CN110035068B - Sealing forbidding method and device for anti-grabbing station system - Google Patents
Sealing forbidding method and device for anti-grabbing station system Download PDFInfo
- Publication number
- CN110035068B CN110035068B CN201910192236.2A CN201910192236A CN110035068B CN 110035068 B CN110035068 B CN 110035068B CN 201910192236 A CN201910192236 A CN 201910192236A CN 110035068 B CN110035068 B CN 110035068B
- Authority
- CN
- China
- Prior art keywords
- access
- forbidden
- return value
- specific interface
- return
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/951—Indexing; Web crawling techniques
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1425—Traffic logging, e.g. anomaly detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1466—Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention provides a sealing forbidding method and a sealing forbidding device for an anti-grabbing station system, wherein the method comprises the following steps: analyzing access log data in real time, and judging that when the number of times of requesting access to a specific interface within a first set time period exceeds a first set threshold value, the access IP is marked as a forbidden IP; when the forbidden IP sends an access request to the specific interface again, the access request is intercepted, and a dynamically transformed return value representing normal access is returned to the forbidden IP address. According to the technical scheme of the invention, the IP with the access times larger than the set threshold is monitored, and the return value of the IP is set, so that the seal forbidding effect is more durable and effective.
Description
Technical Field
The invention relates to the field of network security, in particular to a method and a device for forbidding seal of a reverse grabbing station system.
Background
Websites output data to users, some of whom for various reasons use machines to simulate human web page access requests. Such machine accesses are typically large and frequent, and can adversely affect the health of the server. And the risk that the core data of the website is crawled by lawless persons or the core interface is massively brushed exists.
In the process of implementing the invention, the inventor finds that at least the following problems exist in the prior art:
in the prior art, the access times are frequently and a large number of access IPs are shielded, and the method of immediately blocking is easy for lawless persons to find the means used by the website side anti-capture system, so that lawless persons can quickly find the shielded IPs and make other attempts, and the lawless persons can analyze the reason of blocking if finding that they are blocked, and then improve their programs in a targeted manner to bypass the shielding manner for access to achieve their purposes. One side of the web site then needs to continue to compete against it, adding effort and difficulty to the web site's maintenance work.
Disclosure of Invention
The embodiment of the invention provides a seal forbidding method and a seal forbidding device for a reverse station grabbing system, wherein the seal forbidding effect is more durable and effective by monitoring an IP with the access times larger than a set threshold value and setting a return value of the IP.
In one aspect, an embodiment of the present invention provides a seal forbidding method for an anti-grabbing station system, where the method includes:
analyzing access log data in real time, and judging that when the number of times of requesting access to a specific interface within a first set time period exceeds a first set threshold value, the access IP is marked as a forbidden IP;
when the forbidden IP sends an access request to the specific interface again, the access request is intercepted, and a return value which can be dynamically transformed and represents normal access is returned to the forbidden IP address.
In another aspect, an embodiment of the present invention provides a seal forbidding device for an anti-grabbing station system, where the device includes:
the IP seal forbidding unit is used for analyzing the access log data in real time and judging that the access IP is marked as the seal forbidding IP when the number of times of requesting to access a specific interface in a first set time period exceeds a first set threshold;
and the access value returning unit is used for intercepting the access request and returning a dynamically convertible return value representing normal access to the forbidden IP address when the forbidden IP sends the access request to the specific interface again.
The technical scheme has the following beneficial effects:
according to the technical scheme of the application, as the new blocking method is adopted in the blocking part of the anti-website-grabbing system, the normal access value is returned to the blocked IP address, so that lawless persons cannot perceive that the lawless persons are blocked when the IP of the lawless persons is blocked, the working principle of the website anti-website-grabbing system cannot be deduced according to the access result, and the core data of the website is effectively prevented from being crawled by the lawless persons, or the core interface is prevented from being massively flushed.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flow chart of a sealing method according to one embodiment of the present invention;
FIG. 2 is a flow chart of a seal-forbidding method according to one embodiment of the present invention;
FIG. 3 is a flowchart of a seal-disabling method according to one embodiment of the present invention;
fig. 4 is a schematic structural diagram of a seal-inhibiting device according to an embodiment of the present invention.
Fig. 5 is a schematic structural diagram of a seal-inhibiting device according to an embodiment of the present invention.
Fig. 6 is a schematic structural diagram of a seal-inhibiting device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, the invention provides a method for disabling a reverse grabbing station system, which includes:
101. analyzing access log data in real time, and judging that when the number of times of requesting access to a specific interface within a first set time period exceeds a set threshold value, the access IP is marked as a forbidden IP;
102. and when the forbidden IP sends an access request to the specific interface again, intercepting the access request and returning a dynamically transformable return value representing normal access to the IP address.
And the anti-grab station system analyzes the data in real time, and stores certain ips into the database if the certain ips request certain interfaces more than N times per day. In a containment system, the containment ip list is periodically read from the database. For the ip address A and the specific interface O which are forbidden, if A sends out an http request of a request O, then:
according to the format F agreed in advance, returning data F (O) of the format to A, wherein the http state returned is 200 (the return of the normal request which is not blocked is 200).
Format F may refer to the normal return value format of O. The presence of a special field in F requires special handling by the blocking system.
If a certain website has an interface O: com/uu 13334562345; if the interface is very critical, the mobile phone number is input, and whether the user exists in the website or not is returned. The interface can be accessed by lawless persons in batch by writing programs, and then the interface can obtain whether any mobile phone number exists in a website and registers an account number in batch.
This interface return value is:
either { "exist": true } or { "exist": false }
Now, the format f (o) { "exist": true }is defined
If the anti-capture station system finds that the IP address is IP of A, the O interface is accessed for more than a first set threshold value for 5000 times a day, and the A is added into a forbidden IP list and stored in a database.
At which point the containment system reads a through the database. And then if A initiates access to O again, the blocking system returns F (O) to the request, namely { "exists": true } is returned, and the http status code is 200. It looks like it is not blocked, but is blocked, and the return of this data is invalid.
In fact, the setting mode of the return value which can be dynamically transformed and represents normal access is further provided by the application, how to make the return value more real and make the return value look like being not forbidden.
Further preferably, as shown in fig. 2, before analyzing the access log data in real time and determining that the access IP is marked as a forbidden IP when the number of times of requesting access to a specific interface within a first set time period by the access IP exceeds a first set threshold, the method further includes:
100. and setting the return value returned to the forbidden IP as a dynamically transformable return value representing normal access.
Further, the method further comprises:
after the access IP is marked as a forbidden IP, counting the number of times that the forbidden IP accesses the specific interface in each second set time period;
when the next second set time period is reached, if the number of times of the forbidden IP accessing the specific interface is greater than a second set threshold value, replacing a mode generated by a return value, and clearing the number of times of the forbidden IP accessing the specific interface; otherwise, directly clearing the times of forbidding the IP to access the specific interface.
Returning real data for the ip which is not sealed, namely whether the user exists in the website or not, wherein the return { "exist": true } exists, and the return { "exist": false } does not exist
For the blocked ip, according to the technical scheme of the application, whether the user registers in the website or not, the data returns { "exist": true }, and the lawless persons cannot immediately find the exception in the data. It is much less noticeable if method F is processed according to the following template.
In order to make the dynamically transformed return value representing normal access approach to the return value when normal access is performed (i.e. when IP access is forbidden), a template may be added to method F, such as:
setting the return value as { "exist": true } or { "exist": false } randomly returned in the return,
F(O)={“exist”:[true|false]}
here [ true | false ] indicates that a random true or false is generated by the time of return.
Setting the return value as a message digest algorithm value randomly generated during return,
F(O)={“exist”:[true|false],”mkid”:[randommd5]}
here [ randommd5] indicates that a random md5 value was generated from the return.
Setting the return value as a value between 10000 and 20000 randomly generated when returning,
F(O)={“posid”:[D10000,D20000]}
[ D10000, D20000] indicates a value between 10000 and 20000 that is random from the generation of the return.
Accessing a set website, using the return value returned by the set website as the set return value,
F(O)={“data”:[URL|www.abc.com/cu=1]}
here, in the f (o) template, [ URL | www.abc.com/cu ═ 1] indicates that www.abc.com/c? And u is 1, and the accessed return value is added to the return value of A. Such a scheme is more scalable. Examples of return values are e.g., { "data": { "at": 20180808 "}.
This scheme is chosen in practical production because of its scalability. For example, we set up a server with a domain name of www.abc.com, which is used to analyze the blocking condition and carry WebServer to return to f (o). F (O) returned here may also contain all previous templates. For example, interface c may return { "posid": D10000, D20000, "' mkid": randommd5 }.
In practice, F (O) is also dynamically changed, and the server with the domain name of www.abc.com counts the number of times of blocking the interface in real time, and is written in the form of M { "a": 30, "b": 78800, "U": 299} and is emptied once every hour. Before emptying, M is traversed, an interface with the blocking times larger than a second set threshold K is found, and different F (O) methods are adopted for the interface in the next hour.
For example, M { "a": 30, "b": 78800, "U": 299}, which is the containment statistic over an hour. K10000. It can be seen that interface b is the interface that is brushed more severely. Then there is a set of alternatives f (o) for this interface, assuming that the normal return values for b are as follows:
assuming again that this hour, F (O) for interface b is:
then the next hour, change interface b's f (o) to:
this modification makes the data that the crawler-method lawless persons get in error. And it is difficult for the crawler-type lawless persons to find that they have wrong data and to cut the correctness.
The strategy of choosing f (o) at a particular hour may also use pseudo-random number method: for example, if there are M types of f (o) selectable for one c interface: and taking the system time stamp T, dividing by 1000 × 60 to obtain Tx, and constructing a pseudo-random number by taking Tx as a pseudo-random number seed. The Java code is as follows:
ChosenF=new Random(Tx*47*c.hashCode()).nextInt(M);
ChosenF is f (o) that interface c should select at the current hour.
47 is a randomly selected prime number, any larger prime number can be used, the hash code of the same c is the same, and nextInt (M) means a randomly generated natural number from 0 to M-1. The first nextInt generated by the same pseudo-random number seed is the same, which is a matter of coordination considering distributed systems.
Further preferably, as shown in fig. 3, after the marking the access IP as a forbidden IP, the method further includes:
1011. storing the forbidden IP into a forbidden IP address list in a real-time database;
1012. periodically reading the forbidden IP address list from the real-time database.
As shown in fig. 4, the invention provides a seal-inhibiting device of an anti-grabbing station system, which comprises:
the IP seal forbidding unit 21 is configured to analyze access log data in real time, and determine that when the number of times of requesting access to a specific interface within a first set time period exceeds a set threshold, the access IP is marked as a seal forbidding IP;
and a return value returning unit 22, configured to intercept the access request when the decapsulated IP sends an access request to the specific interface again, and return a dynamically convertible return value indicating normal access to the decapsulated IP address.
Further preferably, as shown in fig. 5, the apparatus further includes a return value setting unit 20 configured to:
and analyzing the access log data in real time, judging that the number of times of requesting access to a specific interface in a first set time period by the access IP exceeds a set threshold, and setting a return value returned to the forbidden IP as a dynamically-convertible return value representing normal access before marking the access IP as the forbidden IP.
Further, the apparatus further comprises:
the mode conversion unit 23 is configured to count the number of times that the forbidden IP accesses the specific interface within each second set time period after the access IP is marked as a forbidden IP;
when the next second set time period is reached, if the number of times of the forbidden IP accessing the specific interface is greater than a second set threshold value, replacing a mode generated by a return value, and clearing the number of times of the forbidden IP accessing the specific interface; otherwise, directly clearing the times of forbidding the IP to access the specific interface.
Further preferably, the pattern of return value generation includes:
accessing a set website, and taking a return value returned by the set website as the return value representing normal access; or the like, or, alternatively,
setting a return value as { "exist": true } or { "exist": false } randomly generated in the returning process; or the like, or, alternatively,
setting a return value as a message digest algorithm value randomly generated during return; or the like, or, alternatively,
setting a return value as a value between 10000 and 20000 randomly generated during return; or the like, or, alternatively,
the return value is set to a pseudo random number constructed according to a pseudo random number method.
Further preferably, as shown in fig. 6, the apparatus further comprises a data storage unit 22 and a data reading unit 23,
the data storage unit 211 is configured to store the forbidden IP into a forbidden IP address list in a real-time database after the access IP is marked as a forbidden IP;
the data reading unit 212 is configured to periodically read the forbidden IP address list from the real-time database.
Because a new blocking method is adopted in the blocking part of the anti-capture station system, lawbreakers cannot perceive that the system is blocked when the system is blocked, and cannot deduce the working principle of the anti-capture station system of the website according to the access result, thereby effectively avoiding the core data of the website from being crawled by the lawbreakers or the core interface from being massively flushed.
It should be understood that the specific order or hierarchy of steps in the processes disclosed is an example of exemplary approaches. Based upon design preferences, it is understood that the specific order or hierarchy of steps in the processes may be rearranged without departing from the scope of the present disclosure. The accompanying method claims present elements of the various steps in a sample order, and are not intended to be limited to the specific order or hierarchy presented.
In the foregoing detailed description, various features are grouped together in a single embodiment for the purpose of streamlining the disclosure. This method of disclosure is not to be interpreted as reflecting an intention that the claimed embodiments of the subject matter require more features than are expressly recited in each claim. Rather, as the following claims reflect, invention lies in less than all features of a single disclosed embodiment. Thus, the following claims are hereby expressly incorporated into the detailed description, with each claim standing on its own as a separate preferred embodiment of the invention.
The previous description of the disclosed embodiments is provided to enable any person skilled in the art to make or use the present invention. To those skilled in the art; various modifications to these embodiments will be readily apparent, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the disclosure. Thus, the present disclosure is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
What has been described above includes examples of one or more embodiments. It is, of course, not possible to describe every conceivable combination of components or methodologies for purposes of describing the aforementioned embodiments, but one of ordinary skill in the art may recognize that many further combinations and permutations of various embodiments are possible. Accordingly, the embodiments described herein are intended to embrace all such alterations, modifications and variations that fall within the scope of the appended claims. Furthermore, to the extent that the term "includes" is used in either the detailed description or the claims, such term is intended to be inclusive in a manner similar to the term "comprising" as "comprising" is interpreted when employed as a transitional word in a claim. Furthermore, any use of the term "or" in the specification of the claims is intended to mean a "non-exclusive or".
Those of skill in the art will further appreciate that the various illustrative logical blocks, units, and steps described in connection with the embodiments disclosed herein may be implemented as electronic hardware, computer software, or combinations of both. To clearly illustrate the interchangeability of hardware and software, various illustrative components, elements, and steps have been described above generally in terms of their functionality. Whether such functionality is implemented as hardware or software depends upon the particular application and design requirements of the overall system. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present embodiments.
The various illustrative logical blocks, or elements, described in connection with the embodiments disclosed herein may be implemented or performed with a general purpose processor, a digital signal processor, an Application Specific Integrated Circuit (ASIC), a field programmable gate array or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein. A general-purpose processor may be a microprocessor, but in the alternative, the processor may be any conventional processor, controller, microcontroller, or state machine. A processor may also be implemented as a combination of computing devices, e.g., a digital signal processor and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a digital signal processor core, or any other similar configuration.
The steps of a method or algorithm described in connection with the embodiments disclosed herein may be embodied directly in hardware, in a software module executed by a processor, or in a combination of the two. A software module may be stored in RAM memory, flash memory, ROM memory, EPROM memory, EEPROM memory, registers, hard disk, a removable disk, a CD-ROM, or any other form of storage medium known in the art. For example, a storage medium may be coupled to the processor such the processor can read information from, and write information to, the storage medium. In the alternative, the storage medium may be integral to the processor. The processor and the storage medium may reside in an ASIC, which may be located in a user terminal. In the alternative, the processor and the storage medium may reside in different components in a user terminal.
In one or more exemplary designs, the functions described above in connection with the embodiments of the invention may be implemented in hardware, software, firmware, or any combination of the three. If implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Computer-readable media includes both computer storage media and communication media that facilitate transfer of a computer program from one place to another. Storage media may be any available media that can be accessed by a general purpose or special purpose computer. For example, such computer-readable media can include, but is not limited to, RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to carry or store program code in the form of instructions or data structures and which can be read by a general-purpose or special-purpose computer, or a general-purpose or special-purpose processor. Additionally, any connection is properly termed a computer-readable medium, and, thus, is included if the software is transmitted from a website, server, or other remote source via a coaxial cable, fiber optic cable, twisted pair, Digital Subscriber Line (DSL), or wirelessly, e.g., infrared, radio, and microwave. Such discs (disk) and disks (disc) include compact disks, laser disks, optical disks, DVDs, floppy disks and blu-ray disks where disks usually reproduce data magnetically, while disks usually reproduce data optically with lasers. Combinations of the above may also be included in the computer-readable medium.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are merely exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (8)
1. A method of disabling a reverse grab station system, the method comprising:
analyzing access log data in real time, and when the number of times of requesting access to a specific interface within a first set time period exceeds a first set threshold value, marking the access IP as a forbidden IP;
when the forbidden IP sends an access request to the specific interface again, intercepting the access request and returning a dynamically convertible return value representing normal access to the forbidden IP;
after the access IP is marked as a forbidden IP, counting the number of times that the forbidden IP accesses the specific interface in each second set time period;
when the next second set time period is reached, if the number of times of the forbidden IP accessing the specific interface is greater than a second set threshold value, replacing a mode generated by a return value, and clearing the number of times of the forbidden IP accessing the specific interface; otherwise, directly clearing the times of forbidding the IP to access the specific interface.
2. The method of claim 1, wherein before analyzing the access log data in real time and marking the access IP as a forbidden IP when the number of times the access IP requests access to a specific interface within a first set time period exceeds a first set threshold, the method further comprises:
the return value for returning to the forbidden IP is set to a dynamically transformable return value representing normal access.
3. The method of claim 2, wherein the pattern of return value generation comprises:
accessing a set website, and taking a return value returned by the set website as the return value representing normal access; or the like, or, alternatively,
setting a return value as { "exist": true } or { "exist": false } randomly generated in the returning process; or the like, or, alternatively,
setting a return value as a message digest algorithm value randomly generated during return; or the like, or, alternatively,
setting a return value as a value between 10000 and 20000 randomly generated during return; or the like, or, alternatively,
the return value is set to a pseudo random number constructed according to a pseudo random number method.
4. The method for disabling the anti-grab station system according to claim 1, further comprising, after marking the access IP as a disabled IP:
storing the forbidden IP into a forbidden IP address list in a real-time database;
periodically reading the forbidden IP address list from the real-time database.
5. An anti-grab station system seal inhibit apparatus, the apparatus comprising:
the IP seal forbidding unit is used for analyzing the access log data in real time, and when the number of times of requesting access to a specific interface within a first set time period exceeds a first set threshold value, the access IP is marked as the seal forbidding IP;
a return value returning unit, configured to intercept the access request when the forbidden IP sends the access request to the specific interface again, and return a dynamically convertible return value indicating normal access to the forbidden IP address;
the mode conversion unit is used for counting the times of accessing the specific interface by the forbidden IP within each second set time period after the access IP is marked as the forbidden IP;
when the next second set time period is reached, if the number of times of the forbidden IP accessing the specific interface is greater than a second set threshold value, replacing a mode generated by a return value, and clearing the number of times of the forbidden IP accessing the specific interface; otherwise, directly clearing the times of forbidding the IP to access the specific interface.
6. The seal-off device of an anti-grab station system of claim 5, further comprising:
and the return value setting unit is used for analyzing the access log data in real time, and when the number of times of requesting access to a specific interface within a first set time period by the access IP exceeds a set threshold, setting the return value returned to the seal-forbidden IP as a dynamically-convertible return value representing normal access before marking the access IP as the seal-forbidden IP.
7. The apparatus of claim 6, wherein the pattern of the return value generation comprises:
accessing a set website, and taking a return value returned by the set website as the return value representing normal access; or the like, or, alternatively,
setting a return value as { "exist": true } or { "exist": false } randomly generated in the returning process; or the like, or, alternatively,
setting a return value as a message digest algorithm value randomly generated during return; or the like, or, alternatively,
setting a return value as a value between 10000 and 20000 randomly generated during return; or the like, or, alternatively,
the return value is set to a pseudo random number constructed according to a pseudo random number method.
8. The seal-inhibiting device of an anti-grab station system according to claim 7, further comprising a data storage unit and a data reading unit, wherein:
the data storage unit is used for storing the forbidden IP into a forbidden IP address list in a real-time database after the access IP is marked as the forbidden IP;
and the data reading unit is used for periodically reading the forbidden IP address list from the real-time database.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910192236.2A CN110035068B (en) | 2019-03-14 | 2019-03-14 | Sealing forbidding method and device for anti-grabbing station system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910192236.2A CN110035068B (en) | 2019-03-14 | 2019-03-14 | Sealing forbidding method and device for anti-grabbing station system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110035068A CN110035068A (en) | 2019-07-19 |
| CN110035068B true CN110035068B (en) | 2021-10-01 |
Family
ID=67236007
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910192236.2A Active CN110035068B (en) | 2019-03-14 | 2019-03-14 | Sealing forbidding method and device for anti-grabbing station system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110035068B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105187396A (en) * | 2015-08-11 | 2015-12-23 | 小米科技有限责任公司 | Method and device for identifying web crawler |
| CN106060053A (en) * | 2016-06-12 | 2016-10-26 | 上海携程商务有限公司 | Method and system for automatically identifying and cleaning abnormal connection based on firewall |
| CN106230835A (en) * | 2016-08-04 | 2016-12-14 | 摩贝(上海)生物科技有限公司 | Method based on the anti-malicious access that Nginx log analysis and IPTABLES forward |
| CN107222471A (en) * | 2017-05-26 | 2017-09-29 | 微梦创科网络科技(中国)有限公司 | A kind of recognition methods of unartificial brush functional interface and identifying system |
| CN107766727A (en) * | 2016-08-16 | 2018-03-06 | 联想(新加坡)私人有限公司 | For the device and method for allowing to conduct interviews to wrong data |
| CN108173825A (en) * | 2017-12-21 | 2018-06-15 | 北京奇安信科技有限公司 | A kind of network flow auditing method and device |
| CN108876058A (en) * | 2018-07-27 | 2018-11-23 | 南京航空航天大学 | A kind of media event influence force prediction method based on microblogging |
| CN109246070A (en) * | 2018-06-28 | 2019-01-18 | 中译语通科技股份有限公司 | A kind of method that anti-data crawl |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9361446B1 (en) * | 2014-03-28 | 2016-06-07 | Amazon Technologies, Inc. | Token based automated agent detection |
-
2019
- 2019-03-14 CN CN201910192236.2A patent/CN110035068B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105187396A (en) * | 2015-08-11 | 2015-12-23 | 小米科技有限责任公司 | Method and device for identifying web crawler |
| CN106060053A (en) * | 2016-06-12 | 2016-10-26 | 上海携程商务有限公司 | Method and system for automatically identifying and cleaning abnormal connection based on firewall |
| CN106230835A (en) * | 2016-08-04 | 2016-12-14 | 摩贝(上海)生物科技有限公司 | Method based on the anti-malicious access that Nginx log analysis and IPTABLES forward |
| CN107766727A (en) * | 2016-08-16 | 2018-03-06 | 联想(新加坡)私人有限公司 | For the device and method for allowing to conduct interviews to wrong data |
| CN107222471A (en) * | 2017-05-26 | 2017-09-29 | 微梦创科网络科技(中国)有限公司 | A kind of recognition methods of unartificial brush functional interface and identifying system |
| CN108173825A (en) * | 2017-12-21 | 2018-06-15 | 北京奇安信科技有限公司 | A kind of network flow auditing method and device |
| CN109246070A (en) * | 2018-06-28 | 2019-01-18 | 中译语通科技股份有限公司 | A kind of method that anti-data crawl |
| CN108876058A (en) * | 2018-07-27 | 2018-11-23 | 南京航空航天大学 | A kind of media event influence force prediction method based on microblogging |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110035068A (en) | 2019-07-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108345642B (en) | Method, storage medium and server for crawling website data by proxy IP | |
| US11095675B1 (en) | System and method for identifying system vulnerabilities | |
| CN107579956B (en) | User behavior detection method and device | |
| CN110602029B (en) | Method and system for identifying network attack | |
| CN108363657B (en) | Method, equipment and medium for monitoring integrity of embedded data acquisition of APP client | |
| CN104731690B (en) | Adaptive metrology collection, storage and warning threshold | |
| US9948676B2 (en) | System and method for securing documents prior to transmission | |
| CN109241733A (en) | Crawler Activity recognition method and device based on web access log | |
| CN110650117B (en) | Cross-site attack protection method, device, equipment and storage medium | |
| CN106302534B (en) | A kind of method and system of detection and processing illegal user | |
| CN114363044B (en) | Hierarchical alarm method, hierarchical alarm system, storage medium and terminal | |
| CN110489315B (en) | Operation request tracking method, operation request tracking device and server | |
| CN104579773A (en) | Domain name system analysis method and device | |
| CN109948335B (en) | System and method for detecting malicious activity in a computer system | |
| CN114020735A (en) | Method, device and equipment for reducing noise of safety alarm log and storage medium | |
| CN105260378A (en) | Database audit method and device | |
| CN106411819A (en) | Method and apparatus for recognizing proxy Internet protocol address | |
| CN112019546B (en) | Protection strategy adjusting method, system, equipment and computer storage medium | |
| CN110035068B (en) | Sealing forbidding method and device for anti-grabbing station system | |
| CN104811418B (en) | The method and device of viral diagnosis | |
| CN104219219B (en) | A kind of method of data processing, server and system | |
| CN112769739B (en) | Database operation violation processing method, device and equipment | |
| CN109492146B (en) | Method and device for preventing WEB crawler | |
| CN114826727B (en) | Flow data acquisition method, device, computer equipment and storage medium | |
| CN104348712B (en) | A kind of rubbish mail filtering method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |