CN109951469B - Method, device, storage medium and server for creating domain name black and white list - Google Patents
Method, device, storage medium and server for creating domain name black and white list Download PDFInfo
- Publication number
- CN109951469B CN109951469B CN201910184592.XA CN201910184592A CN109951469B CN 109951469 B CN109951469 B CN 109951469B CN 201910184592 A CN201910184592 A CN 201910184592A CN 109951469 B CN109951469 B CN 109951469B
- Authority
- CN
- China
- Prior art keywords
- domain name
- domain
- name
- white list
- names
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention relates to the technical field of computers, and provides a method, a device, a storage medium and a server for creating a domain name black-and-white list. The method for creating the domain name black-and-white list comprises the steps of extracting a webview abnormal access domain name collected by an SDK directory of an APP, collecting illegal domain names reported by various users of the APP and creating the domain name black-and-white list in various modes by using a web crawler to crawl the illegal domain names recorded on a network; a white list of domain names is created in various ways by collecting legal domain names reported by all users of the APP and inquiring registered domain names of the cooperative business corresponding to the APP. Compared with the traditional single black and white list source mode, the method and the device have the advantages that the black and white list of the domain name is automatically collected and created in multiple modes, the more comprehensive black and white list of the domain name can be obtained, and the coverage of the list is effectively expanded.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method, a device, a storage medium and a server for creating a domain name black-and-white list.
Background
In the process of using business APP such as banks and credit, sometimes the domain name is hijacked, so that the APP jumps to an illegal page, and the property safety of the user is possibly threatened. Aiming at the problems, the method is usually adopted to create a domain name black and white list at present, namely if the domain name to be jumped is listed in the black list, the jump of the page is intercepted; and if the domain name to be jumped is listed in a white list, allowing the page jump to be executed. However, the current sources of the domain name black and white lists are mainly reported by each APP user, and the coverage is narrow.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method, an apparatus, a storage medium, and a server for creating a black-and-white name list of a domain name, which aim to solve the problem that a black-and-white name list of a domain name has a narrow coverage.
In a first aspect of the embodiments of the present invention, a method for creating a black and white list of domain names is provided, including:
extracting the collected webview abnormal access domain name from an SDK directory of the APP;
crawling illegal domain names recorded on a network by using a web crawler;
collecting illegal domain names and legal domain names reported by each user of the APP;
adding the abnormal webview access domain name, the illegal domain name reported by each user and the crawled illegal domain name to a domain name blacklist;
and adding the legal domain name reported by each user and the registered domain name under the partner name of the APP to a domain name white list.
In a second aspect of the embodiments of the present invention, an apparatus for creating a black and white list of domain names is provided, including:
the abnormal access domain name extraction module is used for extracting the collected webview abnormal access domain name from the SDK directory of the APP;
the illegal domain name crawling module is used for crawling illegal domain names recorded on the network by using a network crawler;
a reported domain name collecting module, configured to collect illegal domain names and legal domain names reported by users of the APP;
a domain name blacklist creation module, configured to add the abnormal webview access domain name, the illegal domain name reported by each user, and the crawled illegal domain name to a domain name blacklist;
and the domain name white list creating module is used for adding the legal domain name reported by each user and the registered domain name under the partner name of the APP to the domain name white list.
In a third aspect of the embodiments of the present invention, a computer-readable storage medium is provided, where computer-readable instructions are stored, and when executed by a processor, the computer-readable instructions implement the steps of the method for creating a black-and-white list of domain names as set forth in the first aspect of the embodiments of the present invention.
In a fourth aspect of the embodiments of the present invention, a server is provided, which includes a memory, a processor, and computer readable instructions stored in the memory and executable on the processor, where the processor executes the computer readable instructions to implement the steps of the method for creating a black-and-white list of domain names according to the first aspect of the embodiments of the present invention.
The invention provides a method for creating a domain name black-and-white list, which comprises the steps of extracting a webview abnormal access domain name collected by an SDK directory of an APP, collecting illegal domain names reported by various users of the APP and creating the domain name black-and-white list in various modes by using a web crawler to crawl the illegal domain names recorded on a network; a white list of domain names is created in various ways by collecting legal domain names reported by all users of the APP and inquiring registered domain names of the cooperative business corresponding to the APP. Compared with the traditional single black and white list source mode, the method and the device have the advantages that the black and white list of the domain name is automatically collected and created in multiple modes, the more comprehensive black and white list of the domain name can be obtained, and the coverage of the list is effectively expanded.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings needed to be used in the embodiments or the prior art descriptions will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
Fig. 1 is a flowchart of a first embodiment of a method for creating a black-and-white list of domain names according to an embodiment of the present invention;
fig. 2 is a flowchart of a second embodiment of a method for creating a black-and-white list of domain names according to an embodiment of the present invention;
fig. 3 is a block diagram of an embodiment of an apparatus for creating a black-and-white list of domain names according to an embodiment of the present invention;
fig. 4 is a schematic diagram of a server according to an embodiment of the present invention.
Detailed Description
The embodiment of the invention provides a method, a device, a storage medium and a server for creating a domain name black-and-white list, and aims to solve the problem of narrow coverage of the domain name black-and-white list.
In order to make the objects, features and advantages of the present invention more obvious and understandable, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without making any creative effort based on the embodiments in the present invention, belong to the protection scope of the present invention.
Referring to fig. 1, a first embodiment of a method for creating a black-and-white list of domain names according to an embodiment of the present invention includes:
101. extracting the collected webview abnormal access domain name from an SDK directory of the APP;
for Android-type APP, an Android SDK directory is provided for storing various files such as library files, compiling tool directories, API interface reference documents, development and debugging tools related to an Android platform, virtual machine management tools and the like. In addition, an abnormal access domain name recorded by a browser component webview adopted by the APP is also stored in the SDK directory. Specifically, a script program can be compiled, and the collected webview abnormal access domain name is searched and extracted from the SDK directory of the APP as a source mode of the domain name blacklist.
102. Crawling illegal domain names recorded on a network by using a web crawler;
the web crawler is a program capable of automatically extracting web page contents, the web crawler obtains URLs on initial web pages from URLs of one or a plurality of initial web pages, and continuously extracts new URLs from current web pages and puts the new URLs into a queue in the process of capturing the web pages until certain stop conditions are met. The network is full of massive information, various illegal domain names are included, and a certain number of illegal domain names can be captured from the network by using a web crawler to serve as a source mode of a domain name blacklist.
103. Collecting illegal domain names and legal domain names reported by all users of the APP;
in the process of using the APP by each user, if the page is hijacked to an illegal domain name, the illegal domain name can be reported to the server by oneself to serve as a source mode of a domain name blacklist. Similarly, if the user accesses a trusted legal domain name by using the APP, the user can also report the legal domain name to the server by himself to serve as a source mode of a domain name white list.
104. Adding the abnormal access domain name of the webview, the illegal domain name reported by each user and the crawled illegal domain name to a domain name blacklist;
when a domain name blacklist is created, the webview abnormal access domain name, the illegal domain name reported by each user and the crawled illegal domain name can be used as sources of the domain name blacklist. Compared with the traditional single domain name blacklist source mode, the embodiment of the invention adopts various modes to collect illegal domain names to create the domain name blacklist, and can obtain the domain name blacklist which is more comprehensive and has wider coverage.
Further, the embodiment of the present invention may further include the following steps:
(1) Acquiring hijacked records of the APP;
(2) Respectively counting the times of taking each domain name in the domain name blacklist as a hijacking domain name according to the hijacked record;
(3) And sequencing the domain names in the domain name blacklist according to the sequence of the times from large to small.
After the domain name blacklist is created, the domain names in the domain name blacklist can also be sorted. Specifically, the hijacked record of the APP can be obtained, then the times of taking each domain name in the domain name blacklist as the hijacked domain name (that is, the page of the APP is hijacked and jumps to the domain name) are respectively counted, and finally each domain name in the domain name blacklist is sorted according to the sequence of the times from large to small. When the domain name blacklist is adopted to intercept the skipping of the APP page, the target domain name to be skipped and each domain name in the domain name blacklist need to be matched one by one according to the sequence from top to bottom, and through the sorting optimization processing, the illegal domain name with high probability of hijacking the domain name can be preferentially matched, so that the domain name matching time is shortened, and the processing speed is increased.
105. And adding the legal domain name reported by each user and the registered domain name under the partner name of the APP to a domain name white list.
When creating the domain name white list, besides the legal domain name reported by each user, the registered domain name under the partner name of the APP is added to the domain name white list. As a partner of the APP, the registered domain name under the name of the APP is regarded as a reliable legal domain name and added to the created domain name white list. Compared with the traditional single domain name white list source mode, the embodiment of the invention adopts a plurality of modes to collect legal domain names to create the domain name white list, and can obtain the domain name white list which is more comprehensive and has wider coverage.
After the method provided by the embodiment of the invention creates the black and white list of the domain name, the black and white list of the domain name can be used for carrying out anti-hijack processing on the APP. The specific anti-hijack processing mode can be as follows:
(1) When the APP operates, if a page jump request is obtained, a target domain name pointed by the page jump request is obtained through analysis;
(2) Matching the target domain name with the domain name blacklist;
(3) Intercepting the page jump request if the target domain name is listed in the domain name blacklist;
(4) If the target domain name is not listed in the domain name blacklist, matching the target domain name with the domain name whitelist;
(5) If the target domain name is listed in the domain name white list, responding to the page skipping request, and skipping to a page pointed by the target domain name;
(6) If the target domain name is not listed in the domain name white list, outputting preset indication information to prompt a user to confirm, responding the page jump request if the user confirms, and otherwise intercepting the page jump request.
For example, an indication may be output of "may there be a risk of the page being accessed, continue to be accessed? If the user clicks to confirm the access, responding to the page skipping request, and skipping the page of the APP to the target domain name; and if the user clicks to reject the access, intercepting the page jump request, and not executing the jump of the page of the APP.
The embodiment of the invention provides a method for creating a domain name black-and-white list, which comprises the steps of extracting a webview abnormal access domain name collected by an SDK directory of an APP, collecting illegal domain names reported by various users of the APP and creating the domain name black-and-white list in various modes by using a web crawler to crawl the illegal domain names recorded on a network; a white list of domain names is created in various ways by collecting legal domain names reported by all users of the APP and inquiring registered domain names of the cooperative business corresponding to the APP. Compared with the traditional single black and white list source mode, the method and the device have the advantages that the black and white list of the domain name is automatically collected and created in multiple modes, the more comprehensive black and white list of the domain name can be obtained, and the coverage area is effectively expanded.
Referring to fig. 2, a second embodiment of a method for creating a black-and-white list of domain names according to the embodiment of the present invention includes:
201. extracting the collected webview abnormal access domain name from the SDK directory of the APP;
step 201 is the same as step 101, and the related description of step 101 can be referred to specifically.
202. Crawling a domain name containing a keyword on a network by using a web crawler in combination with the keyword which is constructed in advance;
in conjunction with pre-constructed keywords (which may be one or more), a web crawler is used to crawl domain names on the network that contain the keywords. For some illegal domain names, they always contain some specific keywords, such as "oroiu", "mexe", etc. Thus, a web crawler can be used to crawl domain names on the network that contain these keywords as a source of a domain name blacklist.
203. Inputting the crawled domain name into a domain name information inquiry system through a pre-programmed script file;
after the domain name containing the keyword on the network is crawled, the crawled domain name is input into a domain name information query system through a pre-programmed script file. The domain name information inquiry system is used for inquiring domain name related information, such as domain name registrants, domain name registration time, domain name expiration time, domain name state and the like. Specifically, a script file can be compiled, and the crawled domain name can be automatically input into a domain name information query system constructed by an information service provider.
204. Receiving registrant information returned by the domain name information inquiry system;
after the crawled domain name is input into the domain name information query system, the domain name information query system queries according to the input domain name, and can obtain and return corresponding registrant information.
205. Determining the registered domain name under the information name of the registrant as a crawled illegal domain name;
and after the registrant information returned by the domain name information inquiry system is received, determining the registered domain name under the name of the registrant information as the crawled illegal domain name. Since the registrant of the illegal domain name generally continuously registers a plurality of different illegal domain names, which is convenient for executing illegal activities, all or part of the registered domain names under the information name of the registrant can be determined as the crawled illegal domain names in order to obtain a more complete and comprehensive domain name blacklist.
Further, step 205 may include:
(1) Inquiring all registered domain names under the information name of the registrant;
(2) Respectively acquiring the registration date and the expiration date of each registered domain name;
(3) And determining the registered domain names with the registration dates after the preset date and the expiration dates after the current date in all the registered domain names as the crawled illegal domain names.
For domain names which are expired (that is, the expiration date is after the current date), or domain names which are registered for a long time (that is, the registration date is before the preset date), the domain names are generally not used as illegal domain names of hijacking users, so that the part of domain names can be removed from a blacklist to avoid the situation that the blacklist stores too many unnecessary domain names, and therefore, the times and time for matching the domain names can be reduced in the process of matching the domain names. Furthermore, before adding the domain name blacklist, the domain name blacklist can be checked through manual verification to decide whether a certain domain name is added to the domain name blacklist.
206. Collecting illegal domain names and legal domain names reported by each user of the APP;
207. adding the abnormal access domain name of the webview, the illegal domain name reported by each user and the crawled illegal domain name to a domain name blacklist;
steps 206-207 are the same as steps 103-104, and reference may be made specifically to the description of steps 103-104.
208. Inquiring a preset partner comparison table according to the name of the APP to obtain a corresponding partner;
when a domain name white list is constructed, the names of the APPs can be extracted, then the collaborators corresponding to the names of the APPs are obtained by inquiring a preset collaborator comparison table, and the number of the corresponding collaborators can be one or more.
209. Respectively acquiring the registration date and the expiration date of each registered domain name under the name of the partner;
after determining the corresponding collaborators, respectively acquiring the registration date and the expiration date of each registered domain name under the name of the collaborators. During specific operation, a script file can be compiled, the identity information of the partner is input into a domain name information query system constructed by an information service provider, all registered domain names with registrant information being the identity information are queried, and then the registration date and the expiration date of each registered domain name are respectively obtained.
210. And adding the legal domain name reported by each user and the registered domain names with registration dates after the preset date and expiration dates after the current date in all the registered domain names under the partner names to a domain name white list.
And finally, adding the legal domain names reported by the users and the registered domain names with registration dates after the preset date and expiration dates after the current date in all the registered domain names under the partner names to a domain name white list. When the registered domain names under the partner names are added to the domain name white list, domain names which are expired and domain names which are registered for a long time are removed, and the domain names can be not used any more, so that the domain names are not required to be added to the domain name white list, and the processing speed when the domain names are matched is prevented from being influenced due to the fact that the domain names which are too much unnecessary are stored in the domain name white list.
The invention provides a method for creating a domain name black-and-white list, which comprises the steps of extracting a webview abnormal access domain name collected by an SDK directory of an APP, collecting illegal domain names reported by various users of the APP and creating the domain name black-and-white list in various modes by using a web crawler to crawl the illegal domain names recorded on a network; a white list of domain names is created in various ways by collecting legal domain names reported by all users of the APP and inquiring registered domain names of the cooperators corresponding to the APP. And when a web crawler is used for crawling illegal domain names recorded on the network, the crawled domain names are input into a domain name information query system through a pre-compiled script file, registrant information returned by the domain name information query system is received, and the registered domain names under the registrant information names are determined to be the crawled illegal domain names, so that a more complete and comprehensive domain name blacklist can be obtained. When the registered domain names under the partner names are added to the domain name white list, the domain names which are out of date and the domain names which are registered for a long time can be eliminated, excessive unnecessary domain names stored in the domain name white list can be avoided, and the processing speed when the domain names are matched is guaranteed. Compared with the traditional single black and white list source mode, the method and the device have the advantages that the black and white list of the domain name is automatically collected and created in multiple modes, the more comprehensive black and white list of the domain name can be obtained, and the coverage is effectively expanded.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.
The above mainly describes a method for creating a domain name black-and-white list, and a device for creating a domain name black-and-white list will be described in detail below.
Referring to fig. 3, an embodiment of an apparatus for creating a black-and-white list of domain names according to the embodiment of the present invention includes:
the abnormal access domain name extraction module 301 is configured to extract the collected webview abnormal access domain name from the SDK directory of the APP;
an illegal domain name crawling module 302, configured to crawl an illegal domain name recorded on a network using a web crawler;
a reported domain name collecting module 303, configured to collect illegal domain names and legal domain names reported by users of the APP;
a domain name blacklist creating module 304, configured to add the webview abnormal access domain name, the illegal domain name reported by each user, and the crawled illegal domain name to a domain name blacklist;
a domain name white list creating module 305, configured to add the legal domain name reported by each user and the registered domain name under the partner name of the APP to a domain name white list.
Further, the illegal domain name crawling module may include:
the domain name crawling unit is used for crawling a domain name containing the keyword on a network by using a web crawler in combination with the keyword which is constructed in advance;
the domain name information query unit is used for inputting the crawled domain name into a domain name information query system through a pre-programmed script file;
the registrant information receiving unit is used for receiving the registrant information returned by the domain name information inquiry system;
and the illegal domain name determining unit is used for determining the registered domain name under the information name of the registrant as the crawled illegal domain name.
Further, the illegal domain name determination unit may include:
a registered domain name information inquiry subunit, configured to inquire all registered domain names under the registrant information name;
a date acquisition subunit, configured to acquire a registration date and an expiration date of each of the registered domain names, respectively;
and the illegal domain name determining subunit is used for determining the registered domain names with the registration dates after the preset date and the expiration dates after the current date in all the registered domain names as the crawled illegal domain names.
Further, the domain name white list creation module may include:
the partner inquiring unit is used for inquiring a preset partner comparison table according to the name of the APP to obtain a corresponding partner;
a date acquisition unit, configured to acquire a registration date and an expiration date of each registered domain name under the partner name, respectively;
a domain name white list creating unit, configured to add, to the domain name white list, registered domain names whose registration dates are after a preset date and whose expiration dates are after a current date in all registered domain names under the partner name.
Further, the apparatus for creating a black and white list of domain names may further include:
the hijacked record acquisition module is used for acquiring the hijacked record of the APP;
the hijacking frequency counting module is used for respectively counting the frequency of each domain name in the domain name blacklist as a hijacking domain name according to the hijacked record;
and the domain name sorting module is used for sorting the domain names in the domain name blacklist according to the sequence of the times from large to small.
Embodiments of the present invention further provide a computer-readable storage medium, which stores computer-readable instructions, and when executed by a processor, the computer-readable instructions implement the steps of any one of the methods for creating a black-and-white list of domain names as shown in fig. 1 or fig. 2.
Embodiments of the present invention further provide a server, which includes a memory, a processor, and computer readable instructions stored in the memory and executable on the processor, where the processor executes the computer readable instructions to implement the steps of any one of the methods for creating a black-and-white list of domain names as shown in fig. 1 or fig. 2.
Fig. 4 is a schematic diagram of a server according to an embodiment of the present invention. As shown in fig. 4, the server 4 of this embodiment includes: a processor 40, a memory 41, and computer readable instructions 42 stored in the memory 41 and executable on the processor 40. The processor 40, when executing the computer readable instructions 42, implements the steps in the various method embodiments described above for creating a black and white list of domain names, such as the steps 101-105 shown in fig. 1. Alternatively, the processor 40, when executing the computer readable instructions 42, implements the functions of the modules/units in the above device embodiments, such as the functions of the modules 301 to 305 shown in fig. 3.
Illustratively, the computer readable instructions 42 may be partitioned into one or more modules/units that are stored in the memory 41 and executed by the processor 40 to implement the present invention. The one or more modules/units may be a series of computer-readable instruction segments capable of performing certain functions, which are used to describe the execution of the computer-readable instructions 42 in the server 4.
The server 4 may be a desktop computer, a notebook, a palm computer, a cloud server, or other computing devices. The server 4 may include, but is not limited to, a processor 40, a memory 41. Those skilled in the art will appreciate that fig. 4 is merely an example of a server 4 and does not constitute a limitation of server 4 and may include more or fewer components than shown, or some components in combination, or different components, e.g., server 4 may also include input output devices, network access devices, buses, etc.
The Processor 40 may be a CentraL Processing Unit (CPU), other general purpose Processor, a DigitaL SignaL Processor (DSP), an AppLication Specific Integrated Circuit (ASIC), an off-the-shelf ProgrammabLe Gate Array (FPGA) or other ProgrammabLe logic device, discrete Gate or transistor logic device, discrete hardware component, etc. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
The memory 41 may be an internal storage unit of the server 4, such as a hard disk or a memory of the server 4. The memory 41 may also be an external storage device of the server 4, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure DigitaL (SD) Card, a FLash memory Card (FLash Card), or the like, provided on the server 4. Further, the memory 41 may also include both an internal storage unit of the server 4 and an external storage device. The memory 41 is used to store the computer readable instructions and other programs and data required by the server. The memory 41 may also be used to temporarily store data that has been output or is to be output.
It can be clearly understood by those skilled in the art that, for convenience and simplicity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In addition, functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention, which is substantially or partly contributed by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U disk, a removable hard disk, a Read-OnLy Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (9)
1. A method for creating a black and white list of domain names, comprising:
extracting the collected webview abnormal access domain name from an SDK directory of the APP;
crawling illegal domain names recorded on a network by using a web crawler;
collecting illegal domain names and legal domain names reported by all users of the APP;
adding the abnormal access domain name of the webview, the illegal domain name reported by each user and the crawled illegal domain name to a domain name blacklist;
adding the legal domain name reported by each user and the registered domain name under the partner name of the APP to a domain name white list;
wherein the adding the registered domain name under the partner name of the APP to the domain name white list comprises:
inquiring a preset partner comparison table according to the name of the APP to obtain a corresponding partner;
respectively acquiring the registration date and the expiration date of each registered domain name under the name of the partner;
and adding the registered domain names with the registration dates after the preset date and the expiration dates after the current date in all the registered domain names under the partner names to the domain name white list.
2. The method of creating a black and white list of domain names according to claim 1, wherein crawling illegal domain names recorded on a network using a web crawler comprises:
combining pre-constructed keywords, and crawling a domain name containing the keywords on a network by using a web crawler;
inputting the crawled domain name into a domain name information query system through a pre-programmed script file;
receiving registrant information returned by the domain name information inquiry system;
and determining the registered domain name under the information name of the registrant as the crawled illegal domain name.
3. The method of creating a black and white list of domain names according to claim 2, wherein the determining the registered domain name under the registrant information name as a crawled illegal domain name comprises:
inquiring all registered domain names under the information name of the registrant;
respectively acquiring the registration date and the expiration date of each registered domain name;
and determining the registered domain name with the registration date after the preset date and the expiration date after the current date in all the registered domain names as the crawled illegal domain name.
4. The method for creating a black and white list of domain names according to any one of claims 1 to 3, further comprising:
acquiring hijacked records of the APP;
respectively counting the times of taking each domain name in the domain name blacklist as a hijacked domain name according to the hijacked record;
and sequencing the domain names in the domain name blacklist according to the sequence of the times from large to small.
5. An apparatus for creating a black and white list of domain names, comprising:
the abnormal access domain name extraction module is used for extracting the collected webview abnormal access domain name from the SDK directory of the APP;
the illegal domain name crawling module is used for crawling illegal domain names recorded on the network by using a network crawler;
a reported domain name collecting module, configured to collect illegal domain names and legal domain names reported by users of the APP;
a domain name blacklist creation module, configured to add the webview abnormal access domain name, the illegal domain name reported by each user, and the crawled illegal domain name to a domain name blacklist;
a domain name white list creating module, configured to add the legal domain name reported by each user and the registered domain name under the partner name of the APP to a domain name white list;
wherein the domain name white list creation module comprises:
the partner inquiring unit is used for inquiring a preset partner comparison table according to the name of the APP to obtain a corresponding partner;
a date acquisition unit, configured to acquire a registration date and an expiration date of each registered domain name under the partner name, respectively;
and the domain name white list creating unit is used for adding the registered domain names with the registration dates after the preset date and the expiration dates after the current date in all the registered domain names under the partner names to the domain name white list.
6. A computer readable storage medium storing computer readable instructions, which when executed by a processor implement the steps of the method of creating a black and white list of domain names according to any one of claims 1 to 4.
7. A server comprising a memory, a processor, and computer readable instructions stored in the memory and executable on the processor, wherein the processor when executing the computer readable instructions performs the steps of:
extracting the collected webview abnormal access domain name from the SDK directory of the APP;
crawling illegal domain names recorded on a network by using a web crawler;
collecting illegal domain names and legal domain names reported by each user of the APP;
adding the abnormal webview access domain name, the illegal domain name reported by each user and the crawled illegal domain name to a domain name blacklist;
adding the legal domain name reported by each user and the registered domain name under the partner name of the APP to a domain name white list;
wherein the adding the registered domain name under the partner name of the APP to the domain name white list comprises:
inquiring a preset partner comparison table according to the name of the APP to obtain a corresponding partner;
respectively acquiring the registration date and the expiration date of each registered domain name under the name of the partner;
and adding the registered domain names with the registration dates after the preset date and the expiration dates after the current date in all the registered domain names under the partner names to the domain name white list.
8. The server according to claim 7, wherein the crawling, using a web crawler, for illegitimate domain names recorded on a network comprises:
crawling a domain name containing a keyword on a network by using a web crawler in combination with the keyword which is constructed in advance;
inputting the crawled domain name into a domain name information inquiry system through a pre-programmed script file;
receiving registrant information returned by the domain name information inquiry system;
and determining the registered domain name under the information name of the registrant as the crawled illegal domain name.
9. The server according to claim 8, wherein the determining the registered domain name under the registrant information name as the crawled illegal domain name comprises:
inquiring all registered domain names under the information name of the registrant;
respectively acquiring the registration date and the expiration date of each registered domain name;
and determining the registered domain names with the registration dates after the preset date and the expiration dates after the current date in all the registered domain names as the crawled illegal domain names.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910184592.XA CN109951469B (en) | 2019-03-12 | 2019-03-12 | Method, device, storage medium and server for creating domain name black and white list |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910184592.XA CN109951469B (en) | 2019-03-12 | 2019-03-12 | Method, device, storage medium and server for creating domain name black and white list |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109951469A CN109951469A (en) | 2019-06-28 |
| CN109951469B true CN109951469B (en) | 2023-02-03 |
Family
ID=67009607
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910184592.XA Active CN109951469B (en) | 2019-03-12 | 2019-03-12 | Method, device, storage medium and server for creating domain name black and white list |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109951469B (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110955887B (en) * | 2019-10-15 | 2022-05-06 | 杭州未名信科科技有限公司 | Abnormal behavior detection method and device |
| CN112543238B (en) * | 2020-12-08 | 2022-06-14 | 光通天下网络科技股份有限公司 | Domain name over-white list optimization method, device, equipment and medium |
| CN112860969A (en) * | 2021-02-25 | 2021-05-28 | 武汉思普崚技术有限公司 | Domain name classification matching method and device |
| CN113099441B (en) * | 2021-03-29 | 2022-11-18 | Oppo广东移动通信有限公司 | Website management method, website management platform, electronic device and medium |
| CN113239254A (en) * | 2021-04-27 | 2021-08-10 | 国家计算机网络与信息安全管理中心 | Card issuing platform-oriented active discovery method and device |
| CN114928476A (en) * | 2022-04-27 | 2022-08-19 | 北京天融信网络安全技术有限公司 | Target file security detection method and detection device |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105141598A (en) * | 2015-08-14 | 2015-12-09 | 中国传媒大学 | APT (Advanced Persistent Threat) attack detection method and APT attack detection device based on malicious domain name detection |
| CN108200034A (en) * | 2017-12-27 | 2018-06-22 | 新华三信息安全技术有限公司 | A kind of method and device for identifying domain name |
| CN108282455A (en) * | 2017-09-28 | 2018-07-13 | 广州市动景计算机科技有限公司 | Web-page requests method, apparatus and domain-name information analysis result processing method, device |
| CN109413045A (en) * | 2018-09-26 | 2019-03-01 | 中国联合网络通信集团有限公司 | A kind of access control system and method |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8307431B2 (en) * | 2008-05-30 | 2012-11-06 | At&T Intellectual Property I, L.P. | Method and apparatus for identifying phishing websites in network traffic using generated regular expressions |
| US9516058B2 (en) * | 2010-08-10 | 2016-12-06 | Damballa, Inc. | Method and system for determining whether domain names are legitimate or malicious |
-
2019
- 2019-03-12 CN CN201910184592.XA patent/CN109951469B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105141598A (en) * | 2015-08-14 | 2015-12-09 | 中国传媒大学 | APT (Advanced Persistent Threat) attack detection method and APT attack detection device based on malicious domain name detection |
| CN108282455A (en) * | 2017-09-28 | 2018-07-13 | 广州市动景计算机科技有限公司 | Web-page requests method, apparatus and domain-name information analysis result processing method, device |
| CN108200034A (en) * | 2017-12-27 | 2018-06-22 | 新华三信息安全技术有限公司 | A kind of method and device for identifying domain name |
| CN109413045A (en) * | 2018-09-26 | 2019-03-01 | 中国联合网络通信集团有限公司 | A kind of access control system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109951469A (en) | 2019-06-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109951469B (en) | Method, device, storage medium and server for creating domain name black and white list | |
| CN109743315B (en) | Behavior identification method, behavior identification device, behavior identification equipment and readable storage medium for website | |
| US10243967B2 (en) | Method, apparatus and system for detecting fraudulant software promotion | |
| US10216848B2 (en) | Method and system for recommending cloud websites based on terminal access statistics | |
| US7860971B2 (en) | Anti-spam tool for browser | |
| CN107368856B (en) | Malicious software clustering method and device, computer device and readable storage medium | |
| CN107341395B (en) | Method for intercepting reptiles | |
| CN110213234B (en) | Application program file developer identification method, device, equipment and storage medium | |
| CN110781372B (en) | Method and device for optimizing website, computer equipment and storage medium | |
| CN110851339A (en) | Method and device for reporting buried point data, storage medium and terminal equipment | |
| CN115329177A (en) | Data processing method, device, storage medium and program product | |
| CN110941530A (en) | Method and device for acquiring monitoring data, computer equipment and storage medium | |
| CN106611029B (en) | Method and device for improving search efficiency in website | |
| CN114139161A (en) | Method, device, electronic equipment and medium for batch vulnerability detection | |
| CN111932076B (en) | Rule configuration and release method and device and computing equipment | |
| CN111625700B (en) | Anti-grabbing method, device, equipment and computer storage medium | |
| CN107220262B (en) | Information processing method and device | |
| CN108038233B (en) | Method and device for collecting articles, electronic equipment and storage medium | |
| CN107784054B (en) | Page publishing method and device | |
| CN111737542B (en) | Medicine entity information searching method and storage medium | |
| CN106611022B (en) | Method and device for improving search efficiency in website | |
| CN114528313A (en) | Data processing method and device and electronic equipment | |
| CN114416806A (en) | Method and device for acquiring power safety knowledge data and computer equipment | |
| CN110851367B (en) | AST-based method and device for evaluating source code leakage risk and electronic equipment | |
| CN113094283A (en) | Data acquisition method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |