CN112395537A - Website tamper-proofing method and device, storage medium and electronic device - Google Patents
Website tamper-proofing method and device, storage medium and electronic device Download PDFInfo
- Publication number
- CN112395537A CN112395537A CN201910755856.2A CN201910755856A CN112395537A CN 112395537 A CN112395537 A CN 112395537A CN 201910755856 A CN201910755856 A CN 201910755856A CN 112395537 A CN112395537 A CN 112395537A
- Authority
- CN
- China
- Prior art keywords
- file
- website
- event
- directory file
- authority
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 152
- 230000008569 process Effects 0.000 claims abstract description 111
- 238000012544 monitoring process Methods 0.000 claims abstract description 42
- 238000004590 computer program Methods 0.000 claims description 18
- 238000012986 modification Methods 0.000 claims description 11
- 230000004048 modification Effects 0.000 claims description 11
- 238000012217 deletion Methods 0.000 claims description 7
- 230000037430 deletion Effects 0.000 claims description 7
- 238000005516 engineering process Methods 0.000 abstract description 5
- 230000005540 biological transmission Effects 0.000 description 6
- 238000012545 processing Methods 0.000 description 5
- 238000004891 communication Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 230000006870 function Effects 0.000 description 3
- 230000003287 optical effect Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 2
- 230000002265 prevention Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/958—Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
- G06F16/986—Document structures and storage, e.g. HTML extensions
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Abstract
The invention provides a method and a device for preventing website from being tampered, a storage medium and an electronic device, wherein the method comprises the following steps: monitoring an operation event aiming at a website directory file; identifying an operation process of the operation event; judging whether the operation process has the operation authority of the website directory file; and rejecting the operation event under the condition that the operation process does not have the operation authority of the website directory file. By the method and the device, the technical problem that the file cannot be accurately tampered in the related technology is solved.
Description
Technical Field
The invention relates to the field of network security, in particular to a method and a device for preventing website tampering, a storage medium and an electronic device.
Background
With the popularization and development of the internet and network applications, a great number of hacking attacks come along, especially network attacks against the internet. The website directory file is a common method for hackers to attack websites, and real-time prevention of tampering of the website directory file is difficult.
In the related technology, operation permission is mainly set for a specified directory aiming at file tamper resistance, and any other process does not allow modification of files under a protection directory, so that modification of files under the specified directory by using Web service vulnerabilities can be prevented, but normal maintenance and update of a website by an administrator or an automatic issuing program can be prevented, and the problem of inaccurate judgment of website directory file tamper is caused.
In view of the above problems in the related art, no effective solution has been found at present.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method and an apparatus for preventing website from being tampered, a storage medium, and an electronic apparatus, so as to at least solve the technical problem of inaccurate file tamper prevention in the related art.
According to an embodiment of the invention, a method for preventing website from being tampered is provided, which includes: monitoring an operation event aiming at a website directory file; identifying an operation process of the operation event; judging whether the operation process has the operation authority of the website directory file; and rejecting the operation event under the condition that the operation process does not have the operation authority of the website directory file.
Optionally, monitoring the operation event for the website directory file includes: monitoring a file operation dynamic characteristic sequence of the website directory file at a kernel layer; searching an operation event for requesting to execute the operation event according to the file operation dynamic characteristic sequence, wherein the operation event comprises one of the following: file creation request, file modification request, file deletion request, file renaming request.
Optionally, the determining whether the operation process has the operation authority of the website directory file includes: judging whether the operation process has a first operation authority or not, and judging whether the directory position of the website directory file has a second operation authority or not, wherein the first operation authority is used for indicating whether the operation process allows the operation event to be executed or not, and the second operation authority is used for indicating whether the directory position of the website directory file allows the operation event to occur or not; the operation process has the first operation authority, the directory position of the website directory file has the second operation authority, and the operation process is determined to have the operation authority of the website directory file; and determining that the operation process does not have the operation authority of the website directory file when the operation process has the first operation authority or the directory position of the website directory file has the second operation authority.
Optionally, the operation process for identifying the operation event includes: acquiring specified information carried by the operation event, wherein the specified information at least comprises one of the following information: a digital signature of the operational event, a process name of the operational event, and an MD5 value of the operational event; and identifying the operation process according to the specified information.
Optionally, before monitoring the operation event for the website directory file, the method further includes: monitoring access requests for the website directory files; identifying an access process of the access request; allowing the access request under the condition that the access process has the access right of the website directory file; and in the case that the access process does not have the access right of the website directory file, rejecting the access request.
Optionally, after determining whether the operation process has the operation authority of the website directory file, the method further includes: and in the case that the operation process has the operation authority of the website directory file, allowing the operation event.
According to another embodiment of the present invention, there is provided a website tamper-proofing device, including: the first monitoring module is used for monitoring operation events aiming at the website directory files; the first identification module is used for identifying the operation process of the operation event; the judging module is used for judging whether the operation process has the operation authority of the website directory file; and the rejection module is used for rejecting the operation event under the condition that the operation process does not have the operation authority of the website directory file.
Optionally, the first monitoring module includes: the monitoring unit is used for monitoring a file operation dynamic characteristic sequence of the website directory file in a kernel layer; a searching unit, configured to search, according to the file operation dynamic feature sequence, an operation event for requesting execution of the operation event, where the operation event includes one of: file creation request, file modification request, file deletion request, file renaming request.
Optionally, the determining module includes: the judging unit is used for judging whether the operation process has a first operation right and judging whether a directory position where the website directory file is located has a second operation right, wherein the first operation right is used for indicating whether the operation process allows the operation event to be executed, and the second operation right is used for indicating whether the directory position where the website directory file is located allows the operation event to occur; the determining unit is used for determining that the operation process has the operation authority of the website directory file when the operation process has the first operation authority and the directory position of the website directory file has the second operation authority; and determining that the operation process does not have the operation authority of the website directory file when the operation process has the first operation authority or the directory position of the website directory file has the second operation authority.
Optionally, the first identification module includes: an obtaining unit, configured to obtain specified information carried by the operation event, where the specified information at least includes one of: a digital signature of the operational event, a process name of the operational event, and an MD5 value of the operational event; and the identification unit is used for identifying the operation process according to the specified information.
Optionally, the apparatus further comprises: the second monitoring module is used for monitoring an access request aiming at the website directory file; the second identification module is used for identifying the access process of the access request; the processing module is used for allowing the access request under the condition that the access process has the access authority of the website directory file; and in the case that the access process does not have the access right of the website directory file, rejecting the access request.
Optionally, the apparatus further comprises: and in the case that the operation process has the operation authority of the website directory file, allowing the operation event.
According to a further embodiment of the present invention, there is also provided a storage medium having a computer program stored therein, wherein the computer program is arranged to perform the steps of any of the above method embodiments when executed.
According to yet another embodiment of the present invention, there is also provided an electronic device, including a memory in which a computer program is stored and a processor configured to execute the computer program to perform the steps in any of the above method embodiments.
According to the invention, the operation event aiming at the website directory file is monitored, whether the execution main body of the operation event has the operation authority of the operation file or not is identified and judged, and the operation event is rejected under the condition that the execution main body has no operation authority, so that the effect of preventing the website directory file from being tampered is achieved, the efficiency and the accuracy of preventing the file from being tampered are improved, and the technical problem that the file is not accurately tampered in the related technology is solved.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the invention without limiting the invention. In the drawings:
FIG. 1 is a block diagram of a hardware structure of a server to which a method for preventing website from being tampered according to an embodiment of the present invention is applied;
FIG. 2 is a flow chart of a method of website tamper resistance according to an embodiment of the invention;
FIG. 3 is a flowchart of determining whether an execution principal has operation authority over an operation event according to an embodiment of the present invention;
fig. 4 is a block diagram of an apparatus for protecting against attacks on a website according to an embodiment of the present invention.
Detailed Description
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only partial embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application. It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
It should be noted that the terms "first," "second," and the like in the description and claims of this application and in the drawings described above are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in sequences other than those illustrated or described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
Example 1
The method provided by the first embodiment of the present application may be executed in a server, a computer, a terminal, or a similar computing device. Taking a computer as an example, fig. 1 is a block diagram of a hardware structure of a server to which a method for preventing website from being tampered according to an embodiment of the present invention is applied. As shown in fig. 1, the computer may include one or more (only one shown in fig. 1) processors 102 (the processors 102 may include, but are not limited to, a processing device such as a microprocessor MCU or a programmable logic device FPGA) and a memory 104 for storing data, and optionally, the server may further include a transmission device 106 for communication functions and an input-output device 108. It will be appreciated by those of ordinary skill in the art that the configuration shown in FIG. 1 is illustrative only and is not intended to limit the configuration of the computer described above. For example, the server may also include more or fewer components than shown in FIG. 1, or have a different configuration than shown in FIG. 1.
The memory 104 can be used for storing computer programs, for example, software programs and modules of application software, such as a computer program corresponding to a method for preventing website tampering in the embodiments of the present invention, and the processor 102 executes various functional applications and data processing by running the computer programs stored in the memory 104, so as to implement the above-mentioned method. The memory 104 may include high speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, memory 104 may further include memory located remotely from processor 102, which may be connected to computer 10 via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission device 106 is used for receiving or transmitting data via a network. Specific examples of such networks may include wireless networks provided by the communications provider of computer 10. In one example, the transmission device 106 includes a Network adapter (NIC), which can be connected to other Network devices through a base station so as to communicate with the internet. In one example, the transmission device 106 may be a Radio Frequency (RF) module, which is used for communicating with the internet in a wireless manner.
In this embodiment, a method for preventing a website from being tampered is provided, and fig. 2 is a flowchart of a method for preventing a website from being tampered according to an embodiment of the present invention, as shown in fig. 2, where the flowchart includes the following steps:
step S202, monitoring an operation event aiming at a website directory file;
the operation events in this embodiment at least include file operations such as modification, deletion, creation, and renaming of the website directory file. The website directory file may be an in-directory file under a particular directory.
Step S204, identifying the operation process of the operation event;
the operation process in this embodiment is an execution subject that executes an operation event, such as a process actively triggered by an administrator, or an automatic publishing program, an automatically executed process, and the like, but is not limited thereto.
Step S206, judging whether the operation process has the operation authority of the website directory file;
step S208, refusing the operation event under the condition that the operation process does not have the operation authority of the website directory file.
Through the steps, the operation event aiming at the website directory file is monitored, whether the execution main body of the operation event has the operation authority of the operation file or not is identified and judged, and the operation event is refused under the condition that the execution main body does not have the operation authority, so that the effect of preventing the website directory file from being tampered is achieved, the efficiency and the accuracy of preventing the file from being tampered are improved, and the technical problem that the file is not accurately tampered in the related technology is solved.
Optionally, monitoring the operation event for the website directory file comprises: monitoring a file operation dynamic characteristic sequence of the website directory file at a kernel layer; searching an operation event for requesting to execute the operation event according to the file operation dynamic characteristic sequence, wherein the operation event comprises one of the following: file creation request, file modification request, file deletion request, file renaming request. In this embodiment, when an operation event is executed, a file operation dynamic feature sequence of the operation event is monitored by implementing the call of the monitoring module in the kernel layer, and the operation event allowing the operation event is searched.
Optionally, the determining whether the operation process has the operation authority of the website directory file includes: judging whether the operation process has a first operation authority and judging whether the directory position of the website directory file has a second operation authority, wherein the first operation authority is used for indicating whether the operation process allows the operation event to be executed, and the second operation authority is used for indicating whether the directory position of the website directory file allows the operation event to occur; the operation process has a first operation authority, the directory position where the website directory file is located has a second operation authority, and the operation process is determined to have the operation authority of the website directory file; and determining that the operation process does not have the operation authority of the website directory file when the operation process has the first operation authority or the directory position of the website directory file has the second operation authority.
In an alternative embodiment, fig. 3 is a flowchart for determining whether an execution subject has an operation right to an operation event according to an embodiment of the present invention, and as shown in fig. 3, the method includes the following steps:
step S302, monitoring the access event of the service process.
In this embodiment, after the process is started, an operation event of the service process accessing the directory file is determined by monitoring an access event of the service process (i.e., the operation process), where the monitoring is performed on the operation event of the website directory file, where the operation event at least includes: creating an operation event of a new directory file; an operation event for modifying the directory file; deleting the operation event of the directory file; an operation event that renames a directory file.
Step S304, judging whether the access authority of the directory file is available. If yes, continuing to access the directory file; if not, the access is refused to prevent hackers from attacking the website directory file.
Step S306, whether to create or modify the file. In this embodiment, it is determined whether the operation process has an operation right (i.e., the first operation right described above) that allows the directory file to be executed, such as creating or modifying the directory file. If the first operation authority does not exist, releasing, namely allowing the service process to continuously access the website directory file; if the first operation authority exists, step S308 is executed.
Step S308, whether the file is allowed to be created or modified. In this embodiment, it is determined whether the directory location of the website directory file allows the operation authority of the directory file (i.e., the second operation authority). If yes, allowing the service process to create or modify the directory file; if not, the request to create or modify the directory file is denied.
That is, if the service process has the first operation right and the directory location of the file has the second operation right, it is determined that the service process has the operation right for the website directory file, otherwise, it does not.
Optionally, the operation process for identifying the operation event includes: acquiring specified information carried by an operation event, wherein the specified information at least comprises one of the following information: a digital signature of the operation event, a process name of the operation event, and an MD5 value of the operation event; and identifying the operation process according to the specified information.
Optionally, before monitoring the operation event for the website directory file, the method further includes: monitoring access requests for website directory files; identifying an access process of the access request; allowing the access request under the condition that the access process has the access authority of the website directory file; and in the case that the access process does not have the access right of the website directory file, rejecting the access request.
According to the above embodiment, as shown in fig. 3, whether the service process has the access authority of the directory file is determined by monitoring the service process access event, and if so, the directory file continues to be accessed; if not, the access is refused, so that the process without the authority is prevented from accessing the website directory file.
Optionally, after determining whether the operation process has the operation authority of the website directory file, the method further includes: and in the case that the operation process has the operation authority of the website directory file, allowing the operation event.
Through the above description of the embodiments, those skilled in the art can clearly understand that the method according to the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but the former is a better implementation mode in many cases. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, or a network device) to execute the method according to the embodiments of the present invention.
Example 2
In this embodiment, a device for defending against attacks on a website is further provided, which is used to implement the foregoing embodiments and preferred embodiments, and the description of which is already given is omitted. As used below, the term "module" may be a combination of software and/or hardware that implements a predetermined function. Although the means described in the embodiments below are preferably implemented in software, an implementation in hardware, or a combination of software and hardware is also possible and contemplated.
Fig. 4 is a block diagram of a device for protecting against attacks on a website according to an embodiment of the present invention, as shown in fig. 4, the device includes: a first monitoring module 402, configured to monitor an operation event for a website directory file; a first identification module 404, connected to the first monitoring module 402, for identifying the operation progress of the operation event; a determining module 406, connected to the first identifying module 404, for determining whether the operation process has the operation permission of the website directory file; a rejecting module 408, connected to the determining module 406, configured to reject the operation event when the operation process does not have the operation permission of the website directory file.
Optionally, the first monitoring module 402 includes: the monitoring unit is used for monitoring a file operation dynamic characteristic sequence of the website directory file in a kernel layer; a searching unit, configured to search, according to the file operation dynamic feature sequence, an operation event for requesting execution of the operation event, where the operation event includes one of: file creation request, file modification request, file deletion request, file renaming request.
Optionally, the determining module 406 includes: the judging unit is used for judging whether the operation process has a first operation right and judging whether a directory position where the website directory file is located has a second operation right, wherein the first operation right is used for indicating whether the operation process allows the operation event to be executed, and the second operation right is used for indicating whether the directory position where the website directory file is located allows the operation event to occur; the determining unit is used for determining that the operation process has the operation authority of the website directory file when the operation process has the first operation authority and the directory position of the website directory file has the second operation authority; and determining that the operation process does not have the operation authority of the website directory file when the operation process has the first operation authority or the directory position of the website directory file has the second operation authority.
Optionally, the first identifying module 404 includes: an obtaining unit, configured to obtain specified information carried by the operation event, where the specified information at least includes one of: a digital signature of the operational event, a process name of the operational event, and an MD5 value of the operational event; and the identification unit is used for identifying the operation process according to the specified information.
Optionally, the apparatus further comprises: the second monitoring module is used for monitoring an access request aiming at the website directory file; the second identification module is used for identifying the access process of the access request; the processing module is used for allowing the access request under the condition that the access process has the access authority of the website directory file; and in the case that the access process does not have the access right of the website directory file, rejecting the access request.
Optionally, the apparatus further comprises: and in the case that the operation process has the operation authority of the website directory file, allowing the operation event.
It should be noted that, the above modules may be implemented by software or hardware, and for the latter, the following may be implemented, but not limited to: the modules are all positioned in the same processor; alternatively, the modules are respectively located in different processors in any combination.
Example 3
Embodiments of the present invention also provide a storage medium having a computer program stored therein, wherein the computer program is arranged to perform the steps of any of the above method embodiments when executed.
Alternatively, in the present embodiment, the storage medium may be configured to store a computer program for executing the steps of:
s1, monitoring the operation event aiming at the website directory file;
s2, identifying the operation progress of the operation event;
s3, judging whether the operation process has the operation authority of the website directory file;
and S4, rejecting the operation event when the operation process does not have the operation authority of the website directory file.
Optionally, in this embodiment, the storage medium may include, but is not limited to: various media capable of storing computer programs, such as a usb disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic disk, or an optical disk.
Embodiments of the present invention also provide an electronic device comprising a memory having a computer program stored therein and a processor arranged to run the computer program to perform the steps of any of the above method embodiments.
Optionally, the electronic apparatus may further include a transmission device and an input/output device, wherein the transmission device is connected to the processor, and the input/output device is connected to the processor.
Optionally, in this embodiment, the processor may be configured to execute the following steps by a computer program:
s1, monitoring the operation event aiming at the website directory file;
s2, identifying the operation progress of the operation event;
s3, judging whether the operation process has the operation authority of the website directory file;
and S4, rejecting the operation event when the operation process does not have the operation authority of the website directory file.
Optionally, the specific examples in this embodiment may refer to the examples described in the above embodiments and optional implementation manners, and this embodiment is not described herein again.
The above-mentioned serial numbers of the embodiments of the present application are merely for description and do not represent the merits of the embodiments.
In the above embodiments of the present application, the descriptions of the respective embodiments have respective emphasis, and for parts that are not described in detail in a certain embodiment, reference may be made to related descriptions of other embodiments.
In the embodiments provided in the present application, it should be understood that the disclosed technology can be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one type of division of logical functions, and there may be other divisions when actually implemented, for example, a plurality of units or components may be combined or may be integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection through some interfaces, units or modules, and may be in an electrical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit. The integrated unit can be realized in a form of hardware, and can also be realized in a form of a software functional unit.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application may be substantially implemented or contributed to by the prior art, or all or part of the technical solution may be embodied in a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a removable hard disk, a magnetic or optical disk, and other various media capable of storing program codes.
The foregoing is only a preferred embodiment of the present application and it should be noted that those skilled in the art can make several improvements and modifications without departing from the principle of the present application, and these improvements and modifications should also be considered as the protection scope of the present application.
Claims (10)
1. A method for tamper-proofing a website, comprising:
monitoring an operation event aiming at a website directory file;
identifying an operation process of the operation event;
judging whether the operation process has the operation authority of the website directory file;
and rejecting the operation event under the condition that the operation process does not have the operation authority of the website directory file.
2. The method of claim 1, wherein monitoring operational events for a website directory file comprises:
monitoring a file operation dynamic characteristic sequence of the website directory file at a kernel layer;
searching an operation event for requesting to execute the operation event according to the file operation dynamic characteristic sequence, wherein the operation event comprises one of the following: file creation request, file modification request, file deletion request, file renaming request.
3. The method of claim 1, wherein determining whether the operating process has operating rights for the website directory file comprises:
judging whether the operation process has a first operation authority or not, and judging whether the directory position of the website directory file has a second operation authority or not, wherein the first operation authority is used for indicating whether the operation process allows the operation event to be executed or not, and the second operation authority is used for indicating whether the directory position of the website directory file allows the operation event to occur or not;
when the operation process has the first operation authority and the directory position of the website directory file has the second operation authority, determining that the operation process has the operation authority of the website directory file; and when the operation process has the first operation authority or the directory position of the website directory file has the second operation authority, determining that the operation process does not have the operation authority of the website directory file.
4. The method of claim 1, wherein identifying the operational progress of the operational event comprises:
acquiring specified information carried by the operation event, wherein the specified information at least comprises one of the following information: a digital signature of the operational event, a process name of the operational event, and an MD5 value of the operational event;
and identifying the operation process according to the specified information.
5. The method of claim 1, wherein prior to monitoring operational events for a website directory file, the method further comprises:
monitoring access requests for the website directory files;
identifying an access process of the access request;
allowing the access request under the condition that the access process has the access right of the website directory file; and in the case that the access process does not have the access right of the website directory file, rejecting the access request.
6. The method of claim 1, after determining whether the operating process has the operating authority of the website directory file, the method further comprising:
and in the case that the operation process has the operation authority of the website directory file, allowing the operation event.
7. A website tamper-resistant apparatus, comprising:
the first monitoring module is used for monitoring operation events aiming at the website directory files;
the first identification module is used for identifying the operation process of the operation event;
the judging module is used for judging whether the operation process has the operation authority of the website directory file;
and the rejection module is used for rejecting the operation event under the condition that the operation process does not have the operation authority of the website directory file.
8. The apparatus of claim 7, wherein the first monitoring module comprises:
the monitoring unit is used for monitoring a file operation dynamic characteristic sequence of the website directory file in a kernel layer;
a searching unit, configured to search, according to the file operation dynamic feature sequence, an operation event for requesting execution of the operation event, where the operation event includes one of: file creation request, file modification request, file deletion request, file renaming request.
9. A storage medium, in which a computer program is stored, wherein the computer program is arranged to perform the method of any of claims 1 to 6 when executed.
10. An electronic device comprising a memory and a processor, wherein the memory has stored therein a computer program, and wherein the processor is arranged to execute the computer program to perform the method of any of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910755856.2A CN112395537A (en) | 2019-08-15 | 2019-08-15 | Website tamper-proofing method and device, storage medium and electronic device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910755856.2A CN112395537A (en) | 2019-08-15 | 2019-08-15 | Website tamper-proofing method and device, storage medium and electronic device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112395537A true CN112395537A (en) | 2021-02-23 |
Family
ID=74601796
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910755856.2A Pending CN112395537A (en) | 2019-08-15 | 2019-08-15 | Website tamper-proofing method and device, storage medium and electronic device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112395537A (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102202062A (en) * | 2011-06-03 | 2011-09-28 | 苏州九州安华信息安全技术有限公司 | Method and apparatus for realizing access control |
| US8453215B1 (en) * | 2010-10-25 | 2013-05-28 | Go Daddy Operating Company, LLC | Suggesting access permission changes to lock a website |
| CN106709034A (en) * | 2016-12-29 | 2017-05-24 | 广东欧珀移动通信有限公司 | File protection method and apparatus, and terminal |
| CN109388334A (en) * | 2017-08-09 | 2019-02-26 | 中兴通讯股份有限公司 | Store access method, device, storage medium and the processor of equipment |
| CN109766700A (en) * | 2018-05-04 | 2019-05-17 | 360企业安全技术(珠海)有限公司 | Access control method and device, the storage medium, electronic device of file |
-
2019
- 2019-08-15 CN CN201910755856.2A patent/CN112395537A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8453215B1 (en) * | 2010-10-25 | 2013-05-28 | Go Daddy Operating Company, LLC | Suggesting access permission changes to lock a website |
| CN102202062A (en) * | 2011-06-03 | 2011-09-28 | 苏州九州安华信息安全技术有限公司 | Method and apparatus for realizing access control |
| CN106709034A (en) * | 2016-12-29 | 2017-05-24 | 广东欧珀移动通信有限公司 | File protection method and apparatus, and terminal |
| CN109388334A (en) * | 2017-08-09 | 2019-02-26 | 中兴通讯股份有限公司 | Store access method, device, storage medium and the processor of equipment |
| CN109766700A (en) * | 2018-05-04 | 2019-05-17 | 360企业安全技术(珠海)有限公司 | Access control method and device, the storage medium, electronic device of file |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109766696B (en) | Method and device for setting software permission, storage medium and electronic device | |
| CN109743315B (en) | Behavior identification method, behavior identification device, behavior identification equipment and readable storage medium for website | |
| WO2015096695A1 (en) | Installation control method, system and device for application program | |
| CN109600441B (en) | Alliance link information publishing control method and terminal equipment | |
| CN111556059A (en) | Abnormity detection method, abnormity detection device and terminal equipment | |
| CN103607385A (en) | Method and apparatus for security detection based on browser | |
| CN111898124B (en) | Process access control method and device, storage medium and electronic equipment | |
| CN109800571B (en) | Event processing method and device, storage medium and electronic device | |
| CN113489713A (en) | Network attack detection method, device, equipment and storage medium | |
| CN110688653A (en) | Client security protection method and device and terminal equipment | |
| CN104318153A (en) | Online monitoring system for mobile equipment downloading mobile applications | |
| CN106682504B (en) | A kind of method, apparatus for preventing file from maliciously being edited and electronic equipment | |
| CN114139178A (en) | Data link-based data security monitoring method and device and computer equipment | |
| CN110688628B (en) | Multimedia information processing method and device and server | |
| CN111324799B (en) | Search request processing method and device | |
| CN110266719B (en) | Security policy issuing method, device, equipment and medium | |
| CN112395537A (en) | Website tamper-proofing method and device, storage medium and electronic device | |
| CN114861160A (en) | Method, device, equipment and storage medium for improving non-administrator account authority | |
| CN114244555A (en) | Method for adjusting security policy | |
| CN113518055A (en) | Data security protection processing method and device, storage medium and terminal | |
| CN109784037B (en) | Security protection method and device for document file, storage medium and computer equipment | |
| CN114844669B (en) | Data processing method and device | |
| CN114070627A (en) | Production network security monitoring system, method, computer device and medium | |
| CN110688225A (en) | Sensor management method and device, storage medium and electronic device | |
| CN116186675A (en) | Risk terminal management method, device, storage medium and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |