CN108712376B - Verification method and device for server login - Google Patents
Verification method and device for server login Download PDFInfo
- Publication number
- CN108712376B CN108712376B CN201810301216.XA CN201810301216A CN108712376B CN 108712376 B CN108712376 B CN 108712376B CN 201810301216 A CN201810301216 A CN 201810301216A CN 108712376 B CN108712376 B CN 108712376B
- Authority
- CN
- China
- Prior art keywords
- login
- server
- information
- password
- request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000000034 method Methods 0.000 title claims abstract description 77
- 238000012795 verification Methods 0.000 title claims abstract description 22
- 238000012790 confirmation Methods 0.000 claims abstract description 82
- 230000000977 initiatory effect Effects 0.000 claims description 17
- 238000012544 monitoring process Methods 0.000 claims description 12
- 238000012545 processing Methods 0.000 claims description 12
- 238000004590 computer program Methods 0.000 claims description 11
- 230000008569 process Effects 0.000 description 31
- 238000010586 diagram Methods 0.000 description 6
- 238000005336 cracking Methods 0.000 description 5
- 230000004044 response Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 239000002699 waste material Substances 0.000 description 2
- 230000009471 action Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 238000013480 data collection Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0815—Network architectures or network communication protocols for network security for authentication of entities providing single-sign-on or federations
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/30—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information
- H04L63/306—Network architectures or network communication protocols for network security for supporting lawful interception, monitoring or retaining of communications or communication related information intercepting packet switched data communications, e.g. Web, Internet or IMS communications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/08—Protocols specially adapted for terminal emulation, e.g. Telnet
Abstract
The embodiment of the invention provides a verification method and a device for server login, which are applied to the technical field of computers, and the method comprises the following steps: intercepting a server login request initiated by a user terminal and used for requesting to login a target server, wherein the server login request carries first login information required by the login of the target server; responding to an event for intercepting a server login request, and outputting a virtual login interface comprising a confirmation button area, wherein the confirmation button area is used for receiving and determining the operation of a login target server; if the operation on the confirmation button area is detected, sending the intercepted server login request to the target server, so that the user terminal logs in the target server based on the first login information; otherwise, the intercepted server login request is not sent to the target server. The invention solves the technical problem of low security of the Windows server.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a verification method and a verification device for server login.
Background
With the development of informatization and the popularization of computer technology and internet technology, in order to manage Windows servers, users are often realized by Windows remote desktop connection, and the servers are always the key points of hacking because of unattended operation.
Currently, in the existing login mechanism for Windows remote desktop connection, a user usually inputs an address of a Windows server to be logged in, such as an IP address, a domain name, etc., in a remote desktop provided in a Windows system to connect to the corresponding Windows server. After the user terminal is connected to the Windows server, a login interface is displayed for the user, and the user can log in the Windows server by inputting a user name and a password in the login interface. However, since the user can log in the Windows server only by the user name and the password, a hacker can easily scan the weak password in the weak password dictionary by using a machine through a brute force cracking tool, and send a data packet to the Windows server to automatically crack the weak password, so that the user can log in the Windows server of the user.
Therefore, the existing remote login method of the Windows server cannot block the weak password attack of hackers, so that the security of the Windows server is not high.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method and an apparatus for verifying server login, which are mainly used to effectively improve the security of logging in a server and reduce the possibility of brute force in the login process.
In a first aspect, an embodiment of the present invention provides an authentication method for server login, including:
intercepting a server login request initiated by a user terminal and used for requesting to login a target server, wherein the server login request carries first login information required by login of the target server;
responding to an event for intercepting the server login request, and outputting a virtual login interface comprising a confirmation button area, wherein the confirmation button area is used for receiving and determining the operation of logging in the target server;
if the operation on the confirmation button area is detected, sending the intercepted server login request to the target server, so that the user terminal logs in the target server based on the first login information; otherwise, the intercepted server login request is not sent to the target server.
Preferably, the outputting comprises a virtual login interface of a confirmation button area, comprising:
generating a blank virtual login interface comprising a login information filling area and the confirmation button area;
writing second login information in the login information filling area to obtain the virtual login interface, wherein the second login information and the first login information meet preset similar conditions;
and outputting the virtual login interface written with the second login information in the login information filling area to a user terminal initiating the server login request.
Preferably, the interface style of the blank virtual login interface is the same as the interface style of the real login interface used for inputting the first login information on the user terminal.
Preferably, the first login information includes user name information and password information required for logging in the target server, and the writing of the second login information in the login information filling area includes:
acquiring the first login information from the intercepted server login request;
extracting user name information required by logging in the target server from the first login information as user name information in the second login information, and writing the user name information into a user name filling sub-area in the login information filling area;
and generating a password related to the password information in the first login information as the password information in the second login information, and writing the password information into a password filling sub-area in the login information filling area.
Preferably, the generating a password related to password information in the first login information includes:
obtaining the password digit of the password information in the first login information;
and generating a random password with the same password digit as the password information in the first login information.
Preferably, the intercepting a server login request initiated by a user terminal for requesting to login a target server includes:
acquiring terminal address information of the user terminal;
judging whether the terminal address information belongs to a login authentication range;
if so, executing the step of intercepting the server login request, otherwise, directly releasing the server login request.
Preferably, the determining whether the terminal address information belongs to a login authentication range includes:
and executing more than one of the following judgments on the terminal address information: judging whether the terminal address information is a new address, judging whether the terminal address information belongs to a specific address field, and judging whether the terminal address information belongs to a preset address blacklist;
and if the judgment on the terminal address information meets more than one judgment result, determining that the terminal address information belongs to the login authentication range.
Preferably, the acquiring the terminal address information of the user terminal includes:
when the user terminal initiates a server connection request to the target server, acquiring the terminal address information from the server connection request, or;
and when the user terminal initiates the server login request to the target server, acquiring the terminal address information from the server login request.
Preferably, the outputting comprises a virtual login interface of a confirmation button area, comprising:
monitoring whether the target server is attacked by a weak password within the current time period;
and if the target server is attacked by the weak password in the current time period, outputting the virtual login interface comprising the confirmation button area, and otherwise, directly releasing the intercepted server login request.
Preferably, the outputting comprises a virtual login interface of a confirmation button area, comprising:
obtaining access source address information of the server login request;
judging whether the access source address information belongs to an attacker IP list;
and if the access source address information belongs to an attacker IP list, outputting the virtual login interface comprising the confirmation button area, and if not, directly releasing the intercepted server login request.
In a second aspect, an embodiment of the present invention provides an authentication apparatus for server login, where the apparatus includes:
the system comprises a request intercepting module, a target server and a server, wherein the request intercepting module is used for intercepting a server login request which is initiated by a user terminal and is used for requesting to login a target server, and the server login request carries first login information required for logging in the target server;
the interface output module is used for responding to an event for intercepting the server login request and outputting a virtual login interface comprising a confirmation button area, wherein the confirmation button area is used for receiving and determining the operation of logging in the target server;
a login request processing module, configured to send the intercepted server login request to the target server if an operation on the confirmation button area is detected, so that the user terminal logs in to the target server based on the first login information; otherwise, the intercepted server login request is not sent to the target server.
Preferably, the interface output module includes:
the virtual interface generating unit is used for generating a blank virtual login interface comprising a login information filling area and the confirmation button area;
an information filling unit, configured to write second login information in the login information filling area, and obtain the virtual login interface, where a preset similar condition is satisfied between the second login information and the first login information;
and the virtual interface output unit is used for outputting the virtual login interface written with the second login information in the login information filling area to a user terminal initiating the server login request.
Preferably, the interface style of the blank virtual login interface is the same as the interface style of the real login interface used for inputting the first login information on the user terminal.
Preferably, the first login information includes user name information and password information required for logging in the target server, and the information filling unit includes:
the information acquisition subunit is used for acquiring the first login information from the intercepted server login request;
a user name writing subunit, configured to extract, from the first login information, user name information required to log in the target server, to serve as the user name information in the second login information, and write the user name information into a user name filling sub-area in the login information filling area;
and the password writing subunit is used for generating a password related to the password information in the first login information, taking the password as the password information in the second login information, and writing the password into a password filling sub-area in the login information filling area.
Preferably, the password writing subunit is specifically configured to:
obtaining the password digit of the password information in the first login information;
and generating a random password with the same password digit as the password information in the first login information.
Preferably, the request intercepting module includes:
an address obtaining unit, configured to obtain terminal address information of the user terminal;
the judging unit is used for judging whether the terminal address information belongs to a login authentication range or not;
and the execution interception unit is used for intercepting the server login request if the server login request is received, and otherwise, directly releasing the server login request.
Preferably, the determining unit is specifically configured to:
and executing more than one of the following judgments on the terminal address information: judging whether the terminal address information is a new address, judging whether the terminal address information belongs to a specific address field, and judging whether the terminal address information belongs to a preset address blacklist;
and if the judgment on the terminal address information meets more than one judgment result, determining that the terminal address information belongs to the login authentication range.
Preferably, the address obtaining unit is specifically configured to:
when the user terminal initiates a server connection request to the target server, acquiring the terminal address information from the server connection request, or;
and when the user terminal initiates the server login request to the target server, acquiring the terminal address information from the server login request.
Preferably, the interface output module includes:
the attack monitoring unit is used for monitoring whether the target server is attacked by the weak password within the current time period;
and the first output processing unit is used for outputting the virtual login interface comprising the confirmation button area if the target server is attacked by a weak password in the current time period, and otherwise, directly releasing the intercepted server login request.
Preferably, the interface output module includes:
an address obtaining unit, configured to obtain access source address information of the server login request;
the address judging unit is used for judging whether the access source address information belongs to an attacker IP list;
and the second output processing unit is used for outputting the virtual login interface comprising the confirmation button area if the access source address information belongs to the IP list of the attacker, and directly releasing the intercepted server login request if the access source address information does not belong to the IP list of the attacker.
In a third aspect, an embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program, when executed by a processor, implements the steps described in any implementation manner of the first aspect.
In a fourth aspect, an embodiment of the present invention provides an authentication apparatus for server login, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps described in any implementation manner of the first aspect when executing the program.
One or more technical solutions provided by the embodiments of the present invention have at least the following technical effects or advantages:
the server login request is intercepted before the server logs in the target server, so the server login request is not directly sent to the target server, but a virtual login interface for a user to execute certain login operation is output, the intercepted server login request is sent to the server only when the user executes the operation of the confirmation button area on the virtual login interface, and the operation of the confirmation button area on the virtual login interface is executed, the weak password scanning of a code scanner cannot be completed, so that when an illegal user attacks the target server through the weak password scanning, the target server cannot receive the server login request at all, the illegal user cannot log in the target server, the possibility of brute force in the login process is reduced, and the safety of the server can be improved.
And the process of issuing the verification code and inputting the verification code for verification by the server is not needed, so that the security of the server is improved, the verification complexity is not increased, the user experience is improved, and the waste of network resources is reduced.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
Fig. 1-1 is a flowchart of an authentication method for server login according to an embodiment of the present invention;
fig. 1-2 are schematic structural diagrams of a virtual login interface in an embodiment of the present invention;
FIGS. 1-3 are schematic diagrams of a connection interface for a remote desktop connection in an embodiment of the invention;
fig. 2 is a program module diagram of an authentication apparatus for server login according to an embodiment of the present invention;
fig. 3 is a block diagram of an authentication device for server login according to an embodiment of the present invention.
Detailed Description
The embodiment of the invention provides a verification method for server login, which aims to solve the technical problem that the server is not high in safety.
Exemplary embodiments of the present invention will be described in more detail below with reference to the accompanying drawings. While exemplary embodiments of the invention are shown in the drawings, it should be understood that the invention can be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the invention to those skilled in the art.
The verification method for server login provided by the embodiment of the invention can be applied to various occasions needing remote login to the target server, such as the situations that a new administrator account needs to be created for the target server, data resources on the target server needs to be managed, data resources on the target server are downloaded, data resources need to be uploaded to the target server, and the like. Preferably, the method can be applied to a user terminal carrying a Windows system, correspondingly, the target server is a Windows server, and the authentication method for server login is applied to occasions where the user terminal needs to remotely log in to the Windows server.
Fig. 1-1 is a flowchart of an authentication method for server login according to an embodiment of the present invention, and referring to fig. 1-1, the authentication method for server login includes the following steps:
step S101 is executed: the method comprises the steps of intercepting a server login request which is initiated by a user terminal and used for requesting to login a target server, wherein the server login request carries first login information required for logging in the target server.
In step S101, a server login request is initiated by a user terminal, and the specific implementation process is as follows:
the user terminal obtains the server address information input by the user, and initiates a server connection request to the target server according to the server address information. The target server causes the user terminal to connect to the target server in response to the received server connection request. And after the user terminal is connected to the target server, the user terminal initiates a server login request to the target server based on the server address information.
Specifically, the user terminal has a remote desktop connection application installed thereon, and the connection interface 130 of the remote desktop connection application may be as shown in fig. 1 to 3. The implementation manner of the target server initiating the server connection request may be:
the server connection request is initiated to the target server by acquiring the server address information input by the user in the connection interface 130 of the remote desktop connection application and initiating the server connection request to the server address information input by the user. The server address information may be an ip (internet protocol) address or a domain name of the target server.
Specifically, the implementation manner of the user terminal initiating the server login request to the target server based on the server address information may specifically be: and the user terminal outputs a real login interface for inputting the first login information to the user. The method comprises the steps of obtaining first login information input by a user on a real login interface, generating a server login request according to the first login information, and initiating the server login request to a target server based on server address information.
In the specific implementation process, the real login interface comprises a login information input area and more than one button control area, wherein the login information input area is used for inputting first login information for a user. The button control area includes a button for performing an operation of initiating a server login request, an operation of canceling a service login request, and the like to the user. The first login information comprises user name information and password information. The login information input area of the real login interface may include a user name input area for inputting user name information in the first login information and a user password input area for inputting a user password in the first login information.
Specifically, the user terminal may be a PC terminal or a mobile terminal. In a specific implementation process, the user terminal may be a personal computer, a smart phone, a tablet computer, a medical device, a vehicle-mounted device, a personal digital assistant, and the like, which are equipped with any operating system.
Next, a user terminal will be described by taking a Windows system as an example. Correspondingly, the target server is a Windows server, and the implementation process of step S101 is described by way of example, and based on this description, a person skilled in the art can know the implementation process of step S101 when the user terminal is equipped with another system:
in this embodiment, the remote desktop connection application is specifically a Windows remote desktop connection application.
The user inputs the server address information in the connection interface 130 of the Windows remote desktop connection application provided by the Windows system, a server connection request is initiated to the server address information input by the user, and the Windows server receives the server connection request, so that the user terminal is connected to the Windows server corresponding to the server address information. And after the user terminal is connected to the Windows server corresponding to the server address information, the user terminal outputs a real login interface provided by the Windows system. And generating a server login request based on first login information input to the real login interface by the user.
Referring to fig. 1 to 3, the connection interface 130 of the remote desktop connection application includes a server address filling area 131 and a connection button area 132, and in an actual application, in a case where the user terminal needs to remotely log in to the Windows server, the user terminal calls the installed remote desktop connection application and outputs the connection interface 130 to the user. Inputting the server address information of the Windows server to be connected in the server address filling-in area 131 in the connection interface 130, clicking the connection button area 132, in response to the click operation on the connection button area 132, the user terminal generates a server connection request, and transmits the server connection request to the Windows server according to the server address information in the address filling-in area 131. Thus, the corresponding Windows server can obtain the server connection request sent by the user terminal.
In the specific implementation process, there are various implementations of intercepting the server login request, and two implementations are given below:
the first implementation mode comprises the following steps: the user terminal which initiates the server login request by the same equipment intercepts the server login request. Specifically, an intercepting application plug-in for intercepting a server login request is installed on the user terminal, and the intercepting application plug-in runs on the user terminal. When a user terminal initiates a server login request, a server login request is intercepted through an interception application plug-in running on the user terminal.
The second embodiment: the user terminal initiating the server login request and the device intercepting the server login request do not belong to the same device. Specifically, the device for intercepting the server login request is an intermediate device between the target server and the user terminal initiating the server login request. The user terminal initiates a server login request to the target server through the intermediate device, and the intermediate device intercepts and captures the user terminal.
And in the third implementation mode, an interception application plug-in used for intercepting the server login request is installed on the equipment where the target server is located, and when the user terminal initiates the server login request, the server login request is intercepted through the interception application plug-in running on the equipment where the target server is located.
In the specific implementation process, the server login request initiated by each user terminal may be intercepted, and then steps S102 to S103 are performed, so as to verify whether each server login request initiated by each user terminal needs to be sent to the target server. The security of the target server can be absolutely ensured by the implementation mode.
In the specific implementation process, the timeliness of server login is improved. The interception condition for intercepting the server login request can also be set, the server login request initiated by the user terminal is intercepted when the current condition accords with the set interception condition, otherwise, the server login request initiated by the user terminal is directly released.
In the first embodiment, the interception condition may be set based on the terminal address information. Specifically, the interception conditions are as follows: the terminal address information of the user terminal belongs to the login verification range, and the specific implementation process is as follows:
acquiring terminal address information of a user terminal; judging whether the terminal address information of the user terminal belongs to a login authentication range or not; if so, executing the step of intercepting the server login request, otherwise, directly releasing the server login request.
The login verification range comprises more than one condition of belonging to a new address, a specific address field and a preset address blacklist.
Judging whether the terminal address information of the user terminal belongs to the login authentication range, specifically: executing more than one judgment of the following for the terminal address information of the user terminal: judging whether the terminal address information is a new address, judging whether the terminal address information belongs to a specific address field, and judging whether the terminal address information belongs to a preset address blacklist; and if the judgment on the terminal address information meets more than one judgment result, determining that the terminal address information belongs to the login authentication range.
In a specific implementation, the new address may be a new address for the target server, specifically, the terminal address information of the user terminal of the user who logs in to the target server from the first time the server is initiated is the new address. Therefore, whether the terminal address information is a new address or not is judged, and the specific implementation process is as follows:
and judging whether the user terminal corresponding to the terminal address information initiates a server login request to the target server for the first time, if so, determining that the terminal address information of the user terminal is a new address, and otherwise, indicating that the terminal address information of the user terminal is not the new address. By the implementation mode, the server login request can be intercepted only when the user terminal initiates the server login request to the target server for the first time, and the server login request is directly released when the same user terminal initiates the server login request to the target server again, so that the user terminal can directly log in the target server except the target server which is logged in for the first time and other target servers which are logged in for the later times, steps S102-S103 are avoided, the time for the user to log in the target server again is shortened, and the timeliness and the safety of the remote login server are both considered.
In a specific implementation process, the new address can also be a new address relative to an event of intercepting a server login request. Specifically, the first time a server login request initiated by a user terminal is intercepted, the terminal address information of the user terminal is a new address. Therefore, whether the terminal address information is a new address or not is judged, and the specific implementation process is as follows:
judging whether the user terminal intercepts a server login request initiated by the user terminal for the first time, if so, determining that the terminal address information of the user terminal is a new address, otherwise, indicating that the terminal address information of the user terminal is not the new address. By the implementation mode, the server login request can be intercepted when the user terminal initiates the server login request for the first time, the server login request is directly released when the same user terminal initiates the server login request again, and the server login request can be intercepted only when the user terminal initiates the server login request for the first time, so that the condition of intercepting the server login request is further reduced, and the time of normal users for logging in the server is further reduced.
In the specific implementation process, the specific address field may be set according to actual needs, for example, it may be set as an overseas IP address field, or may be set as an IP address field in some domestic area, or an IP address field in some overseas area.
In a specific implementation, the preset address blacklist may be an address blacklist obtained based on big data collection.
After step S101, step S102 is then performed: and responding to the event of intercepting the server login request, and outputting a virtual login interface comprising a confirmation button area, wherein the confirmation button area is used for accepting the operation of determining a login target server.
In the specific implementation process, the login process is simplified and the complexity of logging in the target server is reduced under the condition that the target server is relatively safe. Therefore, in step S102, a virtual login interface including a confirmation button area is output, and specifically, there may be a plurality of embodiments as follows, which are described below:
the first implementation mode comprises the following steps: monitoring whether the target server is attacked by the weak password within the current time period;
if the target server is attacked by the weak password in the current time period, outputting a virtual login interface comprising a confirmation button area, and if not, directly releasing the intercepted server login request.
Specifically, the current time period may be set according to actual requirements, for example, may be set as the current time, or may be set as the time of day, the week, or the like of the backward calculation from the current time.
For the application to the intermediate device, taking the target server as the Windows server as an example, the intermediate device directly monitors whether the Windows server is attacked by the weak password in the current time period, if the Windows server is attacked by the weak password in the current time period, the virtual login interface including the confirmation button area is output, otherwise, the intercepted server login request is directly released.
Similarly, for the user terminal that is applied to initiate the server login request, taking the target server as the Windows server as an example, when the user terminal initiates the server login request, a feedback message that is issued by the Windows server and used for representing whether the user terminal is attacked by the weak password is received. If the feedback message indicates that the Windows server is attacked by the weak password within the current time period, outputting a virtual login interface comprising a confirmation button area; otherwise, directly releasing the intercepted server login request.
The second embodiment: obtaining access source address information of a server login request; judging whether the access source address information belongs to an attacker IP list; if the access source address information belongs to the IP list of the attacker, outputting a virtual login interface comprising a confirmation button area, and if not, directly releasing the intercepted server login request.
In particular, the attacker IP list may be pre-established for the developer. Each attacker IP address in the attacker IP list is generated from weak password attack records of the target server, or from weak password attack records of a large number of servers including the target server.
In the specific implementation process, after the attacker IP list is generated, if a new weak password attack event aiming at the target server is obtained, the attacker IP address in the new weak password attack event is added into the attacker IP list, so that the attacker IP list is updated, and the attacker IP list is continuously perfected.
Specifically, a virtual login interface including a confirmation button area is output, and the implementation process is as follows:
first, step S1021 is executed: and generating a blank virtual login interface comprising a login information filling-in area and a confirmation button area.
It should be noted that the interface style of the blank virtual login interface is the same as the interface style of the real login interface used for inputting the first login information on the user terminal, so that the illusion that the user needs to login the server again is avoided, and the user experience is improved.
Specifically, the interface style may be the same as that of the login information filling area of the blank virtual login interface and that of the login information input area of the real login interface, such as the same position, size, and color. The button control area of the blank virtual login interface and the confirmation button area of the real login interface have the same size, are in the same position and have the same color. Of course, in particular implementations, there may be no limitations to the same items indicated above.
After step S1021, step S1022 is then executed: and writing second login information in the login information filling area to obtain a virtual login interface.
The second login information and the first login information meet preset similar conditions. Specifically, the implementation process of writing the second login information in the login information filling area may be as follows:
and acquiring first login information from the intercepted server login request, and determining second login information according to the first login information. And writing second login information in the login information filling area.
Specifically, the first login information may include user name information and password information required to login the target server. Of course, the first login information may also include other information, such as authentication code information. In a specific implementation process, the user name information may be a mailbox, a mobile phone number, a nickname, and the like. The cryptographic information may be in the form of pure letters, pure numbers, a combination of letters and numbers, and the like.
It should be noted that the second login information and the first login information satisfy a preset similar condition, which may specifically be: the second login information has the same user name information as the first login information, and the second login information and the first login information may have related password information while having the same user name information.
And aiming at the condition that the first login information comprises user name information and password information required by the login of the target server, the login information filling area comprises a user name filling sub-area and a password filling sub-area. Writing second login information in the login information filling area, wherein the specific implementation process can comprise the following steps 1-3:
step 1, obtaining first login information from the intercepted server login request.
And 2, extracting user name information required by the login of the target server from the first login information, writing the user name information in the login information filling area as the user name information in the second login information into the user name filling sub-area in the login information filling area.
Specifically, the user name information extracted from the second login information is directly written in the user name writing sub-area of the login information writing area.
And 3, generating a password related to the password information in the first login information, and writing the password information in the login information filling area as the password information in the second login information into a password filling sub-area in the login information filling area.
Specifically, step 3 has at least the following various embodiments:
the first implementation mode comprises the following steps: in the case that the password information in the first login information is unknown,
step 31: and acquiring the password digit of the password information in the first login information. In a specific implementation process, the password digit number of the password information in the first login information can be determined by detecting the byte length occupied by the password information in the first login information.
Step 32: and generating a random password with the same password digit as the password information in the first login information.
In a specific implementation, the random password is represented in a form in which the password is not visible. For example, each bit in the random password is represented by a fixed character. May be the characters asterisk, may also be the circular characters ●, etc.
Specifically, as shown in fig. 1-2, the output virtual login interface may be implemented by filling user name information in a user name filling sub-area 121 on the virtual login interface 120, filling a random password in a password filling sub-area 122 on the virtual login interface 120, and using a confirmation button area 123 on the virtual login interface 120 to accept a user operation, such as a click operation of the user.
The second embodiment: under the condition that the password information in the first login information can be known, the password information extracted from the first login information is directly acquired, and the password information extracted from the first login information is directly written into a password filling sub-area of the login information filling area as the password information in the second login information.
The third embodiment is as follows: under the condition that the password information in the first login information is unknown, a password picture related to the password information in the first login information can be generated and covers the password filling sub-area in the login information filling area. Specifically, the number of cipher bits in the generated cipher picture is the same as the number of cipher bits of the cipher information in the first login information.
After step S1022, step S1023 is then performed: and outputting the virtual login interface to the user terminal initiating the server login request.
In step S1023, a virtual login interface is output to the display interface of the user terminal, and the output virtual login interface is filled with the second login information.
In a specific implementation process, with reference to the foregoing embodiment, if an execution interception server login request installed on the user terminal for intercepting the application plug-in is executed to intercept the action, the intercepted application plug-in directly outputs a virtual login interface filled with the second login information to a display interface of the user terminal.
If the initiated server login request and the intercepted server login request are not on the same device, the intermediate device intercepting the server login request issues a virtual login interface filled with the second login information to the user terminal, and instructs the user terminal to output the virtual login interface filled with the second login information on a display interface of the user terminal.
After step S102, step S103 is then performed: if the operation on the confirmation button area is detected, sending the intercepted server login request to a target server, so that the user terminal logs in the target server based on the first login information; otherwise, the intercepted server login request is not sent to the target server.
Specifically, the operation on the confirmation button area is a click operation, if the click operation on the confirmation button area is detected, an intermediate device or a user terminal executing the server login request is used for operating an interception application plug-in, and the intercepted server login request is sent to the target server according to the server address information.
In the specific implementation process, in order to verify the validity of a user sending a login request, after a server login request initiated by a user terminal is intercepted, whether click operation on a confirmation button area exists or not is detected to judge the validity of the server login request, so that whether the server login request can cause insecurity of a target server or not is judged. Specifically, if the click operation on the confirmation button area is detected, the intermediate device intercepting the server login request or the application plugin is intercepted to obtain a corresponding click operation signal, so that it is determined that the server login request is sent by a legal user through a corresponding user terminal, and for a target server, it is safe for the user terminal initiating the server login request to log in the target server. The hacker can not click the confirmation button area when the hacker logs in the server and requests the hacker to log in the server through a weak password attack. Therefore, if the click operation to the confirmation button region is not detected, it can be determined that the server login request initiated by the illegal user is an intercepted server login request, which implies an insecure factor, that is, the server login request is insecure for the target server.
In practical application, since an illegal user, for example, a hacker, when performing brute force cracking, only uses a cracking tool to continuously and automatically scan a weak password in a weak password dictionary by a terminal, and packs the weak password, i.e., identity information, into a data packet according to a preset protocol to be directly sent to a server, that is, the hacker directly sends the data packet with the identity information to the server by the cracking tool to realize sending of a server login request, and the cracking tool cannot perform click determination operation on a confirmation button area when performing scanning sending. Therefore, according to whether the click operation is carried out on the confirmation button area, whether the intercepted server login request is sent by a legal user through the user terminal or sent by a hacker from the user terminal in a weak password mode can be judged, and whether the intercepted server login request is sent to the target server or not is determined, so that the server login request initiated by an illegal user is filtered. For the server, the security can be improved without any improvement.
In a specific implementation process, the server address of the target server may be obtained as follows:
the first method is as follows: when a user terminal initiates a server connection request to a target server, terminal address information is acquired from the server connection request.
The second method comprises the following steps: when a user terminal initiates a server login request to a target server, terminal address information is obtained from the server login request.
Based on steps S101 to S103, the blacklist of the preset address may be continuously updated, which is specifically implemented as follows:
in one embodiment, after a server login request is intercepted, if a click operation on a confirmation button area in a virtual login interface is not detected, terminal address information of a user terminal initiating the server login request is added to a preset address blacklist, so that the preset address blacklist is continuously updated.
Based on the same inventive concept, an embodiment of the present invention provides a verification apparatus for server login, where the apparatus embodiment corresponds to the foregoing method embodiment, and for convenience of reading, details in the foregoing method embodiment are not repeated in this apparatus embodiment one by one, but it should be clear that the apparatus in this embodiment can correspondingly implement all the contents in the foregoing method embodiment.
Fig. 2 is a block diagram of a program of an authentication apparatus for server login according to an embodiment of the present invention, referring to fig. 2, the authentication apparatus for server login includes:
a request intercepting module 201, configured to intercept a server login request initiated by a user terminal and used for requesting to login a target server, where the server login request carries first login information required by the login of the target server;
an interface output module 202, configured to output a virtual login interface including a confirmation button area in response to an event of intercepting a server login request, where the confirmation button area is used to accept an operation of determining a login target server;
the login request processing module 203 is configured to send the intercepted server login request to the target server if the operation on the confirmation button area is detected, so that the user terminal logs in to the target server based on the first login information; otherwise, the intercepted server login request is not sent to the target server.
In an implementation manner provided in this embodiment, the interface output module 202 includes:
the virtual interface generating unit is used for generating a blank virtual login interface comprising a login information filling area and a confirmation button area;
the information filling unit is used for writing second login information in the login information filling area to obtain a virtual login interface, wherein the second login information and the first login information meet preset similar conditions;
and the virtual interface output unit is used for outputting the virtual landing interface written with the second login information in the login information filling area to the user terminal initiating the server login request.
In an embodiment provided by this embodiment, an interface style of the blank virtual login interface is the same as an interface style of a real login interface used for inputting the first login information on the user terminal.
In an embodiment provided by this embodiment, the first login information includes user name information and password information required for logging in the target server, and the information filling unit includes:
the login information acquisition subunit is used for acquiring first login information from the intercepted server login request;
the information extraction subunit is used for extracting user name information required by the login of the target server from the first login information as the user name information in the second login information;
a password generation subunit, configured to generate a password related to the password information as password input information in the second login information;
the user name filling subunit is used for writing user name input information into a user name filling sub-area in the login information filling area;
and the password filling subunit is used for writing the password input information into the password filling sub-area in the login information filling area.
In an embodiment provided in this embodiment, the password generating subunit is specifically configured to:
detecting the password digit of the password information in the first login information;
a random password having the same password number as the password information is generated.
In an implementation manner provided in this embodiment, the request intercepting module 201 includes:
an address acquisition unit, configured to acquire terminal address information of a user terminal;
the judging unit is used for judging whether the terminal address information belongs to a login authentication range;
and the execution interception unit is used for executing the step of intercepting the server login request if the server login request is received, and otherwise, directly releasing the server login request.
In an implementation manner provided in this embodiment, the determining unit is specifically configured to:
and executing more than one of the following judgments on the terminal address information: judging whether the terminal address information is a new address, judging whether the terminal address information belongs to a specific address field, and judging whether the terminal address information belongs to a preset address blacklist;
and if the judgment on the terminal address information meets more than one judgment result, determining that the terminal address information belongs to the login authentication range.
In an implementation manner provided in this embodiment, the interface output module 202 includes:
the attack monitoring unit is used for monitoring whether the target server is attacked by the weak password within the current time period;
and the first output processing unit is used for outputting the virtual login interface comprising the confirmation button area if the target server is attacked by a weak password in the current time period, and otherwise, directly releasing the intercepted server login request.
In an implementation manner provided in this embodiment, the interface output module 202 includes:
an address obtaining unit, configured to obtain access source address information of the server login request;
the address judging unit is used for judging whether the access source address information belongs to an attacker IP list;
and the second output processing unit is used for outputting the virtual login interface comprising the confirmation button area if the access source address information belongs to the IP list of the attacker, and directly releasing the intercepted server login request if the access source address information does not belong to the IP list of the attacker.
In an implementation manner provided in this embodiment, the address obtaining unit is specifically configured to:
when a user terminal initiates a server connection request to a target server, acquiring terminal address information from the server connection request, or;
when a user terminal initiates a server login request to a target server, terminal address information is obtained from the server login request.
Based on the same inventive concept, as an implementation of the above method, an authentication device 30 for server login is provided in the embodiment of the present invention, fig. 3 is a schematic structural diagram of a server login device in the third embodiment of the present invention, and referring to fig. 3, the authentication device for server login includes: a memory 301, a processor 302, and a computer program 303 stored on the memory 301 and executable on the processor 302, the processor implementing the following steps when executing the program 303:
intercepting a server login request initiated by a user terminal and used for requesting to login a target server, wherein the server login request carries first login information required by login of the target server;
responding to an event for intercepting a server login request, and outputting a virtual login interface comprising a confirmation button area, wherein the confirmation button area is used for receiving and determining the operation of a login target server;
if the operation on the confirmation button area is detected, sending the intercepted server login request to a target server, so that the user terminal logs in the target server based on the first login information; otherwise, the intercepted server login request is not sent to the target server.
In the embodiment of the present invention, the processor may further implement the following steps when executing the program:
generating a blank virtual login interface comprising a login information filling area and a confirmation button area;
writing second login information in the login information filling area to obtain a virtual login interface, wherein the second login information and the first login information meet preset similar conditions;
and outputting the virtual login interface written with the second login information in the login information filling area to the user terminal initiating the server login request.
If the first login information includes user name information and password information required for logging in the target server, in the embodiment of the present invention, the following steps may also be implemented when the processor executes the program: acquiring first login information from the intercepted server login request;
extracting user name information required by a login target server from the first login information as user name information in second login information, and writing the user name information into a user name filling sub-area in the login information filling area;
and generating a password related to the password information in the first login information as the password information in the second login information, and writing the password information into a password filling sub-area in the login information filling area.
In the embodiment of the present invention, the processor may further implement the following steps when executing the program: generating a password related to password information in the first login information, including:
obtaining the password digit of the password information in the first login information;
and generating a random password with the same password digit as the password information in the first login information.
Preferably, intercepting a server login request initiated by a user terminal for requesting to login a target server includes:
acquiring terminal address information of a user terminal;
judging whether the terminal address information belongs to a login verification range;
if so, executing the step of intercepting the server login request, otherwise, directly releasing the server login request.
In the embodiment of the present invention, the processor may further implement the following steps when executing the program: and executing more than one of the following judgments on the terminal address information: judging whether the terminal address information is a new address, judging whether the terminal address information belongs to a specific address field, and judging whether the terminal address information belongs to a preset address blacklist;
and if the judgment on the terminal address information meets more than one judgment result, determining that the terminal address information belongs to the login authentication range.
In the embodiment of the present invention, the processor may further implement the following steps when executing the program: when a user terminal initiates a server connection request to a target server, acquiring terminal address information from the server connection request, or;
when a user terminal initiates a server login request to a target server, terminal address information is obtained from the server login request.
Based on the same inventive concept, the embodiment of the present invention provides a computer storage medium, on which a computer program is stored, and the above-mentioned instructions can be executed by the processor 302 of the authentication apparatus 30 shown in fig. 3 to implement the above-mentioned method. The computer storage medium is specifically a non-transitory computer readable storage medium, and specifically may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
The embodiment of the invention at least realizes the following technical effects or advantages:
the server login request is intercepted before the server logs in the target server, so the server login request is not directly sent to the target server, but a virtual login interface for a user to execute certain login operation is output, the intercepted server login request is sent to the server only when the user executes the operation of the confirmation button area on the virtual login interface, and the operation of the confirmation button area on the virtual login interface is executed, the weak password scanning of a code scanner cannot be completed, so that when an illegal user attacks the target server through the weak password scanning, the target server cannot receive the server login request at all, the illegal user cannot log in the target server, the possibility of brute force in the login process is reduced, and the safety of the server can be improved.
And the process of issuing the verification code and inputting the verification code for verification by the server is not needed, so that the security of the server is improved, the verification complexity is not increased, the user experience is improved, and the waste of network resources is reduced.
The algorithms and displays presented herein are not inherently related to any particular computer, virtual machine, or other apparatus. Various general purpose systems may also be used with the teachings herein. The required structure for constructing such a system will be apparent from the description provided above. Moreover, the present invention is not directed to any particular programming language. It is appreciated that a variety of programming languages may be used to implement the teachings of the present invention as described herein, and any descriptions of specific languages are provided above to disclose the best mode of the invention.
In the description provided herein, numerous specific details are set forth. It is understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.
Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof for the purpose of streamlining the disclosure and aiding in the understanding of one or more of the various inventive aspects. However, the disclosed method should not be interpreted as reflecting an intention that: that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the detailed description are hereby expressly incorporated into this detailed description, with each claim standing on its own as a separate embodiment of this invention.
Those skilled in the art will appreciate that the modules in the device in an embodiment may be adaptively changed and disposed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and furthermore they may be divided into a plurality of sub-modules or sub-units or sub-components. All of the features disclosed in this specification (including any accompanying claims, abstract and drawings), and all of the processes or elements of any method or apparatus so disclosed, may be combined in any combination, except combinations where at least some of such features and/or processes or elements are mutually exclusive. Each feature disclosed in this specification (including any accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.
Furthermore, those skilled in the art will appreciate that while some embodiments described herein include some features included in other embodiments, rather than other features, combinations of features of different embodiments are meant to be within the scope of the invention and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.
The various component embodiments of the invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or Digital Signal Processor (DSP) may be used in practice to implement some or all of the functions of some or all of the components in the intelligent camera system and network cameras according to embodiments of the present invention. The present invention may also be embodied as apparatus or system programs (e.g., computer programs and computer program products) for performing a portion or all of the methods described herein. Such programs implementing the present invention may be stored on computer-readable media or may be in the form of one or more signals. Such a signal may be downloaded from an internet website or provided on a carrier signal or in any other form.
It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention may be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In the unit claims enumerating several systems, several of these systems may be embodied by one and the same item of hardware. The usage of the words first, second and third, etcetera do not indicate any ordering. These words may be interpreted as names.
The invention discloses A1 and a verification method for server login, which comprises the following steps:
intercepting a server login request initiated by a user terminal and used for requesting to login a target server, wherein the server login request carries first login information required by login of the target server;
responding to an event for intercepting the server login request, and outputting a virtual login interface comprising a confirmation button area, wherein the confirmation button area is used for receiving and determining the operation of logging in the target server;
if the operation on the confirmation button area is detected, sending the intercepted server login request to the target server, so that the user terminal logs in the target server based on the first login information; otherwise, the intercepted server login request is not sent to the target server.
A2, the authentication method for server login as in A1, said outputting a virtual login interface including a confirmation button area, comprising:
generating a blank virtual login interface comprising a login information filling area and the confirmation button area;
writing second login information in the login information filling area to obtain the virtual login interface, wherein the second login information and the first login information meet preset similar conditions;
and outputting the virtual login interface written with the second login information in the login information filling area to a user terminal initiating the server login request.
A3, the verification method for server login as in A2, wherein the interface style of the blank virtual login interface is the same as the interface style of the real login interface used for inputting the first login information on the user terminal.
A4, the method for authenticating server login as described in a2, wherein the first login information includes user name information and password information required for logging in the target server, and the writing of the second login information in the login information filling area includes:
acquiring the first login information from the intercepted server login request;
extracting user name information required by logging in the target server from the first login information as user name information in the second login information, and writing the user name information into a user name filling sub-area in the login information filling area;
and generating a password related to the password information in the first login information as the password information in the second login information, and writing the password information into a password filling sub-area in the login information filling area.
A5, the authentication method for server login as in a4, the generating a password related to password information in the first login information, comprising:
obtaining the password digit of the password information in the first login information;
and generating a random password with the same password digit as the password information in the first login information.
A6, the method for verifying server login as any one of a1-a5, wherein the intercepting a server login request initiated by a user terminal for requesting to login a target server, comprises:
acquiring terminal address information of the user terminal;
judging whether the terminal address information belongs to a login authentication range;
if so, executing the step of intercepting the server login request, otherwise, directly releasing the server login request.
A7, the method for authenticating server login as defined in a6, wherein the determining whether the terminal address information belongs to a login authentication scope includes:
and executing more than one of the following judgments on the terminal address information: judging whether the terminal address information is a new address, judging whether the terminal address information belongs to a specific address field, and judging whether the terminal address information belongs to a preset address blacklist;
and if the judgment on the terminal address information meets more than one judgment result, determining that the terminal address information belongs to the login authentication range.
A8, the authentication method for server login as defined in a6, the acquiring terminal address information of the user terminal, comprising:
when the user terminal initiates a server connection request to the target server, acquiring the terminal address information from the server connection request, or;
and when the user terminal initiates the server login request to the target server, acquiring the terminal address information from the server login request.
A9, the method for authentication of a server login as in any one of a1-a5, the outputting a virtual login interface including a confirmation button area, comprising:
monitoring whether the target server is attacked by a weak password within the current time period;
and if the target server is attacked by the weak password in the current time period, outputting the virtual login interface comprising the confirmation button area, and otherwise, directly releasing the intercepted server login request.
A10, the method for authentication of a server login as in any one of a1-a5, the outputting a virtual login interface including a confirmation button area, comprising:
obtaining access source address information of the server login request;
judging whether the access source address information belongs to an attacker IP list;
and if the access source address information belongs to an attacker IP list, outputting the virtual login interface comprising the confirmation button area, and if not, directly releasing the intercepted server login request.
The invention discloses B11, an authentication device for server login, the device includes:
the system comprises a request intercepting module, a target server and a server, wherein the request intercepting module is used for intercepting a server login request which is initiated by a user terminal and is used for requesting to login a target server, and the server login request carries first login information required for logging in the target server;
the interface output module is used for responding to an event for intercepting the server login request and outputting a virtual login interface comprising a confirmation button area, wherein the confirmation button area is used for receiving and determining the operation of logging in the target server;
a login request processing module, configured to send the intercepted server login request to the target server if an operation on the confirmation button area is detected, so that the user terminal logs in to the target server based on the first login information; otherwise, the intercepted server login request is not sent to the target server.
B12, the authentication device for server login as described in B11, the interface output module comprising:
the virtual interface generating unit is used for generating a blank virtual login interface comprising a login information filling area and the confirmation button area;
an information filling unit, configured to write second login information in the login information filling area, and obtain the virtual login interface, where a preset similar condition is satisfied between the second login information and the first login information;
and the virtual interface output unit is used for outputting the virtual login interface written with the second login information in the login information filling area to a user terminal initiating the server login request.
B13, the authentication device for server login according to B12, wherein the interface style of the blank virtual login interface is the same as the interface style of the real login interface used for inputting the first login information on the user terminal.
B14, the authentication apparatus for server login as described in B12, wherein the first login information includes user name information and password information required for logging in the target server, and the information writing unit includes:
the information acquisition subunit is used for acquiring the first login information from the intercepted server login request;
a user name writing subunit, configured to extract, from the first login information, user name information required to log in the target server, to serve as the user name information in the second login information, and write the user name information into a user name filling sub-area in the login information filling area;
and the password writing subunit is used for generating a password related to the password information in the first login information, taking the password as the password information in the second login information, and writing the password into a password filling sub-area in the login information filling area.
B15, the authentication apparatus for server login as described in B14, wherein the password writing subunit is specifically configured to:
obtaining the password digit of the password information in the first login information;
and generating a random password with the same password digit as the password information in the first login information.
B16, the authentication device for server login as any one of B11-B15, the request interception module comprising:
an address obtaining unit, configured to obtain terminal address information of the user terminal;
the judging unit is used for judging whether the terminal address information belongs to a login authentication range or not;
and the execution interception unit is used for intercepting the server login request if the server login request is received, and otherwise, directly releasing the server login request.
B17, the authentication apparatus for server login as described in B16, wherein the determining unit is specifically configured to:
and executing more than one of the following judgments on the terminal address information: judging whether the terminal address information is a new address, judging whether the terminal address information belongs to a specific address field, and judging whether the terminal address information belongs to a preset address blacklist;
and if the judgment on the terminal address information meets more than one judgment result, determining that the terminal address information belongs to the login authentication range.
B18, the authentication apparatus for server login as described in B17, wherein the address obtaining unit is specifically configured to:
when the user terminal initiates a server connection request to the target server, acquiring the terminal address information from the server connection request, or;
and when the user terminal initiates the server login request to the target server, acquiring the terminal address information from the server login request.
B19, the authentication device for server login as any one of B11-B15, the interface output module comprising:
the attack monitoring unit is used for monitoring whether the target server is attacked by the weak password within the current time period;
and the first output processing unit is used for outputting the virtual login interface comprising the confirmation button area if the target server is attacked by a weak password in the current time period, and otherwise, directly releasing the intercepted server login request.
B20, the authentication apparatus for server login of any one of claims B11-B15, the interface output module comprising:
an address obtaining unit, configured to obtain access source address information of the server login request;
the address judging unit is used for judging whether the access source address information belongs to an attacker IP list;
and the second output processing unit is used for outputting the virtual login interface comprising the confirmation button area if the access source address information belongs to the IP list of the attacker, and directly releasing the intercepted server login request if the access source address information does not belong to the IP list of the attacker.
The invention discloses C21, a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of any of a1-a 10.
The invention discloses a D22 authentication device for server login, which comprises a memory, a processor and a computer program stored on the memory and running on the processor, wherein the processor executes the program to realize the steps of A1-A10.
Claims (16)
1. An authentication method for server login, comprising:
intercepting a server login request initiated by a user terminal and used for requesting to login a target server, wherein the server login request carries first login information required by logging in the target server;
responding to an event for intercepting the server login request, and outputting a virtual login interface comprising a confirmation button area, wherein the confirmation button area is used for receiving and determining the operation of logging in the target server;
if the operation on the confirmation button area is detected, sending the intercepted server login request to the target server, so that the user terminal logs in the target server based on the first login information; otherwise, not sending the intercepted server login request to the target server;
wherein the outputting comprises confirming a virtual login interface of the button area, comprising:
generating a blank virtual login interface comprising a login information filling area and the confirmation button area;
writing second login information in the login information filling area to obtain the virtual login interface, wherein the second login information and the first login information meet preset similar conditions;
outputting the virtual login interface written with the second login information in the login information filling area to a user terminal initiating the server login request;
the interface style of the blank virtual login interface is the same as the interface style of a real login interface used for inputting the first login information on the user terminal;
the first login information includes user name information and password information required for logging in the target server, and the writing of the second login information in the login information filling area includes:
acquiring the first login information from the intercepted server login request;
extracting user name information required for logging in the target server from the first login information as the user name information in the second login information, and writing the user name information into a user name filling sub-area in the login information filling area;
and generating a password related to the password information in the first login information as the password information in the second login information, and writing the password information into a password filling sub-area in the login information filling area.
2. An authentication method for server login according to claim 1, wherein said generating a password related to password information in said first login information comprises:
obtaining the password digit of the password information in the first login information;
and generating a random password with the same password digit as the password information in the first login information.
3. The authentication method for server login according to claim 1 or 2, wherein the intercepting of the server login request initiated by the user terminal for requesting to login to the target server comprises:
acquiring terminal address information of the user terminal;
judging whether the terminal address information belongs to a login verification range;
if so, executing the step of intercepting the server login request, otherwise, directly releasing the server login request.
4. The authentication method for server login according to claim 3, wherein said judging whether or not said terminal address information belongs to a login authentication range comprises:
and executing more than one of the following judgments on the terminal address information: judging whether the terminal address information is a new address, judging whether the terminal address information belongs to a specific address field, and judging whether the terminal address information belongs to a preset address blacklist;
and if the judgment on the terminal address information meets more than one judgment result, determining that the terminal address information belongs to the login authentication range.
5. The authentication method for server login according to claim 3, wherein said obtaining the terminal address information of the user terminal comprises:
when the user terminal initiates a server connection request to the target server, acquiring the terminal address information from the server connection request, or;
and when the user terminal initiates the server login request to the target server, acquiring the terminal address information from the server login request.
6. An authentication method for server login according to claim 5, wherein said outputting a virtual login interface including a confirmation button area comprises:
monitoring whether the target server is attacked by a weak password within the current time period;
and if the target server is attacked by the weak password in the current time period, outputting the virtual login interface comprising the confirmation button area, and otherwise, directly releasing the intercepted server login request.
7. An authentication method for server login according to claim 6, wherein said outputting a virtual login interface including a confirmation button area comprises:
obtaining access source address information of the server login request;
judging whether the access source address information belongs to an attacker IP list;
and if the access source address information belongs to an attacker IP list, outputting the virtual login interface comprising the confirmation button area, and if not, directly releasing the intercepted server login request.
8. An authentication apparatus for server login, the apparatus comprising:
the system comprises a request intercepting module, a target server and a server, wherein the request intercepting module is used for intercepting a server login request initiated by a user terminal and used for requesting to login a target server, and the server login request carries first login information required for logging in the target server;
the interface output module is used for responding to an event for intercepting the server login request and outputting a virtual login interface comprising a confirmation button area, wherein the confirmation button area is used for receiving and determining the operation of logging in the target server;
the login request processing module is used for sending the intercepted server login request to the target server if the operation on the confirmation button area is detected, so that the user terminal logs in the target server based on the first login information; otherwise, not sending the intercepted server login request to the target server;
wherein, the interface output module comprises:
a virtual interface generating unit for generating a blank virtual login interface including a login information filling area and the confirmation button area;
the information filling unit is used for writing second login information in the login information filling area to obtain the virtual login interface, wherein the second login information and the first login information meet preset similar conditions;
a virtual interface output unit configured to output the virtual login interface in which the second login information is written in the login information filling area to a user terminal that has initiated the server login request;
the interface style of the blank virtual login interface is the same as the interface style of a real login interface used for inputting the first login information on the user terminal;
the first login information includes user name information and password information required for logging in the target server, and the information filling unit includes:
the information acquisition subunit is used for acquiring the first login information from the intercepted server login request;
a user name writing subunit, configured to extract, from the first login information, user name information required to log in the target server, as user name information in the second login information, and write the user name information into a user name filling sub-area in the login information filling area;
and the password writing subunit is used for generating a password related to the password information in the first login information, and writing the password as the password information in the second login information into a password filling sub-area in the login information filling area.
9. An authentication apparatus for server login according to claim 8, wherein the password writing subunit is specifically configured to:
obtaining the password digit of the password information in the first login information;
and generating a random password with the same password digit as the password information in the first login information.
10. Authentication device for server login according to claim 7 or 8, wherein the request interception module comprises:
an address obtaining unit, configured to obtain terminal address information of the user terminal;
the judging unit is used for judging whether the terminal address information belongs to a login authentication range or not;
and the execution interception unit is used for intercepting the server login request if the server login request is received, and otherwise, directly releasing the server login request.
11. The authentication apparatus for server login according to claim 10, wherein the determining unit is specifically configured to:
and executing more than one of the following judgments on the terminal address information: judging whether the terminal address information is a new address, judging whether the terminal address information belongs to a specific address field, and judging whether the terminal address information belongs to a preset address blacklist;
and if the judgment on the terminal address information meets more than one judgment result, determining that the terminal address information belongs to the login authentication range.
12. The authentication apparatus for server login according to claim 11, wherein the address obtaining unit is specifically configured to:
when the user terminal initiates a server connection request to the target server, acquiring the terminal address information from the server connection request, or;
and when the user terminal initiates the server login request to the target server, acquiring the terminal address information from the server login request.
13. The authentication apparatus for server login according to claim 12, wherein the interface output module comprises:
the attack monitoring unit is used for monitoring whether the target server is attacked by the weak password within the current time period;
and the first output processing unit is used for outputting the virtual login interface comprising the confirmation button area if the target server is attacked by a weak password in the current time period, and otherwise, directly releasing the intercepted server login request.
14. The authentication apparatus for server login according to claim 13, wherein said interface output module comprises:
an address obtaining unit, configured to obtain access source address information of the server login request;
the address judging unit is used for judging whether the access source address information belongs to an attacker IP list;
and the second output processing unit is used for outputting the virtual login interface comprising the confirmation button area if the access source address information belongs to the IP list of the attacker, and directly releasing the intercepted server login request if the access source address information does not belong to the IP list of the attacker.
15. A computer-readable storage medium, on which a computer program is stored, which program, when being executed by a processor, carries out the steps of any of claims 1-7.
16. An authentication device for server login comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the steps of any of claims 1-7 are implemented when the processor executes the program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810301216.XA CN108712376B (en) | 2018-04-04 | 2018-04-04 | Verification method and device for server login |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201810301216.XA CN108712376B (en) | 2018-04-04 | 2018-04-04 | Verification method and device for server login |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN108712376A CN108712376A (en) | 2018-10-26 |
| CN108712376B true CN108712376B (en) | 2021-02-26 |
Family
ID=63867041
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201810301216.XA Expired - Fee Related CN108712376B (en) | 2018-04-04 | 2018-04-04 | Verification method and device for server login |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN108712376B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109840403B (en) * | 2019-01-14 | 2020-12-22 | 腾讯科技(深圳)有限公司 | Application login method and device, computer readable storage medium and computer equipment |
| CN110035088B (en) * | 2019-04-26 | 2021-08-24 | 厦门商集网络科技有限责任公司 | Method and equipment for automatically logging in remote control operating system based on RPA |
| CN112134780B (en) * | 2019-06-24 | 2022-09-13 | 腾讯科技(深圳)有限公司 | Information acquisition method and device, storage medium and electronic device |
| CN112398792B (en) * | 2019-08-15 | 2022-07-05 | 奇安信安全技术(珠海)有限公司 | Login protection method, client, central control management equipment and storage medium |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2003256803A (en) * | 2002-03-04 | 2003-09-12 | Fuji Photo Film Co Ltd | Picture managing method and device, and its program |
| CN102651739A (en) * | 2011-02-28 | 2012-08-29 | 阿里巴巴集团控股有限公司 | Login verification method, system and instant messaging (IM) server |
| CN104092542A (en) * | 2013-09-11 | 2014-10-08 | 腾讯科技(深圳)有限公司 | Account login method, device and system |
| CN106331758A (en) * | 2016-08-17 | 2017-01-11 | 陆阳 | Virtual replicable touch video display device |
| CN107846415A (en) * | 2017-12-11 | 2018-03-27 | 北京奇虎科技有限公司 | A kind of server log method and device |
-
2018
- 2018-04-04 CN CN201810301216.XA patent/CN108712376B/en not_active Expired - Fee Related
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2003256803A (en) * | 2002-03-04 | 2003-09-12 | Fuji Photo Film Co Ltd | Picture managing method and device, and its program |
| CN102651739A (en) * | 2011-02-28 | 2012-08-29 | 阿里巴巴集团控股有限公司 | Login verification method, system and instant messaging (IM) server |
| CN104092542A (en) * | 2013-09-11 | 2014-10-08 | 腾讯科技(深圳)有限公司 | Account login method, device and system |
| CN106331758A (en) * | 2016-08-17 | 2017-01-11 | 陆阳 | Virtual replicable touch video display device |
| CN107846415A (en) * | 2017-12-11 | 2018-03-27 | 北京奇虎科技有限公司 | A kind of server log method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN108712376A (en) | 2018-10-26 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108712376B (en) | Verification method and device for server login | |
| EP3420677B1 (en) | System and method for service assisted mobile pairing of password-less computer login | |
| WO2016188256A1 (en) | Application access authentication method, system, apparatus and terminal | |
| WO2016015436A1 (en) | Platform authorization method, platform server, application client, system, and storage medium | |
| WO2015035895A1 (en) | Methods, devices, and systems for account login | |
| CN111062024B (en) | Application login method and device | |
| US11658963B2 (en) | Cooperative communication validation | |
| CN111064757B (en) | Application access method and device, electronic equipment and storage medium | |
| US11770385B2 (en) | Systems and methods for malicious client detection through property analysis | |
| US8595106B2 (en) | System and method for detecting fraudulent financial transactions | |
| CN109861973A (en) | Information transferring method, device, electronic equipment and computer-readable medium | |
| CN113225351B (en) | Request processing method and device, storage medium and electronic equipment | |
| CN111314381A (en) | Safety isolation gateway | |
| WO2022227311A1 (en) | Access processing method for performing remote control on terminal, and device and storage medium | |
| CN111182537A (en) | Network access method, device and system for mobile application | |
| CN106331003A (en) | Method and device for accessing application portal system on cloud desktop | |
| CN104463584B (en) | The method for realizing mobile terminal App secure payments | |
| CN109450990A (en) | A kind of cloud storage implementation method and electronic equipment based on educational system | |
| CN106529216B (en) | Software authorization system and software authorization method based on public storage platform | |
| CN114866247B (en) | Communication method, device, system, terminal and server | |
| CN112995143B (en) | Safety reporting method, device, equipment and medium based on mail system | |
| CN110875903A (en) | Security defense method and device | |
| CN115664686A (en) | Login method, login device, computer equipment and storage medium | |
| CN112350982B (en) | Resource authentication method and device | |
| CN104063779A (en) | Email box attachment downloading method and email box attachment downloading system thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20210226 |