CN110659439A - Black chain protection method, device, equipment and storage medium - Google Patents
Black chain protection method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN110659439A CN110659439A CN201910898601.1A CN201910898601A CN110659439A CN 110659439 A CN110659439 A CN 110659439A CN 201910898601 A CN201910898601 A CN 201910898601A CN 110659439 A CN110659439 A CN 110659439A
- Authority
- CN
- China
- Prior art keywords
- information
- page information
- black chain
- response page
- black
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/958—Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/955—Retrieval from the web using information identifiers, e.g. uniform resource locators [URL]
- G06F16/9566—URL specific, e.g. using aliases, detecting broken or misspelled links
Landscapes
- Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The application provides a black chain protection method, a device, equipment and a storage medium, wherein the method comprises the following steps: acquiring response page information; the response page information is corresponding page information returned by the server according to the request webpage address of the client; determining black chain information in the response page information; and after removing the black chain information in the response page information, sending the response page information to the client. The black chain protection method in at least one embodiment of the present description does not depend on a website administrator to look up a source code, reduces labor cost, ensures real-time black chain protection on a web page, and sends the web page to a client after removing black chains by filtering, without affecting normal service access.
Description
Technical Field
The present application relates to the field of internet technologies, and in particular, to a black chain protection method, apparatus, device, and storage medium.
Background
The black chain refers to a dark chain which is invisible but can be weighted by a search engine, and refers to a reverse link of other webpages acquired by an abnormal means. The most common black chain is to acquire the search engine weight or the management authority code (Webshell) of a webpage with a higher PR (PageRank) through various webpage program bugs, and then link the webpage with the black webpage. The black chain is one of the most effective and rapid methods for cheating in a search engine, and is particularly used in the business of riot interest, such as games, lotteries and the like. When the visitor clicks the black-chain website, the visitor is guided to the relevant game and lottery website, which seriously affects the normal service access of the website.
In the prior art, the black chain protection is to open a website source code frequently by a website administrator, look up whether a black chain exists in a source code hyperlink, delete a black chain part code if the black chain is hung, set the website as an unwritable authority to prevent the black chain from being hung again, and open the authority when the website needs to be updated. However, the above black chain protection method depends on the frequency of looking up the website source code by the website administrator, which results in higher labor cost, and cannot ensure real-time black chain protection, and the website may still be hung with a black chain in a certain time period to affect normal service access.
Disclosure of Invention
At least one embodiment of the present disclosure provides a black chain protection method and apparatus, so as to reduce labor cost of black chain protection and improve black chain protection efficiency.
In a first aspect, a black chain protection method is provided, including:
acquiring response page information; the response page information is corresponding page information returned by the server according to the request webpage address of the client;
determining black chain information in the response page information;
and after removing the black chain information in the response page information, sending the response page information to the client.
In a second aspect, there is provided a black chain guard, the device comprising:
the page acquisition module is used for acquiring response page information; the response page information is corresponding page information returned by the server according to the request webpage address of the client;
the black chain determining module is used for determining black chain information in the response page information;
and the black chain removing module is used for removing the black chain information in the response page information and then sending the black chain information to the client.
In a third aspect, a computer device is provided, comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the following steps when executing the program:
acquiring response page information; the response page information is corresponding page information returned by the server according to the request webpage address of the client;
determining black chain information in the response page information;
and after removing the black chain information in the response page information, sending the response page information to the client.
In a fourth aspect, a computer-readable storage medium is provided, on which a computer program is stored which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 6.
According to the technical scheme, in at least one embodiment of the specification, after the client requests the server for the website page information corresponding to the webpage address, the black chain information in the website page information is determined by acquiring the response page information, and the determined black chain information is removed and sent to the client. The method does not depend on a website administrator to look up the source code, reduces the labor cost, ensures real-time black chain protection on the webpage, filters and removes the black chain, and sends the black chain to the client, so that normal service access is not influenced.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the specification.
Drawings
FIG. 1 is a flow diagram illustrating a method of black chain protection in accordance with an exemplary embodiment;
FIG. 2 is a flow diagram illustrating another method of black chain protection in accordance with an exemplary embodiment;
FIG. 3 is a schematic diagram illustrating a black chain removal according to an exemplary embodiment;
FIG. 4 is a schematic view of a black chain guard shown in accordance with an exemplary embodiment;
FIG. 5 is a schematic view of another black chain guard shown in accordance with an exemplary embodiment.
Detailed Description
Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with the present specification. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the specification, as detailed in the appended claims.
The terminology used in the description herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the description. As used in this specification and the appended claims, the singular forms "a", "an", and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information, without departing from the scope of the present specification. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.
In practical application, after receiving the response page information sent by the server, the network device does not perform other operations, but directly forwards the response page information to the client. If the response page information contains a black chain, the client can directly jump to a black chain website after receiving the response page information, so that normal service access is influenced. The existing black chain protection method depends on that a website administrator frequently refers to source codes, deletes the black chain after finding the black chain, and enhances the website management authority. Therefore, the labor cost is high, a website administrator is required to have a high black chain cognitive level, the real-time protection of the black chain cannot be achieved, and the client can still receive response page information with the black chain in a certain period of time to influence normal service access.
Based on the above problems, at least one embodiment of the present specification provides a black chain protection scheme, where after receiving the response page information, the network device confirms and removes the black chain, and ensures that the response page information sent to the client is complete and does not include the black chain in real time, thereby ensuring normal service access of the website.
The black chain protection scheme provided by at least one embodiment of the present specification is implemented based on the network device receiving the response page information sent by the server. In the embodiment, a network device may be taken as an execution subject, but it is understood that any alternative product (including software and hardware) capable of completing the other steps in place of the network device can be regarded as a "network device", such as a router, a switch, a firewall, a server, and the like.
In one example, a "network device" if a non-server device, may be disposed between a client and a server that provides the corresponding server. For example, the network device may be a network device which is closer to the server between the client and the corresponding server, so that the black chain can be protected in time after the server sends the response page information, and the possibility of transmitting the page information carrying the black chain in the network is reduced to the greatest extent.
The following detailed description is to be read in connection with the appended drawings and the specific embodiments:
referring to fig. 1, fig. 1 is a flowchart of a black chain protection method according to an embodiment. The method is applied to the network equipment.
As shown in fig. 1, the process includes:
step 101, acquiring response page information; the response page information is corresponding page information returned by the server according to the request webpage address of the client.
And the network equipment receives the response page information sent by the server and acquires the response page information.
And 102, determining black chain information in the response page information.
In this step, the network device checks all hyperlinks in the source code of the response page information to confirm that the hyperlinks are black-chain information.
In one example, the determining black chain information in the response page information in this step includes: extracting hyperlinks in the response page information; if the preset white list does not contain the hyperlink, the hyperlink is determined to be a black chain; at least one hyperlink that is not a black chain is stored in the whitelist.
The mechanism for utilizing the white list is specifically as follows: firstly, a white list is set, all hyperlinks in the original page information of the website without black chain confirmed by website management personnel are stored in the white list, namely all hyperlinks required by normal service access of the website are stored in the white list, and the hyperlinks are considered as legal connections. Specifically, the network device extracts all hyperlinks from the source code file according to the acquired response page information, compares the extracted hyperlinks with hyperlinks in a white list, and directly determines that the extracted hyperlinks are black links if the extracted hyperlinks are found not to exist in the white list.
The white list is composed of all hyperlinks used by corresponding website pages, so the number of the hyperlinks in the white list is limited, and the determination of the white list is more convenient and specific. In the white list mechanism, the hyperlinks except the hyperlinks used in the web page are considered to be black chains.
In one example, the determining black chain information in the response page information in this step includes: extracting hyperlinks in the response page information; if the preset blacklist contains the hyperlink, confirming that the hyperlink is a black chain; at least one hyperlink that is a black chain is stored in the blacklist.
The mechanism for utilizing the blacklist is specifically as follows: firstly, setting a blacklist, wherein a black chain in the blacklist can be set according to the experience of a website administrator, and adding a website hyperlink which is frequently subjected to black chain hanging operation into the blacklist. Specifically, the network device extracts all hyperlinks from the source code file according to the acquired response page information, compares the extracted hyperlinks with hyperlinks in a blacklist, and directly determines that the extracted hyperlinks are black links if the extracted hyperlinks exist in the blacklist.
Since the blacklist is set according to the experience of the website administrator, the personal experience of the website administrator can be fully exerted. In the implementation of the actual black chain protection method, the mechanisms of the white list and the black list can be used alternatively or in combination, and the present specification is not limited, but only serves as an example of the method for determining the black chain.
In one example, both the white list and the black list should be checked and updated periodically, which may be done by a website administrator or periodically updated by a network device.
In another example, after determining the black chain information, the network device sends the black chain information to the website management terminal, and the website management personnel can eradicate the black chain according to the black chain information to strengthen the website management authority.
And 103, removing the black chain information in the response page information, and sending the response page information to the client.
In this step, the network device removes the black chain information determined in step 102, that is, removes the hyperlinks and the related information belonging to the black chain in the source code of the response page information, and then sends the response page information from which the black chain information is removed to the client.
According to the black chain protection method, after the network equipment receives the response page information, the black chain information in the response page information is determined and removed, and the response page information with the black chain removed is sent to the client, so that the response page information sent to the client is complete and does not contain the black chain, and normal service access of a website is guaranteed. In addition, the method automatically finishes the detection and the processing of the black chain by the network equipment, reduces the labor cost of the black chain protection, and also improves the efficiency of the black chain protection.
Referring to fig. 2, fig. 2 is a flowchart illustrating another black chain protection method according to an embodiment of the present disclosure.
In this embodiment, a client, a network device, and a server are used as main interactive objects for description. In order to improve the efficiency of black chain detection, after the network device acquires the response page information, the network device may partition the response page information and perform black chain detection only on the changed area portion. As described below, the black chain protection method will be described in the form of such a partition, but it is understood that the present invention is not limited thereto, for example, the network device may not perform the partition, and may detect all the contents in the response page information.
As shown in fig. 2, the flow of the present embodiment includes the following steps:
in the first stage, which is the preparation stage of the present embodiment, the method includes:
step 200: storing original page information
When the technical solution of at least one embodiment of the present specification is implemented, first, the network device needs to store original page information in advance, including storing a source code of the original page information in a text form, where there are multiple implementation manners.
In one implementation, after the website developer completes website development, the complete page information without black links is stored in the network device as the original page information. In another implementation, the network device serves as a "client" to request page information corresponding to the website from the server, and after receiving response page information sent by the server, the network device stores the page information locally. In the latter implementation, when the website administrator is required to ensure that the network device "sends a request as a client", the response page information in the server is complete and does not include the page information of the black chain. The second implementation may be initiated, for example, when the website administrator checks to ensure that no black links exist with the website.
Optionally, when storing the original page information, the original page information may be classified and stored according to a URL (Uniform Resource Locator) of a website, so as to search for corresponding page information using the URL.
Step 201: receiving a request for requesting page information corresponding to a website sent by a client
When a client wants to open a certain website, a corresponding website request needs to be sent to a server.
In this embodiment, the client sends the website request message to the network device, and forwards the website request message to the server by means of the network device. In another example, the client may send the website request message directly to the server.
Step 202: forwarding client request messages
In step 201, after the client sends the website request message to the network device, the network device forwards the received website request message to the corresponding server. After receiving the website request message sent by the client, the network device further extracts URL information corresponding to the website from the website request message, and searches original page information pre-stored in the corresponding network device by using the URL.
If the client directly sends the website request message to the server in step 201, the step is omitted and the process directly jumps to step 203.
Step 203: receiving response page information
And the server sends the response page information to the network equipment according to the request information sent by the client. Whether the website request message in step 201 is forwarded to the server via the network device, the network device needs to receive the page information responded by the server to obtain the response page information.
In the second stage, the area dividing stage (as described above, the efficiency of black chain detection can be improved by partitioning the response page information, but the second stage is not limited to partitioning, and may detect all the contents of the response page information without partitioning) in this embodiment includes:
step 204: comparing the response page information with the original page information
In this step, the original page information is page information that is pre-stored, does not include a black chain, and corresponds to the request web address. Specifically, the network device compares the source code of the response page information with the source code of the original page information, and performs area division according to different points of the source codes to determine a changed area and an unchanged area which are not changed.
Step 205: determining unchanged areas and changed areas of the response page
The unchanged area of the response page is an area which is unchanged after the source code of the response page information is compared with the original page information. The unchanged area is understood as an area consistent with the corresponding position information in the original page information, so that the fact that no black chain information exists can be determined, the steps of determining the black chain and removing the black chain are not needed, and the unchanged area can be subjected to retention processing.
The response page change area is an area where the response page information changes after being compared with the original page information by the source code. For example, the network device searches for pre-stored corresponding original page information according to the URL requested by the client website, and performs text comparison between the source code of the response page information and the source code of the original page information. If the text lengths of the two are not consistent or the contents of the two are different (namely the source code of the response page information is added or deleted or modified somewhere relative to the source code of the original page information), determining the changed area as a changed area; and if the text length and the content of the two are consistent, determining the unchanged area as the unchanged area.
In one example, after detecting the "change area", the network device sends the change area information to the website management terminal, so that the website administrator determines whether to update the original page information stored in the network device. If the 'change area' has a black chain, a website administrator is required to perform black chain 'eradication' on the webpage information stored by the server, and relevant security protection (such as FTP password modification and management authority modification) is performed.
In one example, an area in the changed area where the response page information is modified compared with the original page information is determined as an information modification area. For example, the source code of the response page information is compared with the source code of the original page information in a text mode, and if the text contents of the two are different, the area is determined to be an information modification area.
In one example, an area in the changed area where the response page information is increased in comparison with the original page information is determined as an information increasing area. For example, the source code of the response page information is compared with the source code of the original page information in a text mode, and if the text lengths of the two are not consistent, the inconsistent area is determined to be an information adding area.
In the third stage, the black chain determining and removing stage of the present embodiment includes:
step 206: determining black chain information in the response page
In this step, the network device may perform black-chain detection on the hyperlink in the response page information by using a mechanism of a white list or a black list, or a combination of the white list and the black list, to determine the black-chain information in the response page. In this embodiment, the network device only performs black chain detection on the "change area" in step 205, and compared with detecting all contents of the response page information, the detection content is reduced, the detection efficiency is improved, and the black chain protection efficiency is improved as a whole. It is assumed that black chain information is found in both the information modification area and the information addition area in said step 205 after detection.
Step 207: removing the black chain information in the response page information
Determining that the black chain information in the response page information is in the information modification area through step 206, wherein the black chain information in the information modification area is replaced by the corresponding content in the original page information, and the page information of the non-black chain in the modification area is continuously reserved.
The black chain information in the response page information is determined in the information adding area through step 206, and the specific implementation manner of this step is to delete the black chain information in the information adding area, and keep the page information of the added area which is not the black chain.
The following describes step 206 and step 207 by way of example. As shown in fig. 3, it is assumed that the original page information is a (r, c), the response page information is b (r, c', c), and c is modified with respect to c, and a part of c is added to b. And (4) the network equipment determines that the areas (i), (iii) and (iv) in the step (b) are unchanged through comparison, and retains the original part of information. Determining the changed area as the information modifying area, determining the changed area as the information adding area, and determining that the changed area and the changed area are black chains through a white list mechanism. And the network equipment performs information coverage of the same region by using the second corresponding position in the second part, and deletes the fourth part to obtain the page information c (the first part, the second part, the third part and the fifth part) of the A website after the black chain is removed. If determining that the page is a black chain and the page is not a black chain, covering the same-region information by using the second corresponding position in the first corresponding position, and keeping the fourth corresponding position to obtain the page information of the A website after the black chain is removed (the first, the second, the third, the fourth and the fifth); if determining that the page is not the black chain and the page is the black chain, keeping the page, deleting the page to obtain the page information of the A website after the black chain is removed (i, ii', iii, and fifthly); if the situation that the website A is not the black chain is determined, keeping the website A and the website B, and obtaining the website A page information after the black chain is removed (the website A, the website B, the website A, the website B, the website.
Step 208: sent to the client
After the steps are completed, the network equipment sends the response page information of removing the black chain to the client.
In the black chain protection method of the embodiment, the network device stores the original page information without the black chain, compares the received response page information sent by the server with the corresponding original page information, performs area division on the response page information according to the comparison result, performs black chain detection only on the changed area, and determines the black chain information, thereby improving the black chain protection efficiency. And then sending the response page information with the black chain information removed to the client. The website response page information received by the client can be ensured not to be hung in a black chain in real time, and normal service access is ensured; after the black chain is found, the black chain information is sent to the website management terminal, a website administrator eradicates the black chain and strengthens the management authority, the labor cost is saved, and the black chain protection efficiency is improved.
As shown in fig. 4, the present specification provides a black chain guard device that can perform the black chain guard method according to any of the embodiments of the present specification. The system can comprise a page acquisition module 401, a black chain determination module 402 and a black chain removal module 403. Wherein:
a page obtaining module 401, configured to obtain response page information; the response page information is corresponding page information returned by the server according to the request webpage address of the client;
a black chain determining module 402, configured to determine black chain information in the response page information;
and a black chain removing module 403, configured to remove the black chain information in the response page information and send the removed black chain information to the client.
Referring to fig. 5, another black chain guard apparatus is provided, which can perform the black chain guard method according to any of the embodiments of the present disclosure. The system can comprise a page acquisition module 401, a black chain determination module 402 and a black chain removal module 403. Wherein:
optionally, the black chain determining module 402 includes:
a modification area determining sub-module 4021, configured to compare the response page information with original page information, and determine an information modification area of the response page information; the information modification area is an area where the response page information is modified in comparison with the original page information; the original page information is page information which is pre-stored, does not contain a black chain and corresponds to the request webpage address; the black chain information is positioned in the information modification area;
the black chain removing module 403, when configured to remove the black chain information in the response page information, includes: and replacing the black chain information in the information modification area by using the corresponding content in the original page information.
Optionally, the black chain determining module 402 includes:
an added area determining sub-module 4022, configured to compare the response page information with original page information, and determine an information added area of the response page information; the information adding area is an area in which the comparison between the response page information and the original page information is increased; the original page information is page information which is pre-stored, does not contain a black chain and corresponds to the request webpage address; the black chain information is positioned in the information adding area;
the black chain removing module 403, when configured to remove the black chain information in the response page information, includes: and deleting the black chain information in the information adding area.
Optionally, the black chain determining module 402 includes:
the extracting sub-module 4023 is configured to extract hyperlinks in the response page information;
the confirming sub-module 4024 is configured to confirm that the hyperlink is a black chain when the preset white list does not include the hyperlink; at least one hyperlink which is not a black chain is stored in the white list; or, when the preset blacklist contains the hyperlink, the hyperlink is determined to be a black chain; at least one hyperlink that is a black chain is stored in the blacklist.
Optionally, the apparatus further comprises:
and the black chain feedback module 404 is configured to store the black chain information and send the black chain information to the website management terminal, so that a website administrator performs security protection according to the black chain information on the website management terminal.
The implementation process of the functions and actions of each module in the above device is specifically described in the implementation process of the corresponding step in the above method, and is not described herein again.
For the device embodiments, since they substantially correspond to the method embodiments, reference may be made to the partial description of the method embodiments for relevant points. The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the solution of at least one embodiment of the present specification. One of ordinary skill in the art can understand and implement it without inventive effort.
The present specification also provides a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the following steps when executing the program:
acquiring response page information; the response page information is corresponding page information returned by the server according to the request webpage address of the client;
determining black chain information in the response page information;
and after removing the black chain information in the response page information, sending the response page information to the client.
Optionally, the determining black chain information in the response page information includes:
comparing the response page information with the original page information, and determining an information modification area of the response page information; the information modification area is an area where the response page information is modified in comparison with the original page information; the original page information is page information which is pre-stored, does not contain a black chain and corresponds to the request webpage address; the black chain information is positioned in the information modification area;
the removing the black chain information in the response page information includes: and replacing the black chain information in the information modification area by using the corresponding content in the original page information.
Optionally, the determining black chain information in the response page information includes:
comparing the response page information with the original page information, and determining an information increasing area of the response page information; the information adding area is an area in which the comparison between the response page information and the original page information is increased; the original page information is page information which is pre-stored, does not contain a black chain and corresponds to the request webpage address; the black chain information is positioned in the information adding area;
the removing the black chain information in the response page information includes: and deleting the black chain information in the information adding area.
Optionally, the determining black chain information in the response page information includes: extracting hyperlinks in the response page information; if the preset white list does not contain the hyperlink, the hyperlink is determined to be a black chain; at least one hyperlink that is not a black chain is stored in the whitelist.
Optionally, the determining black chain information in the response page information includes: extracting hyperlinks in the response page information; if the preset blacklist contains the hyperlink, confirming that the hyperlink is a black chain; at least one hyperlink that is a black chain is stored in the blacklist.
Optionally, after determining the black chain information in the response page information, the method further includes: and storing the black chain information and sending the black chain information to a website management terminal so that a website administrator can perform safety protection according to the black chain information on the website management terminal.
The present specification also provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements a method that may include:
acquiring response page information; the response page information is corresponding page information returned by the server according to the request webpage address of the client;
determining black chain information in the response page information;
and after removing the black chain information in the response page information, sending the response page information to the client.
The non-transitory computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, etc., which is not limited in this application.
Other embodiments of the present description will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This specification is intended to cover any variations, uses, or adaptations of the specification following, in general, the principles of the specification and including such departures from the present disclosure as come within known or customary practice within the art to which the specification pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the specification being indicated by the following claims.
It will be understood that the present description is not limited to the precise arrangements described above and shown in the drawings, and that various modifications and changes may be made without departing from the scope thereof. The scope of the present description is limited only by the appended claims.
The above description is only a preferred embodiment of the present disclosure, and should not be taken as limiting the present disclosure, and any modifications, equivalents, improvements, etc. made within the spirit and principle of the present disclosure should be included in the scope of the present disclosure.
Claims (13)
1. A black chain protection method, comprising:
acquiring response page information; the response page information is corresponding page information returned by the server according to the request webpage address of the client;
determining black chain information in the response page information;
and after removing the black chain information in the response page information, sending the response page information to the client.
2. The method of claim 1, wherein the determining black chain information in the response page information comprises:
comparing the response page information with the original page information, and determining an information modification area of the response page information; the information modification area is an area where the response page information is modified in comparison with the original page information; the original page information is page information which is pre-stored, does not contain a black chain and corresponds to the request webpage address; the black chain information is positioned in the information modification area;
the removing the black chain information in the response page information includes: and replacing the black chain information in the information modification area by using the corresponding content in the original page information.
3. The method of claim 1, wherein the determining black chain information in the response page information comprises:
comparing the response page information with the original page information, and determining an information increasing area of the response page information; the information adding area is an area in which the comparison between the response page information and the original page information is increased; the original page information is page information which is pre-stored, does not contain a black chain and corresponds to the request webpage address; the black chain information is positioned in the information adding area;
the removing the black chain information in the response page information includes: and deleting the black chain information in the information adding area.
4. The method of claim 1, wherein the determining black chain information in the response page information comprises:
extracting hyperlinks in the response page information;
if the preset white list does not contain the hyperlink, the hyperlink is determined to be a black chain; at least one hyperlink that is not a black chain is stored in the whitelist.
5. The method of claim 1, wherein the determining black chain information in the response page information comprises:
extracting hyperlinks in the response page information;
if the preset blacklist contains the hyperlink, confirming that the hyperlink is a black chain; at least one hyperlink that is a black chain is stored in the blacklist.
6. The method of claim 1, wherein after the determining black chain information in the response page information, the method further comprises:
and storing the black chain information and sending the black chain information to a website management terminal so that a website administrator can perform safety protection according to the black chain information on the website management terminal.
7. A black chain guard, the device comprising:
the page acquisition module is used for acquiring response page information; the response page information is corresponding page information returned by the server according to the request webpage address of the client;
the black chain determining module is used for determining black chain information in the response page information;
and the black chain removing module is used for removing the black chain information in the response page information and then sending the black chain information to the client.
8. The apparatus of claim 7, wherein the black chain determination module comprises:
the modification area determining submodule is used for comparing the response page information with the original page information and determining an information modification area of the response page information; the information modification area is an area where the response page information is modified in comparison with the original page information; the original page information is page information which is pre-stored, does not contain a black chain and corresponds to the request webpage address; the black chain information is positioned in the information modification area;
the black chain removing module, when configured to remove the black chain information in the response page information, includes: and replacing the black chain information in the information modification area by using the corresponding content in the original page information.
9. The apparatus of claim 7, wherein the black chain determination module comprises:
the added area determining submodule is used for comparing the response page information with the original page information and determining an information added area of the response page information; the information adding area is an area in which the comparison between the response page information and the original page information is increased; the original page information is page information which is pre-stored, does not contain a black chain and corresponds to the request webpage address; the black chain information is positioned in the information adding area;
the black chain removing module, when configured to remove the black chain information in the response page information, includes: and deleting the black chain information in the information adding area.
10. The apparatus of claim 7, wherein the black chain determination module comprises:
the extraction submodule is used for extracting the hyperlink in the response page information;
the confirming submodule is used for confirming that the hyperlink is a black chain when the preset white list does not contain the hyperlink; at least one hyperlink which is not a black chain is stored in the white list; or, when the preset blacklist contains the hyperlink, the hyperlink is determined to be a black chain; at least one hyperlink that is a black chain is stored in the blacklist.
11. The apparatus of claim 7, further comprising:
and the black chain feedback module is used for storing the black chain information and sending the black chain information to the website management terminal so that a website administrator can perform safety protection according to the black chain information on the website management terminal.
12. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor when executing the program performs the steps of:
acquiring response page information; the response page information is corresponding page information returned by the server according to the request webpage address of the client;
determining black chain information in the response page information;
and after removing the black chain information in the response page information, sending the response page information to the client.
13. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910898601.1A CN110659439A (en) | 2019-09-23 | 2019-09-23 | Black chain protection method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910898601.1A CN110659439A (en) | 2019-09-23 | 2019-09-23 | Black chain protection method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN110659439A true CN110659439A (en) | 2020-01-07 |
Family
ID=69038900
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910898601.1A Pending CN110659439A (en) | 2019-09-23 | 2019-09-23 | Black chain protection method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110659439A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111782991A (en) * | 2020-07-15 | 2020-10-16 | 浙江军盾信息科技有限公司 | Method, device, equipment and storage medium for detecting abnormal hidden link of website |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106599242A (en) * | 2016-12-20 | 2017-04-26 | 福建六壬网安股份有限公司 | Webpage change monitoring method and system based on similarity calculation |
| CN107294904A (en) * | 2016-03-30 | 2017-10-24 | 深圳市深信服电子科技有限公司 | Server invades detection method and gateway device |
| CN108959565A (en) * | 2018-07-04 | 2018-12-07 | 广东小天才科技有限公司 | A kind of method, apparatus and server of web page contents filtering |
-
2019
- 2019-09-23 CN CN201910898601.1A patent/CN110659439A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107294904A (en) * | 2016-03-30 | 2017-10-24 | 深圳市深信服电子科技有限公司 | Server invades detection method and gateway device |
| CN106599242A (en) * | 2016-12-20 | 2017-04-26 | 福建六壬网安股份有限公司 | Webpage change monitoring method and system based on similarity calculation |
| CN108959565A (en) * | 2018-07-04 | 2018-12-07 | 广东小天才科技有限公司 | A kind of method, apparatus and server of web page contents filtering |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111782991A (en) * | 2020-07-15 | 2020-10-16 | 浙江军盾信息科技有限公司 | Method, device, equipment and storage medium for detecting abnormal hidden link of website |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11709945B2 (en) | System and method for identifying network security threats and assessing network security | |
| KR101010708B1 (en) | Method and apparatus for preventing web page attacks | |
| US20170155666A1 (en) | Attracting and analyzing spam postings | |
| CN103701793B (en) | The recognition methods of server broiler chicken and device | |
| Sanchez-Rola et al. | The onions have eyes: a comprehensive structure and privacy analysis of tor hidden services | |
| KR101070184B1 (en) | System and method for blocking execution of malicious code by automatically crawling and analyzing malicious code through multi-thread site-crawler, and by interworking with network security device | |
| EP3557843B1 (en) | Content delivery network (cdn) bot detection using compound feature sets | |
| CN108183900B (en) | Method, server, system, terminal device and storage medium for detecting mining script | |
| CN105939326A (en) | Message processing method and device | |
| CN105376217B (en) | A kind of malice jumps and the automatic judging method of malice nested class objectionable website | |
| CN110717183B (en) | Virus checking and killing method, device, equipment and storage medium | |
| CN103701816B (en) | Perform the scan method and scanning means of the server of Denial of Service attack | |
| CN107800686B (en) | Phishing website identification method and device | |
| CN107465702B (en) | Early warning method and device based on wireless network intrusion | |
| CN102571812A (en) | Tracking and identification method and apparatus for network threats | |
| Starov et al. | Betrayed by your dashboard: Discovering malicious campaigns via web analytics | |
| CN106713318B (en) | WEB site safety protection method and system | |
| CN109660552A (en) | A kind of Web defence method combining address jump and WAF technology | |
| CN107566401A (en) | The means of defence and device of virtualized environment | |
| CN113810381A (en) | Crawler detection method, web application cloud firewall, device and storage medium | |
| CN110929257B (en) | Method and device for detecting malicious codes carried in webpage | |
| CN114285626B (en) | Honeypot attack chain construction method and honeypot system | |
| CN102946391A (en) | Method for prompting malicious website in browser and browser | |
| CN110659439A (en) | Black chain protection method, device, equipment and storage medium | |
| CN114095264A (en) | High-interaction traceability method, equipment and hardware of honeypot system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200107 |