CN110502896B - Leakage monitoring method and system for website information and related device - Google Patents

Leakage monitoring method and system for website information and related device Download PDF

Info

Publication number
CN110502896B
CN110502896B CN201910802872.2A CN201910802872A CN110502896B CN 110502896 B CN110502896 B CN 110502896B CN 201910802872 A CN201910802872 A CN 201910802872A CN 110502896 B CN110502896 B CN 110502896B
Authority
CN
China
Prior art keywords
honeypot
information
account
website
login
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910802872.2A
Other languages
Chinese (zh)
Other versions
CN110502896A (en
Inventor
姚吉
范渊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Dbappsecurity Technology Co Ltd
Original Assignee
Hangzhou Dbappsecurity Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Dbappsecurity Technology Co Ltd filed Critical Hangzhou Dbappsecurity Technology Co Ltd
Priority to CN201910802872.2A priority Critical patent/CN110502896B/en
Publication of CN110502896A publication Critical patent/CN110502896A/en
Application granted granted Critical
Publication of CN110502896B publication Critical patent/CN110502896B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/556Detecting local intrusion or implementing counter-measures involving covert channels, i.e. data leakage between processes

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

The application provides a website information leakage monitoring method, which comprises the following steps: registering a honeypot account in the detected website by using a preset mailbox; judging whether the honeypot account is in a login state or not according to the preset mailbox; if so, determining login information of the login user; sending alarm information to a service background corresponding to the honeypot account; wherein, the alarm information comprises the login information. According to the login state of the honeypot account registered by the detected website, the information leakage condition can be quickly found. Meanwhile, the detected website is not invasive, the detected website does not need to be changed, and the website information leakage can be monitored while the normal operation of the website is not influenced. The application also provides a system for monitoring the leakage of the website information, a computer readable storage medium and a terminal for monitoring the leakage of the website information, which have the beneficial effects.

Description

Leakage monitoring method and system for website information and related device
Technical Field
The present application relates to the field of information security, and in particular, to a method, a system, and a related device for monitoring website information leakage.
Background
In the 21 st century, with the continuous development of information technology, the information security problem is prominent. Due to the fact that the security construction of part of online information systems is incomplete, hackers can take advantage of the security construction, and can utilize the loophole of the system to invade the system and steal internal information of the system. The most harmful of the method is the stealing and leakage of the personal account information of the user, and besides the invasion of the personal privacy of the user, the method also seriously harms the economic property safety of the user. Especially, a large number of users tend to set the same user name and password for different websites, and once a certain service system is broken, the influence often occurs, and immeasurable threats and injuries are generated to the users.
Disclosure of Invention
The purpose of the application is to provide a website information leakage monitoring method and system, a computer readable storage medium and a website information leakage monitoring terminal, which can alarm website information leakage in time and reduce user loss.
In order to solve the technical problem, the application provides a method for monitoring website information leakage, which has the following specific technical scheme:
registering a honeypot account in the detected website by using a preset mailbox;
judging whether the honeypot account is in a login state or not according to the preset mailbox;
if so, determining login information of the login user;
sending alarm information to a service background corresponding to the honeypot account; wherein, the alarm information comprises the login information.
The method for registering the honey pot account number on the detected website by using the preset mailbox further comprises the following steps:
and filling in personal information corresponding to the honeypot account, and recording the honeypot account and the corresponding service background into a database.
The registration of the honeypot account number on the detected website by using the preset mailbox comprises the following steps:
and respectively registering the low-security honeypot account and the high-security honeypot account in the detected website by using a preset mailbox.
Wherein, judging whether the honeypot account is in a login state according to the preset mailbox comprises:
and sending the account list containing all honeypot accounts to a mailbox management server so that the mailbox management server detects whether the honeypot accounts are in a login state.
The present application further provides a website information leakage monitoring system, including:
the registration module is used for registering the honeypot account number in the detected website by using a preset mailbox;
the judging module is used for judging whether the honeypot account is in a login state or not according to the preset mailbox;
the information confirmation module is used for determining the login information of the login user if the judgment result of the judgment module is yes;
the warning module is used for sending warning information to a service background corresponding to the honeypot account; wherein, the alarm information comprises the login information.
Wherein, still include:
and the information input module is used for filling the personal information corresponding to the honeypot account and inputting the honeypot account and the corresponding service background into a database.
Wherein the registration module comprises:
and the registration unit is used for respectively registering the low-security honeypot account and the high-security honeypot account in the detected website by using a preset mailbox.
Wherein, the judging module comprises:
and sending the account list containing all honeypot accounts to a mailbox management server so that the mailbox management server detects whether the honeypot accounts are in a login state.
The present application further provides a computer-readable storage medium having stored thereon a computer program which, when being executed by a processor, carries out the steps of the leak monitoring method as described above.
The application also provides a website information leakage monitoring terminal which comprises a memory and a processor, wherein a computer program is stored in the memory, and the steps of the leakage monitoring method are realized when the processor calls the computer program in the memory.
The application provides a website information leakage monitoring method, which comprises the following steps: registering a honeypot account in the detected website by using a preset mailbox; judging whether the honeypot account is in a login state or not according to the preset mailbox; if so, determining login information of the login user; sending alarm information to a service background corresponding to the honeypot account; wherein, the alarm information comprises the login information.
According to the method and the device, the information leakage condition can be quickly found according to the login state of the honeypot account registered by the detected website. Meanwhile, the detected website is not invasive, the detected website does not need to be changed, and the website information leakage can be monitored while the normal operation of the website is not influenced. The application also provides a website information leakage monitoring system, a computer readable storage medium and a website information leakage monitoring terminal, which have the beneficial effects and are not repeated herein.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, it is obvious that the drawings in the following description are only embodiments of the present application, and for those skilled in the art, other drawings can be obtained according to the provided drawings without creative efforts.
Fig. 1 is a flowchart of a method for monitoring leakage of website information according to an embodiment of the present disclosure;
fig. 2 is a schematic structural diagram of a leakage monitoring system for website information according to an embodiment of the present disclosure.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, fig. 1 is a flowchart of a method for monitoring leakage of website information according to an embodiment of the present application, where the method for monitoring leakage includes:
s101: registering a honeypot account in the detected website by using a preset mailbox;
this step aims at establishing the honeypot account. Honeypot accounts are only used for defense or monitoring against lawless persons or hackers. The method comprises the steps of utilizing a preset mailbox to register honeypot accounts, specifically, utilizing the preset mailbox to register low-security honeypot accounts and high-security honeypot accounts on a detected website, filling personal information corresponding to the honeypot accounts, and recording the honeypot accounts and corresponding business backgrounds into a database.
The honeypot account of the monitored website is automatically registered, generally, one website registers two accounts, one uses a low-strength password, namely a low-security honeypot account, and the other uses a high-strength password, namely a high-security honeypot account, namely, the security degree of the honeypot account is determined according to the password strength. The password strength is mainly determined by the type and the number of digits of the password, and generally, the password has various combinations such as two combinations of characters, numbers, letters and the like or any combination. If the low-strength account is broken and the high-strength password account is not broken, the hacker obtains the user information by brute force cracking with high probability; if the high-strength password is also compromised, the description may be dragged to the library, and the database may be a plaintext store. The mailbox address for each account is different for all monitored systems.
The establishing of the honeypot account specifically may include the following steps:
step a): generating a mailbox account;
step b): generating more real user information including full name, address, mobile phone number, birthday and the like so as to enable account information to be more credible;
step c): and recording the honeypot account and the corresponding monitored service system information into a database for later-stage inspection.
S102: judging whether the honeypot account is in a login state or not according to a preset mailbox; if yes, entering S103;
this step is intended to detect the login status of the honeypot account. If the honeypot account is logged in, the information corresponding to the account is revealed, because the user name and the password of each honeypot account are only known by the monitoring system, if others log in the account, the user name and the information of the account are known by others than the monitoring system.
Preferably, the step can be realized by the following steps: and sending the account list containing all honeypot accounts to a mailbox management server so that the mailbox management server detects whether the honeypot accounts are in a login state. In brief, monitoring is carried out by using a mailbox management server corresponding to a mailbox of a registered account
The method specifically comprises the following steps:
step a): providing the honeypot account list to a mailbox provider;
step b): and the mailbox provider detects that the account in the honeypot list is logged in, and automatically sends login information to the monitoring system through the interface.
S103: determining login information of a login user;
the step aims to determine login information of a login user according to the logged honeypot account. After cracking the user information, a hacker is easy to relax and vigilant, and logs in the stolen mailbox without disguising, so that the hacker can easily leave the real information of the hacker and find the corresponding hacker according to the IP.
S104: sending alarm information to a service background corresponding to the honeypot account; wherein, the alarm information comprises login information.
After the login information is determined, the identity and IP of a hacker are clarified, and at the moment, alarm information is sent to a service background of the honeypot account. The service background mainly refers to a background server of the detected website, that is, the website is indicated to be considered as an attack target by a hacker and information leakage exists. Meanwhile, the alarm information is accompanied by login information, and the background server can realize filtering processing according to the login information once, so that further website information leakage risks are avoided.
According to the method and the device, the information leakage condition can be quickly found according to the login state of the honeypot account registered by the detected website. Meanwhile, the detected website is not invasive, the detected website does not need to be changed, and the website information leakage can be monitored while the normal operation of the website is not influenced.
In the following, a leakage monitoring system for website information provided by an embodiment of the present application is introduced, and the leakage monitoring system described below and the leakage monitoring method described above may be referred to correspondingly.
Referring to fig. 2, fig. 2 is a schematic structural diagram of a website information leakage monitoring system according to an embodiment of the present application, and the present application further provides a website information leakage monitoring system, including:
the registration module 100 is used for registering a honeypot account in the detected website by using a preset mailbox;
the judging module 200 is used for judging whether the honeypot account is in a login state according to a preset mailbox;
the information confirmation module 300 is configured to determine login information of the login user if the judgment result of the judgment module is yes;
the warning module 400 is configured to send warning information to a service background corresponding to the honeypot account; wherein, the alarm information comprises login information.
Based on the above embodiment, as a preferred embodiment, the leakage monitoring system may further include:
and the information input module is used for filling the personal information corresponding to the honeypot account and inputting the honeypot account and the corresponding service background into the database.
Based on the above embodiment, as a preferred embodiment, the registration module 100 may include:
and the registration unit is used for respectively registering the low-security honeypot account and the high-security honeypot account in the detected website by using a preset mailbox.
Based on the above embodiment, as a preferred embodiment, the determining module 200 may include:
and sending the account list containing all honeypot accounts to a mailbox management server so that the mailbox management server detects whether the honeypot accounts are in a login state.
The present application further provides a computer-readable storage medium, on which a computer program is stored, where the computer program can implement the steps of the method for monitoring website information leakage provided by the foregoing embodiments when executed. The storage medium may include: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The application further provides a website information leakage monitoring terminal, which may include a memory and a processor, where the memory stores a computer program, and when the processor calls the computer program in the memory, the steps of the website information leakage monitoring method provided in the foregoing embodiment may be implemented. Certainly, the leakage monitoring terminal of the website information may further include various network interfaces, power supplies and other components.
The embodiments are described in a progressive manner in the specification, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. For the system provided by the embodiment, the description is relatively simple because the system corresponds to the method provided by the embodiment, and the relevant points can be referred to the method part for description.
The principles and embodiments of the present application are explained herein using specific examples, which are provided only to help understand the method and the core idea of the present application. It should be noted that, for those skilled in the art, it is possible to make several improvements and modifications to the present application without departing from the principle of the present application, and such improvements and modifications also fall within the scope of the claims of the present application.
It is further noted that, in the present specification, relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.

Claims (6)

1. A method for monitoring leakage of website information is characterized by comprising the following steps:
registering a honeypot account in the detected website by using a preset mailbox;
judging whether the honeypot account is in a login state or not according to the preset mailbox;
if so, determining login information of the login user;
sending alarm information to a service background corresponding to the honeypot account; wherein, the alarm information comprises the login information;
the registration of the honeypot account number on the detected website by using the preset mailbox comprises the following steps:
respectively registering a low-security honeypot account and a high-security honeypot account on a detected website by using a preset mailbox;
wherein, judging whether the honeypot account is in a login state according to the preset mailbox comprises:
and sending the account list containing all honeypot accounts to a mailbox management server so that the mailbox management server detects whether the honeypot accounts are in a login state.
2. The leakage monitoring method according to claim 1, wherein the registering the honeypot account at the detected website by using the preset mailbox further comprises:
and filling in personal information corresponding to the honeypot account, and recording the honeypot account and the corresponding service background into a database.
3. A system for monitoring leakage of website information, comprising:
the registration module is used for registering the honeypot account number in the detected website by using a preset mailbox;
the judging module is used for judging whether the honeypot account is in a login state or not according to the preset mailbox;
the information confirmation module is used for determining the login information of the login user if the judgment result of the judgment module is yes;
the warning module is used for sending warning information to a service background corresponding to the honeypot account; wherein, the alarm information comprises the login information;
wherein the registration module comprises:
the registration unit is used for respectively registering the low-security honeypot account and the high-security honeypot account on the detected website by using a preset mailbox;
the judging module comprises:
and sending the account list containing all honeypot accounts to a mailbox management server so that the mailbox management server detects whether the honeypot accounts are in a login state.
4. The leak monitoring system of claim 3, further comprising:
and the information input module is used for filling the personal information corresponding to the honeypot account and inputting the honeypot account and the corresponding service background into a database.
5. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the leak monitoring method according to any one of claims 1-2.
6. A website information leakage monitoring terminal, comprising a memory and a processor, wherein the memory stores a computer program, and the processor implements the steps of the leakage monitoring method according to any one of claims 1-2 when calling the computer program in the memory.
CN201910802872.2A 2019-08-28 2019-08-28 Leakage monitoring method and system for website information and related device Active CN110502896B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910802872.2A CN110502896B (en) 2019-08-28 2019-08-28 Leakage monitoring method and system for website information and related device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910802872.2A CN110502896B (en) 2019-08-28 2019-08-28 Leakage monitoring method and system for website information and related device

Publications (2)

Publication Number Publication Date
CN110502896A CN110502896A (en) 2019-11-26
CN110502896B true CN110502896B (en) 2021-07-27

Family

ID=68589930

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910802872.2A Active CN110502896B (en) 2019-08-28 2019-08-28 Leakage monitoring method and system for website information and related device

Country Status (1)

Country Link
CN (1) CN110502896B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111143844B (en) * 2019-12-25 2022-01-28 杭州安恒信息安全技术有限公司 Safety detection method and system for Internet of things equipment and related device
CN113434871B (en) * 2021-07-15 2023-03-14 支付宝(杭州)信息技术有限公司 Information leakage detection method, device and equipment

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102098285A (en) * 2010-12-14 2011-06-15 成都市华为赛门铁克科技有限公司 Method and device for preventing phishing attacks
CN103746956A (en) * 2012-09-28 2014-04-23 瞻博网络公司 Virtual honeypot
CN104980423A (en) * 2014-11-26 2015-10-14 哈尔滨安天科技股份有限公司 Advanced persistent threat trapping system and method
CN105376210A (en) * 2014-12-08 2016-03-02 哈尔滨安天科技股份有限公司 Account threat identification and defense method and system
CN107465642A (en) * 2016-06-02 2017-12-12 百度在线网络技术(北京)有限公司 A kind of method and device for judging account abnormal login
CN109067780A (en) * 2018-09-17 2018-12-21 平安科技(深圳)有限公司 Detection method, device, computer equipment and the storage medium of crawler user
CN109474510A (en) * 2017-12-25 2019-03-15 北京安天网络安全技术有限公司 A kind of E mail safety intersects auditing method, system and storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9379912B2 (en) * 2010-12-08 2016-06-28 At&T Intellectual Property I, L.P. Mitigating email SPAM attacks
IL232528A0 (en) * 2014-05-08 2014-08-31 Rami Puzis Social network honeypot
US10476908B2 (en) * 2015-08-10 2019-11-12 Allure Security Technology Inc. Generating highly realistic decoy email and documents

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102098285A (en) * 2010-12-14 2011-06-15 成都市华为赛门铁克科技有限公司 Method and device for preventing phishing attacks
CN103746956A (en) * 2012-09-28 2014-04-23 瞻博网络公司 Virtual honeypot
CN104980423A (en) * 2014-11-26 2015-10-14 哈尔滨安天科技股份有限公司 Advanced persistent threat trapping system and method
CN105376210A (en) * 2014-12-08 2016-03-02 哈尔滨安天科技股份有限公司 Account threat identification and defense method and system
CN107465642A (en) * 2016-06-02 2017-12-12 百度在线网络技术(北京)有限公司 A kind of method and device for judging account abnormal login
CN109474510A (en) * 2017-12-25 2019-03-15 北京安天网络安全技术有限公司 A kind of E mail safety intersects auditing method, system and storage medium
CN109067780A (en) * 2018-09-17 2018-12-21 平安科技(深圳)有限公司 Detection method, device, computer equipment and the storage medium of crawler user

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
《基于蜜罐的主动防御应用研究》;杨德全等;《网络与信息安全学报》;20180131;第4卷(第1期);第57-63页 *

Also Published As

Publication number Publication date
CN110502896A (en) 2019-11-26

Similar Documents

Publication Publication Date Title
CN104092542B (en) A kind of account login method, Apparatus and system
US10848505B2 (en) Cyberattack behavior detection method and apparatus
US9137257B2 (en) Anti-phishing filter
EP3264720B1 (en) Using dns communications to filter domain names
CN105939326B (en) Method and device for processing message
CN104917716B (en) Page security management method and device
CN105577608B (en) Network attack behavior detection method and device
CN109660556B (en) User login method, device, equipment and storage medium based on information security
US20070056022A1 (en) Two-factor authentication employing a user's IP address
CN118449719A (en) Network identity authentication method and system and user agent equipment used by same
CN107295116B (en) Domain name resolution method, device and system
KR100745044B1 (en) Apparatus and method for protecting access of phishing site
US8601574B2 (en) Anti-phishing methods based on an aggregate characteristic of computer system logins
CN104468611A (en) Data security processing method and device based on dual-system switching
US11770385B2 (en) Systems and methods for malicious client detection through property analysis
CN111726364B (en) Host intrusion prevention method, system and related device
US8959626B2 (en) Detecting a suspicious entity in a communication network
CN108156270B (en) Domain name request processing method and device
JP2015225500A (en) Authentication information theft detection method, authentication information theft detection device, and program
CN110502896B (en) Leakage monitoring method and system for website information and related device
CN106209907B (en) Method and device for detecting malicious attack
CN109547427B (en) Blacklist user identification method and device, computer equipment and storage medium
CN110851819A (en) Multi-application access authority control method and device and electronic equipment
KR100985750B1 (en) System for issuing a substitution number substituted for the resident's registration number
CN114268475A (en) Malicious script intercepting method, system, server and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant