CN111967059A - Website tamper-proofing method and system and computer readable storage medium - Google Patents

Website tamper-proofing method and system and computer readable storage medium Download PDF

Info

Publication number
CN111967059A
CN111967059A CN202010800366.2A CN202010800366A CN111967059A CN 111967059 A CN111967059 A CN 111967059A CN 202010800366 A CN202010800366 A CN 202010800366A CN 111967059 A CN111967059 A CN 111967059A
Authority
CN
China
Prior art keywords
file
monitoring
client
website
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010800366.2A
Other languages
Chinese (zh)
Inventor
胡亮华
黄文良
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Baota Safety Technology Co ltd
Original Assignee
Guangdong Baota Safety Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Baota Safety Technology Co ltd filed Critical Guangdong Baota Safety Technology Co ltd
Priority to CN202010800366.2A priority Critical patent/CN111967059A/en
Publication of CN111967059A publication Critical patent/CN111967059A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/958Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Bioethics (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a method and a system for preventing website from being tampered and a computer readable storage medium, comprising the following steps: acquiring a configuration file and generating a monitoring directory according to the configuration file; acquiring a bottom file and monitoring the bottom file to monitor the webpage state in real time; and when the bottom file is changed, determining whether the bottom file meets the monitoring directory, and if so, not responding to the operation. The invention monitors the state of the bottom layer file in the webpage information in real time, and judges that the change action is normal operation according to the monitoring rule in the monitoring directory before the state and the attribute of the bottom layer file in the webpage information are changed, thereby achieving the effect of preventing the webpage from being tampered.

Description

Website tamper-proofing method and system and computer readable storage medium
Technical Field
The present invention relates to the field of network security, and in particular, to a method for preventing website from being tampered, a system for implementing the method, and a computer-readable storage medium.
Background
With the rapid development and wide use of network information technology, network security faces a very serious challenge, and websites suffer from various security attacks more and more frequently, wherein webpage tampering is the most serious problem. The webpage tampering has the following characteristics: the web page falsification has the advantages of high propagation speed, more reading groups, easiness in copying, difficulty in pre-checking and real-time prevention, the sites of China are attacked by webpage falsification in different degrees according to incomplete statistics, and the attack means are various, so that the network security prevention becomes the focus of attention increasingly.
In the face of multi-aspect safety challenges of website tampering, early website sites adopt a backup and restoration mechanism, but the passive mechanism can only perform safe backup and restoration and cannot achieve a protection effect; later, network time driving is adopted to solve the problem of website tampering, but the method has low tampering detection efficiency, cannot rapidly monitor website tampering behaviors, and cannot widely protect continuous website tampering behaviors.
Disclosure of Invention
In view of the above problems, an object of the present invention is to provide a method for preventing website tampering, a system for implementing the method, and a computer-readable storage medium.
The technical scheme adopted by the invention for realizing the purpose is as follows:
a website tamper-proofing method comprising:
acquiring a configuration file and generating a monitoring directory according to the configuration file;
acquiring a bottom file and monitoring the bottom file to monitor the webpage state in real time;
and when the bottom file is changed, determining whether the bottom file meets the monitoring directory, and if so, not responding to the operation.
Preferably, the obtaining the configuration file includes:
a user inputs a monitoring rule on a client to generate integrated data;
receiving integrated data sent by a client, wherein the integrated data comprises an identity confirmation label, a distinguishing label and a target file, and when the target file is generated, the distinguishing label is correspondingly generated in a binding mode;
generating target inspection parameters by using the first locking parameters agreed with the client and the identification label;
verifying the target file by using the target inspection parameters to obtain inspection data;
and when the verification data is the same as the identity confirmation label, confirming that the target file is a normal operation file.
Preferably, after the target file is confirmed to be a normal operation file, the method further includes:
disassembling the monitoring rules contained in the target file into a plurality of monitoring condition files;
comparing a plurality of monitoring condition files with the last configuration file in a list or tiled mode;
and if the monitoring condition file is different from the last configuration file, covering and/or adding the monitoring condition on the monitoring condition file to the last configuration file to form a new configuration file.
Preferably, the comparing the plurality of monitoring condition files with the last configuration file in a list or a tiled manner includes:
acquiring a monitoring condition character string on the monitoring condition file to form a first character unit;
acquiring a monitoring condition character string of the corresponding monitoring condition of the previous configuration file to form a second character unit;
comparing whether the first character unit and the second character unit are the same;
and when the first character unit and the second character unit are different, deleting the second character unit and supplementing the first character unit into the position of the deleted second character unit.
Preferably, before the step of generating the target verification parameter by using the first locking parameter agreed with the client and the identification tag, the method further includes:
judging whether a local cache contains the distinguishing label or not;
and when the distinguishing label does not exist in the local cache, storing the distinguishing label into the local cache, and executing a step of generating a target checking parameter by using a first locking parameter agreed with the client and the distinguishing label.
Preferably, before receiving the integration data sent by the client, the method further includes:
receiving a second locking parameter sent by the client, and generating a third locking parameter according to the second locking parameter;
sending the third locking parameter to the client;
generating the first locking parameter according to the second locking parameter and the third locking parameter;
saving the first locking parameter.
Preferably, the acquiring the underlying file includes:
the attributes of the underlying file of the web page information are scanned using a single hash unit.
Preferably, the method further comprises the following steps:
the method comprises the steps that illegal operation behaviors are obtained and a recording file is generated, and a user can check the recording file on a client to check the times of webpage tampering;
the recording file is used for recording one or more of the following contents:
type of operation tampered, file, process, time.
A website tamper-resistant system, the apparatus comprising:
the management module is used for acquiring a configuration file and generating a monitoring directory according to the configuration file;
and the monitoring module is used for acquiring the bottom file and monitoring the bottom file so as to monitor the webpage state in real time.
A computer-readable storage medium, which stores a computer program that, when executed by a processor, performs the steps of the above-described method.
The invention has the beneficial effects that: the invention monitors the state of the bottom layer file in the webpage information in real time, and judges that the change action is normal operation according to the monitoring rule in the monitoring directory before the state and the attribute of the bottom layer file in the webpage information are changed, thereby achieving the effect of preventing the webpage from being tampered.
The invention is further described with reference to the following figures and examples.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained based on these drawings without creative efforts.
FIG. 1 is a flow chart of a tamper-evident method of the present invention;
FIG. 2 is a flowchart illustrating the comparison of the underlying files to the website protection directory in the present invention;
FIG. 3 is a flowchart illustrating the comparison of the underlying file and the file format protection directory according to the present invention;
FIG. 4 is a flowchart illustrating the comparison of the underlying files to the identity protection directory in the present invention;
FIG. 5 is a flow chart of the transmission between the client and the WEB server in the present invention;
FIG. 6 is a flow chart A of the profile formation in the present invention;
FIG. 7 is a flowchart illustrating comparison of configuration files according to the present invention.
Detailed Description
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in detail below. In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention. This invention may, however, be embodied in many different forms and should not be construed as limited to the embodiments set forth herein.
In the description of the present invention, it is to be understood that the terms "first", "second" and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implying any number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
In the present embodiment, the method includes: the system comprises a WEB server and a backup server, wherein the WEB server mainly issues webpage information to the outside and provides WEB service; the website tamper-proofing method in this embodiment is mainly implemented on the WEB server, and is mainly implemented to monitor the WEB page state according to the monitoring conditions in the monitoring directory, and restore the WEB page to the WEB page state before the change when the WEB page state is changed. Specifically, a monitored core is molded and installed in a WEB server, automatic monitoring is carried out based on a time triggering mode, all file contents (including html, asp, flash, png, bmp, gif, jpeg, php and jsp) of a folder where a monitored webpage is located are contrasted with a plurality of attributes of the files, and the attributes of each file in the folder where the monitored webpage is located are scanned in real time through a built-in hash fast algorithm, so that real-time monitoring is realized. And if the attribute change is found to be in a non-protocol mode, copying the contents of the backup path folder to the corresponding position of the folder of the monitored webpage in a safe copy mode. Because the underlying file driving technology is adopted, the running performance and the monitoring real-time performance of the device can reach the highest level.
And the backup server mainly backs up the files and the attributes of the files. The backup server analyzes an information unit in the website information and determines a signal change coordinate for realizing unidirectional transmission control in the information unit; changing the signal change coordinates in the information unit into abnormal signals when carrying out unidirectional transmission control; and then sending the modified information unit to a WEB server. The method comprises the steps of analyzing an information unit of website information, modifying a signal change coordinate for realizing unidirectional transmission control in the information unit into an abnormal signal, discarding the information unit and not processing the information unit when the WEB server identifies the abnormal signal, so that unidirectional transmission control can be realized, and the problem of safety control of backup file transmission of a backup server can be solved.
Furthermore, the rdp agent acts as a middle layer role and is responsible for receiving rdp I/O requests sent by the client, the agent service built-in protocol parsing module is mainly responsible for parsing information units closely related to disk mapping and clipboards, the agent service built-in protocol is arranged in the backup server, when the backup server completes parsing and the WEB server monitors illegal operations, the backup server inserts abnormal signals into the information units to form modified information units and forwards the modified information unit requests to the WEB server, and after the WEB server receives the information unit requests, the rdp agent receives responses of the WEB server to discarding of the modified information units and not processing, and then forwards the responses to the client in the WEB server, thereby realizing unidirectional transmission control. Wherein rdp agent program is installed in WEB server, and information unit contains backup file of website information. By analyzing the information unit, an abnormal signal is inserted into the information unit, and when the WEB server receives or identifies the abnormal signal, the rdp agent program in the abnormal signal does not process the information unit, namely, the unidirectional transmission control is realized.
As shown in fig. 1, the website tamper-proofing method in an optional embodiment specifically includes the following steps:
step 101, acquiring a configuration file and generating a monitoring directory according to the configuration file;
in the embodiment of the present application, the configuration file is a file generated in response to the requirement of the client on the client, and the configuration file generally includes: a website protection directory, an identity protection directory, a file format protection directory, and an exclusion protection directory; the user can open the client, then select to click the adding website, input the website character to be protected on the adding website bar, and then input the identity information, the file format and the exclusion protection content which does not need to be protected in the website to be protected in sequence; and after the input is finished, clicking an anti-tampering switch button to start anti-tampering protection of the protected website.
Further, the identity protection directory mainly adds users such as ftp, mysql, www and the like, and the user only needs to fill the user ID needing protection into the user ID column needing protection.
The file format protection directory mainly adds files of types needing protection, such as html, asp, flash, png, bmp, gif, jpeg, php, jsp and the like.
The method can eliminate the protection directory, mainly add the contents which do not need to be protected under the website needing protection, such as comment function and message function in the website information, and set the discharge protection directory to ensure the controllable expansibility of the tamper-proof system, thereby pertinently protecting the parts of the website needing protection.
102, acquiring a bottom file and monitoring the bottom file to monitor the webpage state in real time;
the single hash unit is adopted to scan the attribute of the bottom file of the webpage information, and the single hash unit scans the attribute of each file in the folder where the monitored webpage is located in real time, so that real-time monitoring is realized. In addition, the single-item hashing unit is a single-item hashing algorithm.
When a webpage request exists, and the webpage request carries illegal operation, the attribute of the webpage file is changed by the illegal operation, and at the moment, the one-way hash unit can quickly scan and monitor the change of the attribute of the file.
Wherein the illegal operation comprises: actions such as creating a folder, deleting a folder, renaming, deleting a file, writing a file, creating a file, etc.
Step 103, when the bottom file is changed, determining whether the bottom file meets the monitoring directory, if so, not responding to the operation.
As shown in fig. 2, in step 103a0, when the underlying file is changed (i.e. the attribute of the underlying file is changed), the underlying file is compared with the website protection directory in the monitoring directory;
step 103a1, acquiring the website character strings in the changed bottom file in sequence;
step 103a2, searching a first character of the website character string in a website protection directory in the monitoring directory, and acquiring a first retrieval website directory; if the first search website directory is not obtained, the operation is normal, and the operation can be continued.
Step 103a3, acquiring the second character of the website character string in step 103a1, and searching the first search website directory in step 103a2 to acquire a second search website directory; if the second search website directory is not obtained, the operation is normal, and the operation can be continued.
By analogy, whether the website to which the changed bottom layer file belongs is in the monitoring directory can be obtained. If the changed bottom file belongs to one of the websites in the monitoring directory, the next step is performed, specifically, the next steps are steps 103b0 and 103c 0.
As shown in fig. 3, step 103b0, scanning through a single hash algorithm to obtain the changed file format of the underlying file;
step 103b1, comparing the obtained changed file format with the file format protection directory in the monitoring directory;
in step 103b2, if they are different, the operation is changed to normal operation, and if they are the same, the operation is illegal.
As shown in fig. 4, step 103c0, scanning through a single hash algorithm to obtain the user ID of the change of the underlying file;
step 103c1, comparing the obtained changed user identity ID with the identity protection directory in the monitoring directory;
in step 103c2, if they are different, the operation is changed to normal operation, and if they are the same, the operation is illegal.
In an alternative embodiment, the method for preventing website from being tampered, the obtaining the configuration file includes:
as shown in FIG. 5, step 1010, the user enters monitoring rules on the client to generate integration data;
specifically, the user inputs a website protection directory, an identity protection directory, a file format protection directory, and the like on the client panel corresponding to each monitoring condition input field.
Step 1011, receiving integrated data sent by a client, wherein the integrated data comprises an identity confirmation label, a distinguishing label and a target file, and when the target file is generated, the distinguishing label is correspondingly generated by binding; the target file may be any type and format of file data, and in this embodiment, the target file is a data file with monitoring conditions. In addition, when the user clicks the ok button after completing the input of the monitoring list on the client panel, the discrimination label is generated. The identification label can combine randomly generated numbers and/or English letters, the generated combination can be four digits, five digits or multiple digits, and the safety of data transmission can be further enhanced through the identification label generated by binding.
Step 1012, generating a target verification parameter by using a first locking parameter agreed with the client and the identification tag; in this embodiment, the first locking parameter agreed by the client and the WEB server may be a fixed parameter preset by both. In addition, the client may set the first locking parameter once with the WEB server, click a parameter setting button on the client, and input the parameter in the pop-up input box, and the identity confirmation tag may be generated by setting the distinguishing tag generated by the client and the first locking parameter set this time during data transmission later. In addition, the user can also set the first locking parameter before inputting the monitoring rule each time, the risk that the monitoring directory is hijacked due to long-term use of one fixed first locking parameter can be reduced through the setting, and the safety between the client and the WEB server is improved.
Specifically, the first locking parameter may be a character string composed of numbers, symbols, and english, where the first locking parameter must include at least one number, at least one symbol, at least one capital english letter, and at least one lower english letter, and the numbers, symbols, and upper and lower english letters may be in any order.
Step 1013, verifying the target file by using the target verification parameters to obtain verification data; specifically, when the target file is received by the WEB server, the target file is verified by a target verification parameter (i.e., an algorithm), so as to obtain verification data.
Step 1014, when the verification data is the same as the identity confirmation label, confirming that the target file is a normal operation file. Specifically, the verification data obtained by the WEB server is compared with the identity confirmation tag in the previously received integrated data, and when the verification data is the same as the identity confirmation tag, the identification tag and the target file are not hijacked and tampered in the transmission process, so that the target file can be confirmed to be a conventional operation file.
In an optional embodiment, the method for preventing website from being tampered, when the target file is confirmed to be a normal operation file, the method further includes:
as shown in fig. 6 and 7, in step 1015, the monitoring rules contained in the target file are disassembled into a plurality of monitoring condition files; specifically, a plurality of monitoring condition files contained in the target file are disassembled and separated, so that the monitoring conditions are separated, and the monitoring conditions are classified well according to different protection directories, so that the condition of serial codes or serial directories cannot occur.
Step 1016, comparing a plurality of monitoring condition files with the last configuration file in a list or tiled mode;
and if the monitoring condition file is different from the last configuration file, covering and/or adding the monitoring condition on the monitoring condition file to the last configuration file to form a new configuration file.
In an optional embodiment, the website tamper-proofing method, wherein the comparing, in a list or a tile manner, the plurality of monitoring condition files with the last configuration file includes:
as shown in fig. 6 and 7, in step 1016a, acquiring a monitoring condition character string on the monitoring condition file to form a first character unit; specifically, if the monitoring condition file of the website protection directory is the monitoring condition file, the first character unit is a string of website characters; if the monitoring condition file of the identity protection directory is the monitoring condition file, the first character unit is an identity ID character; if the monitoring condition file of the file format protection directory is the monitoring condition file, the first character unit is a file format character.
Step 1016b, acquiring a monitoring condition character string corresponding to the monitoring condition of the previous configuration file to form a second character unit; specifically, the second character unit obtained here is the monitoring condition character string of the monitoring condition in the previous configuration file, and the content of the monitoring condition in the previous configuration file is obtained by obtaining the second character unit and compared with the first character unit in step 1016 b.
Step 1016c, comparing whether the first character unit and the second character unit are the same;
and when the first character unit and the second character unit are different, deleting the second character unit and supplementing the first character unit into the position of the deleted second character unit. Specifically, when the second character unit is different from the first character unit when aligned, the second character unit is erased or deleted, and then the first character unit is filled in the position of the second character unit, thereby completing the configuration of the new monitoring condition.
In an optional embodiment, the website tamper-proofing method, before the step of generating the target verification parameter by using the first locking parameter agreed with the client and the identification tag, further includes:
judging whether a local cache contains the distinguishing label or not;
and when the distinguishing label does not exist in the local cache, storing the distinguishing label into the local cache, and executing a step of generating a target checking parameter by using a first locking parameter agreed with the client and the distinguishing label. Specifically, the WEB server can confirm whether or not the discrimination tag exists in the local cache based on the discrimination tag to determine whether or not the integrated data of the client is a replay attack. When the WEB server receives the integrated data, the integrated data comprises a distinguishing label, the WEB server analyzes the distinguishing label from the integrated data, and the WEB server starts to search whether the local cache has the label same as the distinguishing label. If the distinguishing label is not found in the WEB server, the data request from the client can be indicated as a normal request. Meanwhile, if the WEB server does not have the identification tag, the identification tag is stored in a temporary folder of the WEB, deletion time is set, and after each deletion time, the WEB server clears the files in the temporary folder; by setting the temporary folder to store the setting of the discrimination tag, it is possible to confirm whether or not the attack is replayed during the deletion time, and the cache is not occupied.
Replay attack, also known as replay attack and replay attack, refers to an attacker sending a packet that a destination host has received to achieve the purpose of deceiving a system, and is mainly used for an identity authentication process to destroy the correctness of authentication. Replay attacks may be performed by the initiator or by an adversary that intercepts and retransmits the data. The attacker steals the authentication credentials by using network monitoring or other methods, and then retransmits the authentication credentials to the authentication server. Replay attacks may occur during any network communication and are one of the common attack methods used by hackers in the computer world.
In an optional embodiment, the website tamper-proofing method further includes, before receiving the integration data sent by the client, that:
step a1011, receiving a second locking parameter sent by the client, and generating a third locking parameter according to the second locking parameter; specifically, the second locking parameter may be a random number-letter string or a set number-letter string, and the number of digits of the second locking parameter may be 16 bits or 32 bits.
Step b1011, sending the third locking parameter to the client; specifically, the WEB server receives the second locking parameter, and then obtains the second locking parameter through parsing and decryption, and the WEB server generates a third locking parameter after receiving the second locking parameter, where the third locking parameter is a randomly generated combination of numbers and letters, and may be a 16-bit or 32-bit combination of numbers and letters.
Step c1011, generating the first locking parameter according to the second locking parameter and the third locking parameter; exemplarily, if the second locking parameter is a 16-bit number and the third locking parameter is a 16-bit number, the first locking parameter is a 32-bit number combination composed of the second locking parameter and the third locking parameter; if the second locking parameter is 32-bit number and the third locking parameter is 32-bit number, the first locking parameter is 64-bit number of the combination of the second locking parameter and the third locking parameter;
step d1011, saving said first locking parameter. The second locking parameter and the third locking parameter are exchanged between the client and the WEB server, so that the security of the first locking parameter is improved.
In an alternative embodiment, the method for preventing website from being tampered further includes:
the method comprises the steps that illegal operation behaviors are obtained and a recording file is generated, and a user can check the recording file on a client to check the times of webpage tampering;
the recording file is used for recording one or more of the following contents:
type of operation tampered, file, process, time.
A website tamper-resistant system, the apparatus comprising:
the management module is used for acquiring a configuration file and generating a monitoring directory according to the configuration file;
and the monitoring module is used for acquiring the bottom file and monitoring the bottom file so as to monitor the webpage state in real time.
A computer-readable storage medium, which stores a computer program that, when executed by a processor, performs the steps of the above-described method.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, computer readable media does not include non-transitory computer readable media (transmyedia), such as modulated data signals and carrier waves.
The invention monitors the state of the bottom layer file in the webpage information in real time, and judges that the change action is normal operation according to the monitoring rule in the monitoring directory before the state and the attribute of the bottom layer file in the webpage information are changed, thereby achieving the effect of preventing the webpage from being tampered.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The foregoing is merely a preferred embodiment of the invention and is not intended to limit the invention in any manner. Those skilled in the art can make numerous possible variations and modifications to the present teachings, or modify equivalent embodiments to equivalent variations, without departing from the scope of the present teachings, using the methods and techniques disclosed above. Therefore, all equivalent changes made according to the shape, structure and principle of the present invention without departing from the technical scheme of the present invention shall be covered by the protection scope of the present invention.

Claims (10)

1. A website tamper-proofing method is characterized in that: the method comprises the following steps:
acquiring a configuration file and generating a monitoring directory according to the configuration file;
acquiring a bottom file and monitoring the bottom file to monitor the webpage state in real time;
and when the bottom file is changed, determining whether the bottom file meets the monitoring directory, and if so, not responding to the operation.
2. The website tamper-proofing method according to claim 1, wherein the obtaining the configuration file comprises:
a user inputs a monitoring rule on a client to generate integrated data;
receiving integrated data sent by a client, wherein the integrated data comprises an identity confirmation label, a distinguishing label and a target file, and when the target file is generated, the distinguishing label is correspondingly generated in a binding mode;
generating target inspection parameters by using the first locking parameters agreed with the client and the identification label;
verifying the target file by using the target inspection parameters to obtain inspection data;
and when the verification data is the same as the identity confirmation label, confirming that the target file is a normal operation file.
3. The method of claim 2, wherein after the target file is confirmed to be a normal operation file, the method further comprises:
disassembling the monitoring rules contained in the target file into a plurality of monitoring condition files;
comparing a plurality of monitoring condition files with the last configuration file in a list or tiled mode;
and if the monitoring condition file is different from the last configuration file, covering and/or adding the monitoring condition on the monitoring condition file to the last configuration file to form a new configuration file.
4. The method of claim 3, wherein comparing the plurality of monitoring condition files to the last configuration file in a list or a tile comprises:
acquiring a monitoring condition character string on the monitoring condition file to form a first character unit;
acquiring a monitoring condition character string of the corresponding monitoring condition of the previous configuration file to form a second character unit;
comparing whether the first character unit and the second character unit are the same;
and when the first character unit and the second character unit are different, deleting the second character unit and supplementing the first character unit into the position of the deleted second character unit.
5. The website tamper-proofing method according to claim 2, wherein before the step of generating the target verification parameter by using the first locking parameter agreed with the client and the identification tag, the method further comprises:
judging whether a local cache contains the distinguishing label or not;
and when the distinguishing label does not exist in the local cache, storing the distinguishing label into the local cache, and executing a step of generating a target checking parameter by using a first locking parameter agreed with the client and the distinguishing label.
6. The website tamper-proofing method according to claim 2, wherein before receiving the integration data sent by the client, the method further comprises:
receiving a second locking parameter sent by the client, and generating a third locking parameter according to the second locking parameter;
sending the third locking parameter to the client;
generating the first locking parameter according to the second locking parameter and the third locking parameter;
saving the first locking parameter.
7. The website tamper-proofing method according to claim 1, wherein the obtaining of the underlying file comprises:
the attributes of the underlying file of the web page information are scanned using a single hash unit.
8. The method for preventing website from being tampered with according to claim 1, further comprising:
the method comprises the steps that illegal operation behaviors are obtained and a recording file is generated, and a user can check the recording file on a client to check the times of webpage tampering;
the recording file is used for recording one or more of the following contents:
type of operation tampered, file, process, time.
9. A website tamper-resistant system, the apparatus comprising:
the management module is used for acquiring a configuration file and generating a monitoring directory according to the configuration file;
and the monitoring module is used for acquiring the bottom file and monitoring the bottom file so as to monitor the webpage state in real time.
10. A computer-readable storage medium, in which a computer program is stored which, when being executed by a processor, carries out the steps of the method according to any one of claims 1 to 8.
CN202010800366.2A 2020-08-11 2020-08-11 Website tamper-proofing method and system and computer readable storage medium Pending CN111967059A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010800366.2A CN111967059A (en) 2020-08-11 2020-08-11 Website tamper-proofing method and system and computer readable storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010800366.2A CN111967059A (en) 2020-08-11 2020-08-11 Website tamper-proofing method and system and computer readable storage medium

Publications (1)

Publication Number Publication Date
CN111967059A true CN111967059A (en) 2020-11-20

Family

ID=73365560

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010800366.2A Pending CN111967059A (en) 2020-08-11 2020-08-11 Website tamper-proofing method and system and computer readable storage medium

Country Status (1)

Country Link
CN (1) CN111967059A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113343312A (en) * 2021-06-25 2021-09-03 工银科技有限公司 Page tamper-proofing method and system based on front-end point burying technology
CN113364808A (en) * 2021-06-30 2021-09-07 北京天融信网络安全技术有限公司 Industrial control firewall testing method, device, equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101778137A (en) * 2010-01-15 2010-07-14 蓝盾信息安全技术股份有限公司 System and method for preventing webpage from being falsified
CN103679002A (en) * 2013-12-12 2014-03-26 小米科技有限责任公司 Method and device for monitoring file change and server
CN105871819A (en) * 2016-03-23 2016-08-17 上海上讯信息技术股份有限公司 Transmission control method and device
CN106650492A (en) * 2016-12-14 2017-05-10 北京大学 Multi-device file protection method and device based on security catalog
CN107423639A (en) * 2017-04-21 2017-12-01 深圳前海微众银行股份有限公司 webpage tamper monitoring method and device
CN110008392A (en) * 2019-03-07 2019-07-12 北京华安普特网络科技有限公司 A kind of webpage tamper detection method based on web crawlers technology

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101778137A (en) * 2010-01-15 2010-07-14 蓝盾信息安全技术股份有限公司 System and method for preventing webpage from being falsified
CN103679002A (en) * 2013-12-12 2014-03-26 小米科技有限责任公司 Method and device for monitoring file change and server
CN105871819A (en) * 2016-03-23 2016-08-17 上海上讯信息技术股份有限公司 Transmission control method and device
CN106650492A (en) * 2016-12-14 2017-05-10 北京大学 Multi-device file protection method and device based on security catalog
CN107423639A (en) * 2017-04-21 2017-12-01 深圳前海微众银行股份有限公司 webpage tamper monitoring method and device
CN110008392A (en) * 2019-03-07 2019-07-12 北京华安普特网络科技有限公司 A kind of webpage tamper detection method based on web crawlers technology

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113343312A (en) * 2021-06-25 2021-09-03 工银科技有限公司 Page tamper-proofing method and system based on front-end point burying technology
CN113364808A (en) * 2021-06-30 2021-09-07 北京天融信网络安全技术有限公司 Industrial control firewall testing method, device, equipment and storage medium

Similar Documents

Publication Publication Date Title
US11611586B2 (en) Systems and methods for detecting a suspicious process in an operating system environment using a file honeypots
US9860270B2 (en) System and method for determining web pages modified with malicious code
JP7545419B2 (en) Ransomware Mitigation in Integrated and Isolated Applications
CN109074452B (en) System and method for generating tripwire files
JP6570663B2 (en) Systems and methods for phishing and brand protection
EP1699205B1 (en) Method and system for safely disclosing identity over the Internet
CN110268406B (en) Password security
BRPI0815605B1 (en) METHOD FOR COMMUNICATING DATA USING A COMPUTER DEVICE; METHOD FOR GENERATING A SECOND VERSION OF A DATA COMMUNICATION COMPONENT USING A COMPUTER DEVICE; METHOD FOR COMMUNICATING DATA USING A COMPUTER DEVICE; METHOD FOR CREATING A CERTIFICATE USING A COMPUTER DEVICE; AND METHOD FOR USING A CERTIFICATE USING A COMPUTER DEVICE
CN101894225A (en) The system and method for assembling the knowledge base of antivirus software applications
JP2010182019A (en) Abnormality detector and program
CN110070360B (en) Transaction request processing method, device, equipment and storage medium
EP1430680B1 (en) Server with file verification
CN111967059A (en) Website tamper-proofing method and system and computer readable storage medium
Wang et al. Verilogo: Proactive phishing detection via logo recognition
KR101737794B1 (en) Method for monitoring malwares which encrypt user files
Netto et al. An integrated approach for detecting ransomware using static and dynamic analysis
Hajiali et al. Preventing phishing attacks using text and image watermarking
TWI780655B (en) Data processing system and method capable of separating application processes
Msaad et al. Honeysweeper: Towards stealthy honeytoken fingerprinting techniques
CN101778108B (en) Method and device for preventing falsification of homepage of server
CN113094663A (en) Process forced control method based on security marker
CN111835706A (en) Method and device for detecting malicious extension of browser and computer equipment
JP2005182509A (en) Computer system and data tampering detection method
CN111510452A (en) Network security method and network security service system
CN110347941B (en) System and method for identifying unknown attributes of web page data fragments

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination