 A CN 201711123714A CN 107896210 A CN107896210 A CN 107896210A
Authority
CN
China
Prior art keywords
information
access
user
forbid
database
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201711123714.1A
Other languages
Chinese (zh)
Inventor
陈诚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Knownsec Information Technology Co Ltd
Original Assignee
Beijing Knownsec Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Knownsec Information Technology Co Ltd filed Critical Beijing Knownsec Information Technology Co Ltd
Priority to CN201711123714.1A priority Critical patent/CN107896210A/en
Publication of CN107896210A publication Critical patent/CN107896210A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems

Landscapes

  • Engineering & Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Automation & Control Theory (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a kind of safety protecting method, device, server and storage medium, it is related to field of computer technology.The safety protecting method can include:The access request that the user terminal of user is sent is obtained, the access request comprises at least the identification information of the user, interface ID information of the identification information including at least the id information of the user, source IP information and the user terminal;Judge whether to record in the first database and forbid access identities information corresponding to the id information of the user, forbid forbidding access identities information corresponding to the interface ID information of access identities information or the user terminal corresponding to the source IP information;For it is no when, then respond the access request, perform and access operation.The safety protecting method, device, server and storage medium can strengthen the security of server.

Description

Safety protecting method, device, server and storage medium
Technical field
The present invention relates to field of computer technology, in particular to a kind of safety protecting method, device, server and Storage medium.
Background technology
In Internet era of today, many websites can all meet with web crawlers and crawl data message, and some intelligence are searched Index hold up reptile crawl website frequency it is generally relatively reasonable, it is less to the resource consumption of website;But some malice reptiles, generally Site information can be crawled in a manner of concurrent and with high frequency, can so cause greatly to bear to server, cause to take Business device collapse.The access behavior of malice not only causes great infringement to Website server resource, also website is caused directly Connect economic loss.
The content of the invention
In view of this, the embodiments of the invention provide a kind of safety protecting method, device, server and storage medium.
To achieve these goals, the technical solution adopted by the present invention is as follows:
In a first aspect, the embodiments of the invention provide a kind of safety protecting method, methods described includes:Obtain the use of user The access request that family terminal is sent, the access request comprise at least the identification information of the user, the identity Interface ID information of the information including at least the id information of the user, source IP information and the user terminal;Judge the first number Forbid access identities information corresponding to the id information of the user according to whether being recorded in storehouse, forbid corresponding to the source IP information Forbid access identities information corresponding to the interface ID information of access identities information or the user terminal;For it is no when, then respond The access request, perform and access operation.
Second aspect, the embodiments of the invention provide a kind of safety device, described device include acquisition request module, First judge module and the first execution module, wherein, the user terminal that the acquisition request module is used to obtain user is sent Access request, the access request comprises at least the identification information of the user, and the identification information at least wraps Include the interface ID information of the id information of the user, source IP information and the user terminal;First judge module is used for Judge whether to record in the first database and forbid access identities information, the source IP information corresponding to the id information of the user It is corresponding to forbid forbidding access identities information corresponding to the interface ID information of access identities information or the user terminal;Described One execution module is used to not have to record to have in first database to forbid access identities corresponding to the id information of the user Forbid forbidding visiting corresponding to the interface ID information of access identities information or the user terminal corresponding to information, the source IP information When asking identification information, the access request is responded, performs and accesses operation.
The third aspect, the embodiments of the invention provide a kind of server, the server includes memory and processor, institute Stating memory storage has computer instruction, when the computer instruction is read and performed by the processor, makes the processing Device performs the method that above-mentioned first aspect provides.
Fourth aspect, it is stored with computer the embodiments of the invention provide a kind of storage medium, in the storage medium and refers to Order, wherein, the computer instruction performs the method that above-mentioned first aspect provides when being read and running.
Safety protecting method, device, server and storage medium provided in an embodiment of the present invention, by the use for obtaining user The access request that family terminal is sent, wherein, access request comprises at least the identification information of user, and identification information is at least The interface ID information of id information including user, source IP information and user terminal, then judge whether remember in the first database Record, which has, to be forbidden access identities information, forbids access identities information or user whole corresponding to source IP information corresponding to the id information of user Forbid access identities information corresponding to the interface ID information at end, finally record has the id information of user corresponding in the first database Forbid access identities information, forbid corresponding to the interface ID information of access identities information or user terminal corresponding to source IP information When forbidding access identities information, the access request is responded, performs and accesses operation.The safety protecting method can be according to the body of user Multiple identity in part identification information related information judges whether the user terminal of the user can access, avoid by The user for forbidding accessing is accessed by distorting IP address information to realize, so as to strengthen the security of server.
To enable the above objects, features and advantages of the present invention to become apparent, preferred embodiment cited below particularly, and coordinate Appended accompanying drawing, is described in detail below.
Brief description of the drawings
To make the purpose, technical scheme and advantage of the embodiment of the present invention clearer, below in conjunction with the embodiment of the present invention In accompanying drawing, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is Part of the embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art The every other embodiment obtained under the premise of creative work is not made, belongs to the scope of protection of the invention.
Fig. 1 shows the schematic diagram that server provided in an embodiment of the present invention interacts with user terminal;
Fig. 2 shows the block diagram of server provided in an embodiment of the present invention;
Fig. 3 shows the flow chart of safety protecting method provided in an embodiment of the present invention;
Fig. 4 shows the flow chart of step S130 in safety protecting method provided in an embodiment of the present invention;
Fig. 5 shows the module map of safety device provided in an embodiment of the present invention;
Fig. 6 shows the module map of the first execution module in safety device provided in an embodiment of the present invention.
Embodiment
Below in conjunction with accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete Ground describes, it is clear that described embodiment is only part of the embodiment of the present invention, rather than whole embodiments.Generally exist The component of the embodiment of the present invention described and illustrated in accompanying drawing can be configured to arrange and design with a variety of herein.Cause This, the detailed description of the embodiments of the invention to providing in the accompanying drawings is not intended to limit claimed invention below Scope, but it is merely representative of the selected embodiment of the present invention.Based on embodiments of the invention, those skilled in the art are not doing The every other embodiment obtained on the premise of going out creative work, belongs to the scope of protection of the invention.
It should be noted that:Similar label and letter represents similar terms in following accompanying drawing, therefore, once a certain Xiang Yi It is defined, then it further need not be defined and explained in subsequent accompanying drawing in individual accompanying drawing.Meanwhile the present invention's In description, term " first ", " second " etc. are only used for distinguishing description, and it is not intended that instruction or hint relative importance.
Fig. 1 shows a kind of structured flowchart for the server that can be applied in the embodiment of the present invention.As shown in figure 1, service Device 100 includes memory 102, storage control 104, one or more (one is only shown in figure) processors 106, Peripheral Interface 108th, radio-frequency module 110, audio-frequency module 112, display unit 114 etc..These components pass through one or more communication bus/signal Line 116 mutually communicates.
Memory 102 can be used for storage software program and module, such as the safety protecting method in the embodiment of the present invention and Programmed instruction/module corresponding to device, processor 106 are stored in software program and module in memory 102 by operation, So as to perform various function application and data processing, such as safety protecting method provided in an embodiment of the present invention.
Memory 102 may include high speed random access memory, may also include nonvolatile memory, such as one or more magnetic Property storage device, flash memory or other non-volatile solid state memories.Processor 106 and other possible components are to storage The access of device 102 can be carried out under the control of storage control 104.
Various input/output devices are coupled to processor 106 and memory 102 by Peripheral Interface 108.In some implementations In example, Peripheral Interface 108, processor 106 and storage control 104 can be realized in one single chip.In some other reality In example, they can be realized by independent chip respectively.
Radio-frequency module 110 is used to receiving and sending electromagnetic wave, realizes the mutual conversion of electromagnetic wave and electric signal, so that with Communication network or other equipment are communicated.
Audio-frequency module 112 provides a user COBBAIF, and it may include one or more microphones, one or more raises Sound device and voicefrequency circuit.
Display unit 114 provides a display interface between server 100 and user.Specifically, display unit 114 to User shows video frequency output, and the content of these video frequency outputs may include word, figure, video and its any combination.
It is appreciated that structure shown in Fig. 1 is only to illustrate, server 100 may also include than shown in Fig. 1 more or more Few component, or there is the configuration different from shown in Fig. 1.Each component shown in Fig. 1 can use hardware, software or its group Close and realize.
The existing method for preventing malicious access behavior is IP address by recording more than certain access frequency, and is refused The subsequent access of the IP address of the record, and user can continue to access by way of changing IP address, cause to prevent The method failure of malicious access behavior.
First embodiment
As Fig. 3 shows the flow chart of safety protecting method provided in an embodiment of the present invention.Fig. 3 is referred to, this is anti-safely Maintaining method includes:
Step S110:The access request that the user terminal of user is sent is obtained, the access request comprises at least the use The identification information at family, the identification information comprise at least id information, source IP information and the use of the user The interface ID information of family terminal.
The user terminal of user can send service of the access request to website when the server to website conducts interviews Device.Wherein, the access request that the user terminal of user is sent can include the identification information of the user.Certainly, user The access request that user terminal is sent can also include content of request etc..
Certainly, in embodiments of the present invention, the particular content for the access request that the user terminal of user is sent is not intended as Limit, it is not limited to the identification information of above-mentioned user and the content of request.
Due to carrying out the limitation that conducted interviews to the user of malicious access according to the IP address of user in the prior art, there is User can change IP address, so as to around limiting, realize the situation of the access to website.
Therefore, it is necessary to make to prevent the method for malicious access behavior to be not readily susceptible to the influence of the subjective behavior of user.
In embodiments of the present invention, identification information can comprise at least id information, source IP information and the use of user The interface ID information of the user terminal at family.
It is understood that in the interface ID information of the user terminal of the id information of user, source IP information and user, use The id information at family is and the interface ID information of user terminal is the identity information for being not easy to change, to use the body for being not easy to change The user of malicious access is marked for part information.In addition, source IP information can also be included in identification information.
Certainly, the particular content of identification information is not intended as limiting in embodiments of the present invention.
Corresponding, the access request that server is sent to the user terminal of user receives, so as to get user's The access request that user terminal is sent.
Step S120:Judge whether to record in the first database corresponding to the id information of the user and forbid access identities Forbid forbidding visiting corresponding to the interface ID information of access identities information or the user terminal corresponding to information, the source IP information Ask identification information.
, can be in the identity in access request after the access request that the user terminal for getting user is sent Information judges whether the user is the labeled user for forbidding accessing, that is, is registered as the user of malicious access.
In embodiments of the present invention, can be in the first database to the identity for the user for being judged as malicious access Information is recorded, and can be set and be forbidden access identities information corresponding to identification information.Specifically, use can be set Forbid access identities information corresponding to the id information at family, forbid corresponding to source IP information access identities information, user terminal to connect Forbid access identities information corresponding to mouth id information.
It is understood that after a user is judged as malicious access, can create corresponding to the id information of user Forbid access identities information, forbid corresponding to source IP information access identities information, user terminal interface ID information corresponding to prohibit Only access identities information.
In embodiments of the present invention, the first database can be Redis databases.Redis databases are a kind of uses What ANSI C write increases income, supports network, based on internal memory, optional persistent key-value pair data storage storehouse.
Therefore, the data in the first database can be read, and are judged in the data in the first database with the presence or absence of having Forbid access identities information corresponding to the user of the transmission access request.
It is specific to judge whether that record has when forbidding access identities information corresponding to user, can be judge whether to record it is useful Forbid access identities information corresponding to the id information at family, forbid connecing for access identities information or user terminal corresponding to source IP information Forbid access identities information corresponding to mouth id information.
It is understood that forbid access identities information corresponding to the id information of user, forbid visiting corresponding to source IP information That forbids in access identities information corresponding to the interface ID information for asking identification information or user terminal any forbids access identities to believe In the presence of breath, then it is determined as that record has and forbids access identities information corresponding to the id information of user, forbids corresponding to source IP information Forbid access identities information corresponding to the interface ID information of access identities information or user terminal;Conversely, then it is judged to not remembering Record, which has, to be forbidden access identities information, forbids access identities information or user whole corresponding to source IP information corresponding to the id information of user Forbid access identities information corresponding to the interface ID information at end.
Step S130:For it is no when, then respond the access request, perform and access operation.
Result of determination in the step s 120 is not have record to have in the first database corresponding to the id information of user to forbid Forbid forbidding visiting corresponding to the interface ID information of access identities information or user terminal corresponding to access identities information, source IP information When asking identification information, then the access request of the user terminal can be responded, and perform and operation is accessed corresponding to access request.
Forbid access identities information, source IP information pair corresponding to the id information of user it is understood that not recording Forbidding of answering forbids access identities information corresponding to the interface ID information of access identities information or user terminal, then it represents that the user Identification information be not labeled, i.e., the user is the user that non-malicious accesses, therefore the user that can respond the user is whole The access request at end, perform and operation is accessed corresponding to the access request.
In embodiments of the present invention, result of determination in the step s 120 is that the ID that record has user in the first database believes Forbid access identities information corresponding to breath, forbid the interface ID information of access identities information or user terminal corresponding to source IP information It is corresponding when forbidding access identities information, then it represents that the identification information of the user has been registered as the user of malicious access Identification information, therefore the access request of the user can be refused.Specifically, it can include:
Judge whether to have recorded in first database corresponding to the identification information and forbid access time;For When being, forbid controlling the access request to be in the state not responded in access time described.
It is understood that the user being denied access can be denied access within a period of time or forever Long property forbids accessing.Therefore can set to forbidding access time corresponding to the user that is denied access in a period of time.With Make may determine that in the first data whether to have recorded and forbid access time corresponding to user's identification information.Have in record and forbid During access time, then to that should forbid access time, the access request that the user terminal is sent is set to be in not by corresponding state.
In practical operation, although also there is the user for not being registered as malicious access, the user is at one section Interior access times are up to access times corresponding to malicious access.Therefore, Fig. 4 is referred to, step S130 can include:
Step S131:For it is no when, it is corresponding to judge whether to have recorded the identification information in first database Current slot in the first access times.
Determining not record in step forbids access identities information, source IP information corresponding corresponding to the id information of user When forbidding forbidding corresponding to the interface ID information of access identities information or user terminal access identities information, then judge first number According to the first access times whether recorded in storehouse corresponding to identification information in current slot, i.e. the user is when current Between the first access times in section.
Because user is probably to be accessed for the first time in current slot, then there is no record to have user's body in the first database First access times corresponding to part identification information.Therefore, can be to whether having recorded identification information pair in the first database The first access times in the current slot answered are judged.
Step S132:When to be, then judge whether first access times exceed first threshold.
Record is determined in step S131 to be had corresponding to the User Identity information of the user in current slot During the first access times, then it represents that the user carried out access in current slot, therefore, it is necessary to judged the user current Whether the access times in the period exceed threshold value.
Step S133:For it is no when, then respond the access request, perform and access operation.
If being determined as that the first access times exceed first threshold in step S132, i.e., the user is in current slot Access times exceed first threshold, then it represents that the user is many in the access times of current slot, thus can be determined that for Malicious access behavior.
If being determined as that the first access times are not above first threshold in step S132, i.e., the user is in current time Access times in section are not above first threshold, then can represent that access times of the user in current slot are normal The access of access times, the i.e. user accesses to be normal.Therefore, the access request of the user terminal can be responded, performs the visit Ask and operation is accessed corresponding to request.
In embodiments of the present invention, can be with when being determined as that the first access times exceed first threshold in step S132 Including:Judge whether to have recorded in first database corresponding to the identification information and forbid access time;It is being yes When, then set and forbid access identities information corresponding to the identification information, and forbid controlling institute in access time described The access request for stating the user terminal transmission of user is in the state not responded.
It is understood that when the user is judged as malicious access behavior, the access of the user can be forbidden.And And, it can be determined that whether have and forbid access time corresponding to the User Identity information, when record has identification information pair Answer when forbidding access time, then can set and forbid access identities information corresponding to identification information, and forbid visiting at this Ask the access request for refusing the user in the time.Furthermore it is possible to after access time is forbidden, by the identification information of the user It is corresponding to forbid access identities information to be deleted, so that the access of the user returns to normal condition.
Certainly, when there is no record to have in the first database to forbid access time corresponding to user's identification information, then It can be in forever the access request that the user terminal of control user is sent with the access request of the permanent refusal user The state not responded.
In embodiments of the present invention, record is not had to have identity when being determined in above-mentioned steps S131 in the first database Corresponding to information during the first access times in current slot, the user is represented to access for the first time in current slot, Therefore first access times of the user in current slot can be created, and is accessed based on this time and sets the first access times It is set to 1, and the renewal of the first access times is all carried out based on each access follow-up in current slot, i.e., constantly visits first Ask that number is updated.
The safety protecting method that first embodiment of the invention provides, it is possible to achieve pass through the use being set in the first database Forbid access identities information corresponding to the id information at family, forbid access identities information and user terminal corresponding to source IP information Forbid whether access identities information is that marked user judges to user corresponding to interface ID information, current first number According in storehouse record have it is any forbid access identities information, then can represent that the user has been labeled as malicious access behavior User, the state not responded is in so as to make the access request of the user, conversely, the access for then responding the user please Ask, perform the access operation of the user.It can be very good to solve to limit the malicious access behavior of user for IP, cause user The problem of IP, which can be changed, makes the method for limitation malicious access behavior fail, so as to which the safety protecting method can be the clothes of website The security of business device improves, and effectively prevents malicious access behavior.
Second embodiment
Second embodiment of the invention provides a kind of safety device 300, refers to Fig. 5, the safety device 300 Including acquisition request module 310, the first judge module 320 and the first execution module 330.Wherein, the acquisition request module 310 are used to obtain the access request that the user terminal of user is sent, and the access request comprises at least the identity mark of the user Know information, the identification information connects including at least the id information of the user, source IP information and the user terminal Mouth id information;First judge module 320 is used to judge whether record the id information pair of the user in the first database The interface ID for forbidding access identities information, forbidding access identities information or the user terminal corresponding to the source IP information answered Forbid access identities information corresponding to information;First execution module 330 is used to not record in first database Forbid access identities information corresponding to the id information for having the user, forbid corresponding to the source IP information access identities information or When forbidding access identities information corresponding to the interface ID information of the user terminal, the access request is responded, performs and accesses behaviour Make.
In embodiments of the present invention, the safety device 300 also includes the second judge module and the second execution mould Block.Wherein, second judge module, which is used for the record in first database, taboo corresponding to the id information of the user Only access identities information, forbid the interface ID information pair of access identities information or the user terminal corresponding to the source IP information Answer when forbidding access identities information, judge whether to have recorded in first database and prohibit corresponding to the identification information Only access time;Second execution module is used to record in first database to have corresponding to the identification information When forbidding access time, forbid controlling the access request to be in the state not responded in access time described.
In embodiments of the present invention, Fig. 6 is referred to, first execution module 330 includes the first judging unit 331, the Two judging units 332 and request-response unit 333.Wherein, first judging unit 331 is used in first database In there is no record to have to forbid access identities information corresponding to the id information of the user, forbid accessing corresponding to the source IP information When forbidding access identities information corresponding to the interface ID information of identification information or the user terminal, first database is judged In whether record the first access times corresponding to the identification information in current slot;Second judging unit 332, which are used for the record in first database, has the first access corresponding to the identification information in current slot secondary During number, judge whether first access times exceed first threshold;The request-response unit 333 is used to visit described first When asking that number is not above first threshold, the access request is responded, performs and accesses operation.
In embodiments of the present invention, the safety device 300 also includes the 3rd judge module and the 3rd execution mould Block.Wherein, the 3rd judge module is used for when first access times exceed first threshold, judges first data Whether recorded in storehouse corresponding to the identification information and forbidden access time;3rd execution module is used for described the There is when forbidding access time corresponding to the identification information record, it is corresponding to set the identification information in one database Forbid access identities information, and in the access request for forbidding the user terminal for controlling the user in access time to send In the state not responded.
3rd embodiment
Third embodiment of the invention provides a kind of server 100, refers to Fig. 2, and the server 100 includes memory 102 and processor 106, the memory 102 be stored with computer instruction, when the computer instruction is by the processor 106 When reading and performing, the processor 106 is set to perform the safety protecting method that first embodiment of the invention provides.
Fourth embodiment
Fourth embodiment of the invention provides a kind of storage medium, and computer instruction is stored with the storage medium, its In, the computer instruction performs the safety protecting method of first embodiment of the invention offer when being read and running.
In summary, safety protecting method provided in an embodiment of the present invention, device, server and storage medium, by obtaining The access request that the user terminal at family is sent is taken, wherein, access request comprises at least the identification information of user, identity mark Know interface ID information of the information including at least the id information of user, source IP information and user terminal, then judge the first data Whether recorded in storehouse and forbid access identities information corresponding to the id information of user, forbid access identities to believe corresponding to source IP information Forbid access identities information corresponding to the interface ID information of breath or user terminal, finally record has user's in the first database Forbid access identities information corresponding to id information, forbid the interface ID of access identities information or user terminal corresponding to source IP information When forbidding access identities information corresponding to information, the access request is responded, performs and accesses operation.The safety protecting method can root Judge whether the user terminal of the user can access according to the related information of multiple identity in the identification information of user, The user for avoiding being denied access is accessed by distorting IP address information to realize, so as to strengthen the security of server.
It should be noted that each embodiment in this specification is described by the way of progressive, each embodiment weight Point explanation is all difference with other embodiment, between each embodiment identical similar part mutually referring to. For device class embodiment, because it is substantially similar to embodiment of the method, so description is fairly simple, related part is joined See the part explanation of embodiment of the method.
In several embodiments provided herein, it should be understood that disclosed apparatus and method, it can also be passed through Its mode is realized.Device embodiment described above is only schematical, for example, the flow chart and block diagram in accompanying drawing show Device, architectural framework in the cards, the work(of method and computer program product of multiple embodiments according to the present invention are shown Can and it operate.At this point, each square frame in flow chart or block diagram can represent one of a module, program segment or code Point, a part for the module, program segment or code includes one or more and is used to realize the executable of defined logic function Instruction.It should also be noted that at some as in the implementation replaced, the function of being marked in square frame can also be with different from attached The order marked in figure occurs.For example, two continuous square frames can essentially perform substantially in parallel, they also may be used sometimes To perform in the opposite order, this is depending on involved function.It is it is also noted that each in block diagram and/or flow chart The combination of square frame and the square frame in block diagram and/or flow chart, can use function or action as defined in performing it is special based on The system of hardware is realized, or can be realized with the combination of specialized hardware and computer instruction.
In addition, each functional module in each embodiment of the present invention can integrate to form an independent portion Point or modules individualism, can also two or more modules be integrated to form an independent part.
If the function is realized in the form of software function module and is used as independent production marketing or in use, can be with It is stored in a computer read/write memory medium.Based on such understanding, technical scheme is substantially in other words The part to be contributed to prior art or the part of the technical scheme can be embodied in the form of software product, the meter Calculation machine software product is stored in a storage medium, including some instructions are causing a computer equipment (can be People's computer, server, or network equipment etc.) perform all or part of step of each embodiment methods described of the present invention. And foregoing storage medium includes:USB flash disk, mobile hard disk, read-only storage (ROM, Read-Only Memory), arbitrary access are deposited Reservoir (RAM, Random Access Memory), magnetic disc or CD etc. are various can be with the medium of store program codes.Need Illustrate, herein, such as first and second or the like relational terms be used merely to by an entity or operation with Another entity or operation make a distinction, and not necessarily require or imply between these entities or operation any this reality be present The relation or order on border.Moreover, term " comprising ", "comprising" or its any other variant are intended to the bag of nonexcludability Contain, so that process, method, article or equipment including a series of elements not only include those key elements, but also including The other element being not expressly set out, or also include for this process, method, article or the intrinsic key element of equipment. In the absence of more restrictions, the key element limited by sentence "including a ...", it is not excluded that including the key element Process, method, other identical element also be present in article or equipment.
The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention, for the skill of this area For art personnel, the present invention can have various modifications and variations.Within the spirit and principles of the invention, that is made any repaiies Change, equivalent substitution, improvement etc., should be included in the scope of the protection.It should be noted that:Similar label and letter exists Similar terms is represented in following accompanying drawing, therefore, once being defined in a certain Xiang Yi accompanying drawing, is then not required in subsequent accompanying drawing It is further defined and explained.
The foregoing is only a specific embodiment of the invention, but protection scope of the present invention is not limited thereto, any Those familiar with the art the invention discloses technical scope in, change or replacement can be readily occurred in, should all be contained Cover within protection scope of the present invention.Therefore, protection scope of the present invention described should be defined by scope of the claims.

Claims (10)

1. a kind of safety protecting method, it is characterised in that methods described includes:
The access request that the user terminal of user is sent is obtained, the identity that the access request comprises at least the user is believed Breath, interface ID of the identification information including at least the id information of the user, source IP information and the user terminal Information;
Judge whether to record in the first database and forbid access identities information, the source IP corresponding to the id information of the user Forbid access identities information corresponding to the interface ID information for forbidding access identities information or the user terminal corresponding to information;
For it is no when, then respond the access request, perform and access operation.
2. according to the method for claim 1, it is characterised in that described when to be, methods described also includes:
Judge whether to have recorded in first database corresponding to the identification information and forbid access time;
When to be, forbid controlling the access request to be in the state not responded in access time described.
3. according to the method for claim 1, it is characterised in that it is described for it is no when, then respond the access request, perform Operation is accessed, including:
For it is no when, judge whether to have recorded in first database corresponding to the identification information in current slot The first access times;
When to be, then judge whether first access times exceed first threshold;
For it is no when, then respond the access request, perform and access operation.
4. according to the method for claim 3, it is characterised in that described to judge first access times whether more than first After threshold value, methods described also includes:
When to be, judge whether to have recorded in first database forbid corresponding to the identification information access when Between;
When to be, then set and forbid access identities information corresponding to the identification information, and it is described forbid access when The access request that the user terminal of the interior control user is sent is in the state not responded.
5. a kind of safety device, it is characterised in that described device includes acquisition request module, the first judge module and the One execution module, wherein,
The acquisition request module is used to obtain the access request that the user terminal of user is sent, and the access request comprises at least The identification information of the user, the identification information comprise at least the id information of the user, source IP information and The interface ID information of the user terminal;
Whether first judge module is used to judge to record in the first database to forbid corresponding to the id information of the user Forbid the interface ID information of access identities information or the user terminal corresponding corresponding to access identities information, the source IP information Forbid access identities information;
First execution module is used for not having record to have taboo corresponding to the id information of the user in first database Only access identities information, forbid the interface ID information pair of access identities information or the user terminal corresponding to the source IP information Answer when forbidding access identities information, respond the access request, perform and access operation.
6. device according to claim 5, it is characterised in that described device also includes the second judge module and the second execution mould Block, wherein,
Second judge module is used to record to have in first database to forbid visiting corresponding to the id information of the user Ask identification information, forbid corresponding to the interface ID information of access identities information or the user terminal corresponding to the source IP information When forbidding access identities information, judge whether to have recorded in first database corresponding to the identification information and forbid visiting Ask the time;
Second execution module is used to record to have in first database to forbid visiting corresponding to the identification information When asking the time, forbid controlling the access request to be in the state not responded in access time described.
7. device according to claim 5, it is characterised in that first execution module is sentenced including the first judging unit, second Disconnected unit and request-response unit, wherein,
First judging unit is used for not having record to have taboo corresponding to the id information of the user in first database Only access identities information, forbid the interface ID information pair of access identities information or the user terminal corresponding to the source IP information Answer when forbidding access identities information, judge whether to have recorded in first database and work as corresponding to the identification information The first access times in the preceding period;
Second judging unit is for when record has current corresponding to the identification information in first database Between the first access times in section when, judge whether first access times exceed first threshold;
The request-response unit is used for when first access times are not above first threshold, and responding the access please Ask, perform and access operation.
8. device according to claim 7, it is characterised in that described device is also held including the 3rd judge module and the 3rd Row module, wherein,
3rd judge module is used for when first access times exceed first threshold, judges in first database Whether record has is forbidden access time corresponding to the identification information;
3rd execution module is used to record to have in first database to forbid visiting corresponding to the identification information When asking the time, set and forbid access identities information corresponding to the identification information, and forbid access time internal control described The access request for making the user terminal transmission of the user is in the state not responded.
9. a kind of server, it is characterised in that the server includes memory and processor, and the memory storage has calculating Machine instructs, and when the computer instruction is read and performed by the processor, makes the computing device such as claim 1-4 In method described in any claim.
A kind of 10. storage medium, it is characterised in that computer instruction is stored with the storage medium, wherein, the computer Instruct the method performed when being read and running as described in any claim in claim 1-4.
CN201711123714.1A 2017-11-14 2017-11-14 Safety protecting method, device, server and storage medium Pending CN107896210A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711123714.1A CN107896210A (en) 2017-11-14 2017-11-14 Safety protecting method, device, server and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711123714.1A CN107896210A (en) 2017-11-14 2017-11-14 Safety protecting method, device, server and storage medium

Publications (1)

Publication Number Publication Date
CN107896210A true CN107896210A (en) 2018-04-10

Family

ID=61804445

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711123714.1A Pending CN107896210A (en) 2017-11-14 2017-11-14 Safety protecting method, device, server and storage medium

Country Status (1)

Country Link
CN (1) CN107896210A (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109376019A (en) * 2018-09-03 2019-02-22 中国平安人寿保险股份有限公司 Interface call method and terminal device
CN109787908A (en) * 2018-12-13 2019-05-21 平安普惠企业管理有限公司 Server current-limiting method, system, computer equipment and storage medium
CN109871690A (en) * 2018-05-04 2019-06-11 360企业安全技术(珠海)有限公司 The management method and device of equipment permission, storage medium, electronic device
CN111770126A (en) * 2019-06-28 2020-10-13 北京京东尚科信息技术有限公司 Service request processing method, device and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1331824A (en) * 1998-10-16 2002-01-16 遥远移动安全通道有限公司 Remote access and security system
CN105282047A (en) * 2015-09-25 2016-01-27 小米科技有限责任公司 Access request processing method and device
WO2017113763A1 (en) * 2015-12-28 2017-07-06 华为技术有限公司 Identity authentication method and apparatus

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1331824A (en) * 1998-10-16 2002-01-16 遥远移动安全通道有限公司 Remote access and security system
CN105282047A (en) * 2015-09-25 2016-01-27 小米科技有限责任公司 Access request processing method and device
WO2017113763A1 (en) * 2015-12-28 2017-07-06 华为技术有限公司 Identity authentication method and apparatus

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109871690A (en) * 2018-05-04 2019-06-11 360企业安全技术(珠海)有限公司 The management method and device of equipment permission, storage medium, electronic device
CN109376019A (en) * 2018-09-03 2019-02-22 中国平安人寿保险股份有限公司 Interface call method and terminal device
CN109787908A (en) * 2018-12-13 2019-05-21 平安普惠企业管理有限公司 Server current-limiting method, system, computer equipment and storage medium
CN109787908B (en) * 2018-12-13 2023-04-07 平安普惠企业管理有限公司 Server current limiting method, system, computer equipment and storage medium
CN111770126A (en) * 2019-06-28 2020-10-13 北京京东尚科信息技术有限公司 Service request processing method, device and storage medium
CN111770126B (en) * 2019-06-28 2023-08-04 北京京东尚科信息技术有限公司 Service request processing method, device and storage medium

Similar Documents

Publication Publication Date Title
CN107896210A (en) Safety protecting method, device, server and storage medium
CN104348809B (en) network security monitoring method and system
CN108494799B (en) Data sharing method and system
CN110322349B (en) Data processing method, device and equipment
EP3812943A1 (en) Data reading and writing method and device, and electronic apparatus
CN108829715A (en) For detecting the method, equipment and computer readable storage medium of abnormal data
CN109274639A (en) The recognition methods of open platform abnormal data access and device
CN112468497B (en) Block chain terminal equipment authorization authentication method, device, equipment and storage medium
CN104657435A (en) Storage management method for application data and network management system
CN116668089B (en) Network attack detection method, system and medium based on deep learning
CN108647240A (en) A kind of method, apparatus, electronic equipment and the storage medium of statistics visit capacity
CN114650187B (en) Abnormal access detection method and device, electronic equipment and storage medium
CN108521402B (en) Method, device and equipment for outputting label
US20230315886A1 (en) Data use control method and system, electronic device and storage medium
CN108073703A (en) A kind of comment information acquisition methods, device, equipment and storage medium
CN109145621B (en) Document management method and device
CN105184149B (en) A kind of method and system for preventing rogue program from frequently obtaining customer position information
CN104426836A (en) Invasion detection method and device
CN107294986B (en) A kind of method, apparatus and system of access HTTPS websites
CN105227532B (en) A kind of blocking-up method and device of malicious act
CN107977570A (en) Information Authentication method, apparatus, electronic equipment and storage medium
CN115002211B (en) Method, device, equipment and medium for realizing after-sale micro-service based on cloud protogenesis
CN116305033A (en) Abnormal account identification method and device and electronic equipment
CN116159310A (en) Data processing method, device, electronic equipment and storage medium
CN109981683A (en) A kind of exchange data access method, system, equipment and computer storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: Room 311501, Unit 1, Building 5, Courtyard 1, Futong East Street, Chaoyang District, Beijing

Applicant after: Beijing Zhichuangyu Information Technology Co., Ltd.

Address before: Room 803, Jinwei Building, 55 Lanindichang South Road, Haidian District, Beijing

Applicant before: Beijing Knows Chuangyu Information Technology Co.,Ltd.

CB02 Change of applicant information
RJ01 Rejection of invention patent application after publication

Application publication date: 20180410

RJ01 Rejection of invention patent application after publication