CN108696519B - Webpage tamper-proofing system and method based on shared storage - Google Patents
Webpage tamper-proofing system and method based on shared storage Download PDFInfo
- Publication number
- CN108696519B CN108696519B CN201810442863.2A CN201810442863A CN108696519B CN 108696519 B CN108696519 B CN 108696519B CN 201810442863 A CN201810442863 A CN 201810442863A CN 108696519 B CN108696519 B CN 108696519B
- Authority
- CN
- China
- Prior art keywords
- web
- network memory
- server
- network
- read
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Abstract
The invention belongs to the technical field of computer network security, and particularly relates to a webpage tamper-proofing system and method based on shared storage, which comprises a Web server, a network memory and a publishing server, wherein the network memory is respectively communicated with the publishing server and the Web server; the release server is used for mounting the network memory in a read-write mode and reading Web data in the network memory or writing the Web data into the network memory according to a read-write request of the intranet management terminal; the Web server mounts the network memory in a read-only mode and is used for reading Web data in the network memory according to an access request of an external network user side; and the network memory is used for storing Web data. The Web server is mounted with the network memory in a read-only mode, direct communication with the publishing server can not be realized, Web data can not be changed, the content of a website can not be tampered even if an external Web server is attacked by a hacker, and the website can be prevented from being tampered from a data bottom layer.
Description
Technical Field
The invention belongs to the technical field of computer network security, and particularly relates to a webpage tamper-proofing system and method based on shared storage.
Background
The existing webpage tamper-proof system mainly realizes the functions of webpage tamper-proof, automatic recovery of the webpage, website content release and update and the like.
Webpage tamper resistance and automatic recovery: the method comprises the following steps of monitoring specified webpage files and directories in real time, and capturing processes and operations of tampering the webpages; when tampering operation behavior is monitored, the MD5 check code of the webpage file is checked to judge whether the webpage content is tampered, and once the webpage content is tampered, the backup webpage is automatically acquired from the backup server for automatic recovery.
And (3) releasing and updating website content: the method supports batch updating of the whole website or updating of specified directories and/or files from the backup server, and during updating, tamper-proof monitoring does not need to be stopped (namely, who can be distinguished to operate).
In the prior art, an application program is mainly deployed on each device of an HTTP server group, files are protected from being tampered through the application program, and processes and operations which attempt to be tampered are captured; after being tampered, the file is restored through communication with a backup server; after the website page is published, the application program is required to be synchronously updated to the HTTP server cluster. The application program has the limitation of file protection (the application program can be protected on the local computer, and a hacker can also destroy the local computer), and the application program also has the limitation of file recovery and update (the application program can recover or update the file, and the hacker can also impersonate to recover and update the file).
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides a webpage tamper-proofing system and method based on shared storage.
In a first aspect, the invention provides a webpage tamper-proofing system based on shared storage, which comprises a Web server, a network memory and a publishing server, wherein the network memory is respectively communicated with the publishing server and the Web server;
the release server is used for mounting the network memory in a read-write mode and reading Web data in the network memory or writing the Web data into the network memory according to a read-write request of the intranet management terminal;
the Web server mounts the network memory in a read-only mode and is used for reading Web data in the network memory according to an access request of an external network user side;
and the network memory is used for storing Web data.
Preferably, a network storage is loaded with a publishing server, and one or more Web servers.
Preferably, the publishing server and the plurality of Web servers are mounted on the same network storage, and when the publishing server writes new Web data into the network storage, the Web data on the plurality of Web servers are also synchronously updated.
In a second aspect, the present invention provides a method for preventing webpage tampering based on shared storage, which is applicable to the system for preventing webpage tampering based on shared storage in the first aspect, and includes the following steps:
the issuing server of the network memory is mounted in a read-write mode, and Web data in the network memory is read or written into the network memory according to a read-write request of an intranet management terminal;
and the Web server is mounted with the network memory in a read-only mode, and reads the Web data in the network memory according to the access request of the external network user side.
Preferably, a network storage is loaded with a publishing server, and one or more Web servers.
Preferably, the method further comprises a step of synchronous updating, specifically:
and when the issuing server writes new Web data into the network memory, the Web data on the Web servers are synchronously updated.
The invention has the beneficial effects that: the Web server is mounted with the network memory in a read-only mode, direct communication with the publishing server can not be realized, Web data can not be changed, the content of a website can not be tampered even if an external Web server is attacked by a hacker, and the website can be prevented from being tampered from a data bottom layer.
Drawings
In order to more clearly illustrate the detailed description of the invention or the technical solutions in the prior art, the drawings that are needed in the detailed description of the invention or the prior art will be briefly described below. Throughout the drawings, like elements or portions are generally identified by like reference numerals. In the drawings, elements or portions are not necessarily drawn to scale.
Fig. 1 is a block diagram of a structure of a webpage tamper-proofing system based on shared storage in this embodiment;
fig. 2 is a flowchart of a method for preventing webpage tampering based on shared storage in this embodiment.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It will be understood that the terms "comprises" and/or "comprising," when used in this specification and the appended claims, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the invention herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the invention. As used in the specification of the present invention and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise.
The first embodiment is as follows:
the embodiment provides a webpage tamper-proofing system based on shared storage, as shown in fig. 1, which includes a Web server, a network storage and a publishing server, where the network storage is respectively in communication with the publishing server and the Web server;
the release server is used for mounting the network memory in a read-write mode and reading Web data in the network memory or writing the Web data into the network memory according to a read-write request of the intranet management terminal;
the Web server mounts the network memory in a read-only mode and is used for reading Web data in the network memory according to an access request of an external network user side;
and the network memory is used for storing Web data.
In this embodiment, the publishing server communicating with the intranet management terminal may read the Web data of the network storage, and may also write the Web data into the network storage, thereby implementing the publishing and updating of the website content. The Web server communicating with the external network user end can only read the Web data in the network memory and can not write the data. Therefore, direct communication cannot be performed between the Web server and the publishing server, the Web server cannot change Web data, the Web server serving external services cannot penetrate into the publishing server through the Web server even if being broken by a hacker, data cannot be written into a network memory, website content cannot be tampered, and the website cannot be prevented from being tampered from a data bottom layer.
Example two:
the embodiment provides a webpage tamper-proofing system based on shared storage, as shown in fig. 1, which includes a Web server, a network storage and a publishing server, where the network storage is respectively in communication with the publishing server and the Web server;
the release server is used for mounting the network memory in a read-write mode and reading Web data in the network memory or writing the Web data into the network memory according to a read-write request of the intranet management terminal;
the Web server mounts the network memory in a read-only mode and is used for reading Web data in the network memory according to an access request of an external network user side;
and the network memory is used for storing Web data.
In this embodiment, the publishing server communicating with the intranet management terminal may read the Web data of the network storage, and may also write the Web data into the network storage, thereby implementing the publishing and updating of the website content. The Web server communicating with the external network user end can only read the Web data in the network memory and can not write the data. Therefore, direct communication cannot be performed between the Web server and the publishing server, the Web server cannot change Web data, the Web server serving external services cannot penetrate into the publishing server through the Web server even if being broken by a hacker, data cannot be written into a network memory, website content cannot be tampered, and the website cannot be prevented from being tampered from a data bottom layer.
In this embodiment, a network storage is loaded with a publishing server and one or more Web servers. And when the issuing server writes new Web data into the network memory, the Web data on the Web servers are synchronously updated.
The system performance problem of a single Web server exists when website access requests with large data volume, high concurrency and the like exist, and a load balancing mechanism is used for solving the performance problem of a single device. The load balancing mechanism distributes the user request to each Web server in the cluster according to a certain load strategy, and a plurality of Web server clusters are used for processing the request of the website. At the same time, it also requires that each Web server have exactly the same Web site content. When a user needs a plurality of Web servers to realize load balance, all the Web servers can be mounted on the network storage at the same position in a read-only mode, and the files of the Web sites are stored on the network storage. Therefore, when the data in the network memory changes, all the Web servers synchronously update the data, so that the contents of the websites on all the Web servers are the same.
Example three:
the embodiment provides a webpage tamper-proofing method based on shared storage, which is suitable for a webpage tamper-proofing system based on shared storage described in the first embodiment and the second embodiment, and as shown in fig. 2, the method includes the following steps:
and S1, mounting the publishing server of the network memory in a read-write mode, and reading the Web data in the network memory or writing the Web data into the network memory according to the read-write request of the intranet management terminal.
And S2, mounting the Web server of the network memory in a read-only mode, and reading the Web data in the network memory according to the access request of the external network user side.
In this embodiment, the publishing server communicating with the intranet management terminal may read the Web data of the network storage, and may also write the Web data into the network storage, thereby implementing the publishing and updating of the website content. The Web server communicating with the external network user end can only read the Web data in the network memory and can not write the data. Therefore, direct communication cannot be performed between the Web server and the publishing server, the Web server cannot change Web data, the Web server serving external services cannot penetrate into the publishing server through the Web server even if being broken by a hacker, data cannot be written into a network memory, website content cannot be tampered, and the website cannot be prevented from being tampered from a data bottom layer.
Example four:
the embodiment provides a webpage tamper-proofing method based on shared storage, which is suitable for a webpage tamper-proofing system based on shared storage described in the first embodiment and the second embodiment, and as shown in fig. 2, the method includes the following steps:
and S1, mounting the publishing server of the network memory in a read-write mode, and reading the Web data in the network memory or writing the Web data into the network memory according to the read-write request of the intranet management terminal.
And S2, mounting the Web server of the network memory in a read-only mode, and reading the Web data in the network memory according to the access request of the external network user side.
In this embodiment, the publishing server communicating with the intranet management terminal may read the Web data of the network storage, and may also write the Web data into the network storage, thereby implementing the publishing and updating of the website content. The Web server communicating with the external network user end can only read the Web data in the network memory and can not write the data. Therefore, direct communication cannot be performed between the Web server and the publishing server, the Web server cannot change Web data, the Web server serving external services cannot penetrate into the publishing server through the Web server even if being broken by a hacker, data cannot be written into a network memory, website content cannot be tampered, and the website cannot be prevented from being tampered from a data bottom layer.
The method of this embodiment further includes a step of synchronous update, where the step of synchronous update specifically includes:
and when the issuing server writes new Web data into the network memory, the Web data on the Web servers are synchronously updated.
The system performance problem of a single Web server exists when website access requests with large data volume, high concurrency and the like exist, and a load balancing mechanism is used for solving the performance problem of a single device. The load balancing mechanism distributes the user request to each Web server in the cluster according to a certain load strategy, and a plurality of Web server clusters are used for processing the request of the website. At the same time, it also requires that each Web server have exactly the same Web site content. When a user needs a plurality of Web servers to realize load balance, all the Web servers can be mounted on the network storage at the same position in a read-only mode, and the files of the Web sites are stored on the network storage. Therefore, in this embodiment, one network storage is loaded with one publishing server and a plurality of Web servers, and when data in the network storage changes, all the Web servers synchronously update the data, so that the website contents on all the Web servers are the same.
Those of ordinary skill in the art will appreciate that the method steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both, and that the various illustrative components and steps have been described above generally in terms of their functionality in order to clearly illustrate the interchangeability of hardware and software. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present invention.
Finally, it should be noted that: the above embodiments are only used to illustrate the technical solution of the present invention, and not to limit the same; while the invention has been described in detail and with reference to the foregoing embodiments, it will be understood by those skilled in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some or all of the technical features may be equivalently replaced; such modifications and substitutions do not depart from the spirit and scope of the present invention, and they should be construed as being included in the following claims and description.
Claims (4)
1. A webpage tamper-proofing system based on shared storage is characterized by comprising a Web server, a network memory and a publishing server, wherein the network memory is respectively communicated with the publishing server and the Web server;
the release server is used for mounting the network memory in a read-write mode and reading Web data in the network memory or writing the Web data into the network memory according to a read-write request of the intranet management terminal;
the Web server mounts the network memory in a read-only mode and is used for reading Web data in the network memory according to an access request of an external network user side;
the network memory is used for storing Web data; wherein the content of the first and second substances,
a network memory is hung with a publishing server and one or more Web servers;
and when the issuing server writes new Web data into the network memory, the Web data on the Web servers are synchronously updated.
2. A method for preventing web page tamper based on shared storage, which is applied to the system for preventing web page tamper based on shared storage of claim 1, and is characterized by comprising the following steps:
the issuing server of the network memory is mounted in a read-write mode, and Web data in the network memory is read or written into the network memory according to a read-write request of an intranet management terminal;
and the Web server is mounted with the network memory in a read-only mode, and reads the Web data in the network memory according to the access request of the external network user side.
3. The method of claim 2, wherein a network storage is loaded with a publishing server and one or more Web servers.
4. The webpage tamper-proofing method based on the shared storage according to claim 3, further comprising a step of synchronous update, specifically:
and when the issuing server writes new Web data into the network memory, the Web data on the Web servers are synchronously updated.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810442863.2A CN108696519B (en) | 2018-05-10 | 2018-05-10 | Webpage tamper-proofing system and method based on shared storage |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810442863.2A CN108696519B (en) | 2018-05-10 | 2018-05-10 | Webpage tamper-proofing system and method based on shared storage |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108696519A CN108696519A (en) | 2018-10-23 |
| CN108696519B true CN108696519B (en) | 2021-08-17 |
Family
ID=63847207
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810442863.2A Active CN108696519B (en) | 2018-05-10 | 2018-05-10 | Webpage tamper-proofing system and method based on shared storage |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108696519B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109714354B (en) * | 2019-01-04 | 2023-06-30 | 天津开发区沃思电子商务有限公司 | Website security management system and website security control method |
| CN113032842B (en) * | 2019-12-25 | 2024-01-26 | 南通理工学院 | Webpage tamper-proof system and method based on cloud platform |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102609645A (en) * | 2012-01-19 | 2012-07-25 | 北京工业大学 | Website data tampering preventing method based on network isolation structure |
| CN202364256U (en) * | 2011-11-25 | 2012-08-01 | 四川能信科技有限公司 | Network information issuing system and server |
| CN103236932A (en) * | 2013-05-07 | 2013-08-07 | 安徽海加网络科技有限公司 | Webpage tamper-proofing device and method based on access control and directory protection |
| CN103310160A (en) * | 2013-06-20 | 2013-09-18 | 北京神州绿盟信息安全科技股份有限公司 | Method, system and device for preventing webpage from being tampered with |
| CN103929440A (en) * | 2014-05-09 | 2014-07-16 | 国家电网公司 | Web page tamper prevention device based on web server cache matching and method thereof |
| CN107172075A (en) * | 2017-06-26 | 2017-09-15 | 努比亚技术有限公司 | Communication means, system and readable storage medium storing program for executing based on Network Isolation |
| CN107566533A (en) * | 2017-10-26 | 2018-01-09 | 南威软件股份有限公司 | A kind of intranet and extranet shared file system realized based on NAS |
-
2018
- 2018-05-10 CN CN201810442863.2A patent/CN108696519B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN202364256U (en) * | 2011-11-25 | 2012-08-01 | 四川能信科技有限公司 | Network information issuing system and server |
| CN102609645A (en) * | 2012-01-19 | 2012-07-25 | 北京工业大学 | Website data tampering preventing method based on network isolation structure |
| CN103236932A (en) * | 2013-05-07 | 2013-08-07 | 安徽海加网络科技有限公司 | Webpage tamper-proofing device and method based on access control and directory protection |
| CN103310160A (en) * | 2013-06-20 | 2013-09-18 | 北京神州绿盟信息安全科技股份有限公司 | Method, system and device for preventing webpage from being tampered with |
| CN103929440A (en) * | 2014-05-09 | 2014-07-16 | 国家电网公司 | Web page tamper prevention device based on web server cache matching and method thereof |
| CN107172075A (en) * | 2017-06-26 | 2017-09-15 | 努比亚技术有限公司 | Communication means, system and readable storage medium storing program for executing based on Network Isolation |
| CN107566533A (en) * | 2017-10-26 | 2018-01-09 | 南威软件股份有限公司 | A kind of intranet and extranet shared file system realized based on NAS |
Non-Patent Citations (1)
| Title |
|---|
| 网页防篡改系统的使用体验;weixin_34377065;《CSDN》;20150420;1 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108696519A (en) | 2018-10-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101771246B1 (en) | System-wide checkpoint avoidance for distributed database systems | |
| CN104731691B (en) | The method and system of duplicate of the document number in dynamic adjustment distributed file system | |
| KR101833114B1 (en) | Fast crash recovery for distributed database systems | |
| CN107391758B (en) | Database switching method, device and equipment | |
| CN101494651B (en) | Method for active backup of data | |
| US11868324B2 (en) | Remote durable logging for journaling file systems | |
| CN103765406A (en) | Methods and apparatus for remotely updating executing processes | |
| CN110046029A (en) | Data processing method and device applied to multi-level buffer in cluster | |
| CN107682172B (en) | Control center device, service system processing method and medium | |
| CN109445861A (en) | System start method, device, computer installation and storage medium | |
| CN110222535B (en) | Processing device, method and storage medium for block chain configuration file | |
| US20200145359A1 (en) | Handling large messages via pointer and log | |
| US9075722B2 (en) | Clustered and highly-available wide-area write-through file system cache | |
| CN108696519B (en) | Webpage tamper-proofing system and method based on shared storage | |
| CN113568566A (en) | Method, host device and storage server for seamless migration of simple storage service by using index object | |
| CN110781028A (en) | Data backup method, data recovery method, data backup device, data recovery device and computing equipment | |
| CN113469866A (en) | Data processing method and device and server | |
| CN113709247A (en) | Resource acquisition method, device, system, electronic equipment and storage medium | |
| TW202013226A (en) | Webpage content self-protection method and associated server | |
| CN106294842A (en) | A kind of data interactive method, platform and distributed file system | |
| US20160139996A1 (en) | Methods for providing unified storage for backup and disaster recovery and devices thereof | |
| CN106936907A (en) | A kind of document handling method, logical server, access server and system | |
| CN112087497B (en) | Data synchronization method and device, electronic equipment and readable storage medium | |
| CN113343312A (en) | Page tamper-proofing method and system based on front-end point burying technology | |
| CN106406771B (en) | Log recording method and logger |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |