CN115982782A - Website file tamper-proof method and system - Google Patents
Website file tamper-proof method and system Download PDFInfo
- Publication number
- CN115982782A CN115982782A CN202310073457.4A CN202310073457A CN115982782A CN 115982782 A CN115982782 A CN 115982782A CN 202310073457 A CN202310073457 A CN 202310073457A CN 115982782 A CN115982782 A CN 115982782A
- Authority
- CN
- China
- Prior art keywords
- website
- file
- backup
- database
- tampered
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a method for preventing website files from being tampered, which comprises the steps of copying all website files to a backup folder of a website server, acquiring website file characteristic value information and incremental backup and incremental update added by website administrator operation, continuously generating backup and writing the backup into a database; reading the states of all files and folders in a website directory in real time, and comparing the states with characteristic value information stored in a database; if the backup path folder contents are inconsistent with the database storage information, the network user cannot access the tampered network contents, meanwhile, the contents of the backup path folder are copied to the corresponding file position of the monitoring folder in a pure text safe copying mode, and the website display is recovered after the copying is finished. When the webpage is tampered, the method and the system can display the backup file to the user in time for use, so that the user is prevented from browsing and transshipping a large amount of tampered data.
Description
Technical Field
The invention relates to the field of network security, in particular to a method and a system for preventing website file from being tampered.
Background
In recent years, the development of network informatization is rapid, websites are used for information publishing, online electronic commerce, online office, information query and the like, play an important role in practical application, and social public opinion benefits of websites are gradually shown, so that the social public opinion has attracted wide social attention. With the increase of the information amount of the website and the increasing of the access amount, the influence of the website on the society is increased day by day, so that the protection of the website information is more important and more difficult than before. The website content is easy to copy, the transfer speed is high, and if the webpage is maliciously tampered, the tampered webpage can be rapidly and widely spread, so that the public image and dignity of governments and enterprises are seriously influenced, and even serious political and economic losses and severe social influences are caused. The most direct means for preventing the website from being tampered is to limit the modification of the webpage file by the user or monitor the change of the webpage file by using a program, and immediately change the webpage when the webpage is found to be modified. The technical principle of the former is that the write-in operation of the webpage file is intercepted through the file filter driver to realize the protection of the webpage file, but a hacker can bypass a file system and directly analyze and modify the disk data to achieve the purpose of tampering the webpage. The latter is that the monitoring program utilizes event notification of a file system or compares webpage file contents at regular time, and executes recovery operation after the file is falsified, but the current tamper-proof method is focused on backup and modification, neglects the purpose that website tampering is prohibited so as not to allow users to obtain error information, and does not prevent users from accessing the tampered website, if the website cannot be restored at the first time, the tampered webpage exists in the internet, and is easy to be browsed and forwarded by a large number of visitors, thus causing harm of different degrees.
Disclosure of Invention
The invention aims to provide a method and a system for preventing website files from being tampered, which can solve the problems.
The invention is realized by the following technical scheme:
a website file tamper-proofing method comprises the following steps:
(1) A website owner deploys the website;
(2) Copying all website files to a backup folder of a website server;
(3) Acquiring website file characteristic value information and incremental backup and incremental update added by website administrator operation, continuously generating backup and writing the backup into a database;
(4) Reading the states of all files and folders in a website directory in real time, and comparing the states with characteristic value information stored in a database;
(5) If the information is consistent with the database storage information, returning to the step 4; if the information is inconsistent with the stored information of the database, the network user can not access the tampered network content, meanwhile, the contents of the backup path folder are copied to the corresponding file position of the monitoring folder in a pure text safe copying mode, the website display is recovered after the copying is finished, and then the step 4 is returned.
Making the web user inaccessible to the tampered web content includes the steps of: and synchronizing the backup in the database at the last time in advance, and starting and displaying the backup to a user after the website file is tampered.
Deploying the website in step 1 includes configuring monitored website attributes and configuring monitored content types.
Preferably, a hot deployment mode is selected, a manager monitors an enterprise website by changing a configuration file, the system deploys 2 servers, wherein 1 server is installed at a webpage tamper-proof monitoring end and used for storing backed-up webpage content, and the other 1 server is installed at a monitored end and used as a server of an external website for a visitor to access.
The file characteristic values comprise a file MD5 value, a file size, a file name, a file path, file creation time and file modification time.
The invention also discloses a system for preventing website file from being tampered, which comprises two subsystems of a monitoring center and a monitoring agent, wherein the monitoring center is arranged on the management server and is used for managing the processes and the clusters of all the monitoring agents, and the monitoring agents are provided with 1 or more than 1 and are in one-to-one correspondence with the internet user servers as background running programs to respectively monitor one website;
the monitoring center includes:
the database stores the website file characteristic value information;
the user management module is used for carrying out authority configuration and management on website management personnel and recording system logs;
the detection module reads the states of all files and folders in the website directory and compares the states with the information stored in the database;
and the content protection module synchronizes the backup point of the website for the first time, and is started after the network file is tampered, so that a network user cannot access the tampered website content.
The database also comprises an incremental backup and update module which updates when the website content is inconsistent with the backup end website content due to the operation of a website administrator.
The monitoring center also comprises a plurality of virtual host modules, and all the website virtual hosts are managed through the monitoring center and the monitoring agent programs.
The invention has the advantages that: based on the technical scheme design of operating system file monitoring, the file system monitoring technology is adopted to monitor the operations of access attribute, read-write attribute, authority attribute, deletion, creation, movement and the like of various file systems in real time. By utilizing the monitoring attribute provided by the kernel, the file recovery action is triggered when any change occurs to the website file, and the instant recovery function of the tamper-resistant system is realized. The method adopts a local backup mode, the backup files and the website files are in the same server, and various website file characteristic values are extracted for judging whether the files change or not, and the method has the characteristics of quick response and high recovery speed. When the webpage is tampered, the backup file can be displayed to a user in time for use, the user is prevented from browsing and transshipping the tampered data in a large amount, and the website content is protected more powerfully.
Drawings
FIG. 1 is a flow chart of the present invention;
FIG. 2 is a diagram of the system of the present invention.
Detailed Description
The technical solution in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention.
The invention discloses a website file tamper-proofing system, which comprises a monitoring center and a monitoring agent subsystem, please refer to fig. 2, wherein the monitoring agent refers to a monitored end in webpage tamper-proofing, and the webpage tamper-proofing system can be provided with a plurality of monitoring agent ends and simultaneously monitors a plurality of websites. And 1 monitoring agent end is deployed on each server and managed by configuring a monitoring center. After the operating system is started, the monitoring agent automatically runs as 1 background process. The monitoring center of the webpage tamper-proofing system is deployed on the management server and manages processes and clusters of all monitoring agent ends. The system has a good man-machine operation interface, and is convenient for management personnel to operate and manage.
The monitoring center includes: the system comprises a database, a user management module, a detection module, a content protection module, an incremental backup and update module and a multi-virtual host module.
The incremental backup and update module is arranged in a database, and the database can store the website file characteristic value information and incremental backup and incremental update added by website administrator operation to perform timely backup of the website.
The user management module realizes the user management function: the system can manage and configure the authority of a user (website manager) of the webpage tamper-proof system; the system log function: the log is divided into two parts, namely, the log is used for logging in a user website manager) and recording the operation of the system in detail, and the log is used for recording a webpage tampering event.
And the detection module reads the states of all files and folders in the website directory and compares the states with the information stored in the database.
And the content protection module synchronizes the backup point of the website for the first time, and is started after the network file is tampered, so that a network user cannot access the tampered website content.
And the multi-virtual host module manages all the website virtual hosts through the monitoring center and the monitoring agent program.
Based on the system, the invention provides a website file tamper-proofing method, which comprises the following steps:
(1) The website owner deploys the website, and the deploying the website comprises the following steps: configuring monitored website attributes, such as a P address of a website server, a directory needing to be monitored and the like; configuring monitored content types such as pictures, videos, documents, and the like. In the embodiment, the deployment mode is hot deployment, a manager monitors an enterprise website by changing a configuration file, and the system deploys 2 servers, wherein 1 server is installed at a webpage tamper-proof monitoring end and used for storing backed-up webpage content, and the other 1 server is installed at a monitored end and configures the monitored end server as a server of an external website for an access of a visitor.
(2) And copying all the website files to a backup folder of the website server.
(3) Collecting the information of the characteristic values of the files of the website and incremental backup and incremental update added by the operation of a website administrator, continuously generating backup and writing the backup into a database, wherein the characteristic values comprise the MD5 value of the file, the size of the file, the name of the file, the path of the file, the creation time of the file, the modification time of the file and the like.
(4) Reading the states of all files and folders in the website directory in real time, comparing the states with the characteristic value information stored in the database, and if the states are consistent with the stored information in the database and are not modified, continuing monitoring; if the website file is inconsistent with the database storage information, the database backup synchronized in advance by the content protection module is utilized, the website file is started to be displayed to a user after being tampered, so that the network user cannot access the tampered network content, meanwhile, the content of the backup path folder is copied to the corresponding file position of the monitoring folder in a pure text safe copying mode, the website display is recovered after the copying is finished, and the monitoring is continued.
Finally, it should be noted that: the above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that are within the spirit and principle of the present invention are intended to be included in the scope of the present invention.
Claims (8)
1. A website file tamper-proofing method is characterized by comprising the following steps:
(1) A website owner deploys the website;
(2) Copying all website files to a backup folder of a website server;
(3) Acquiring website file characteristic value information and incremental backup and incremental update added by website administrator operation, continuously generating backup and writing the backup into a database;
(4) Reading the states of all files and folders in a website directory in real time, and comparing the states with characteristic value information stored in a database;
(5) If the information is consistent with the database storage information, returning to the step 4; and if the information is inconsistent with the database storage information, the network user cannot access the tampered network content, meanwhile, the content of the backup path folder is copied to the corresponding file position of the monitoring folder in a plain text safe copying mode, the website display is recovered after the copying is finished, and then the step 4 is returned.
2. The website file tamper-proofing method according to claim 1, wherein said making the web user unable to access the tampered web content comprises the steps of: and synchronizing the backup in the database at the last time in advance, and starting and displaying the backup to a user after the website file is tampered.
3. The website file tamper-proofing method according to claim 1, wherein the step 1 of deploying the website comprises configuring monitored website attributes and configuring monitored content types.
4. The website file tamper-proofing method according to claim 1, wherein the deployment is a hot deployment mode, a manager monitors an enterprise website by changing a configuration file, and the system deploys 2 servers, wherein 1 server is installed at a webpage tamper-proofing monitoring end and used for storing backed-up webpage content, and the other 1 server is installed at a monitored end and configured as a server of an external website for an access of a visitor.
5. The website file tamper-proofing method according to any one of claims 1 to 4, wherein the file characteristic values include a file MD5 value, a file size, a file name, a file path, a file creation time, and a file modification time.
6. The system is characterized by comprising two subsystems of a monitoring center and monitoring agents, wherein the monitoring center is arranged on a management server and is used for managing processes and clusters of all the monitoring agents, and the monitoring agents are provided with 1 or more than 1 and are in one-to-one correspondence with internet user servers as background running programs to respectively monitor one website;
the monitoring center includes:
the database stores website file characteristic value information;
the user management module is used for carrying out authority configuration and management on website management personnel and recording system logs;
the detection module reads the states of all files and folders in the website directory and compares the states with the information stored in the database;
and the content protection module synchronizes the primary backup point of the website, and enables the backup point after the network file is tampered, so that a network user cannot access the tampered website content.
7. The website file tamper-proofing system according to claim 6, wherein the database further comprises an incremental backup and update module, and the incremental backup and update module is configured to update the website file when the website content is inconsistent with the backup site content due to the operation of the website administrator.
8. The website file tamper-proofing system according to claim 6, wherein the monitoring center further comprises a multi-virtual host module, and all website virtual hosts are managed through the monitoring center and the monitoring agent.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310073457.4A CN115982782A (en) | 2023-02-07 | 2023-02-07 | Website file tamper-proof method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310073457.4A CN115982782A (en) | 2023-02-07 | 2023-02-07 | Website file tamper-proof method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115982782A true CN115982782A (en) | 2023-04-18 |
Family
ID=85970275
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310073457.4A Pending CN115982782A (en) | 2023-02-07 | 2023-02-07 | Website file tamper-proof method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115982782A (en) |
-
2023
- 2023-02-07 CN CN202310073457.4A patent/CN115982782A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US8868858B2 (en) | Method and apparatus of continuous data backup and access using virtual machines | |
| US9934104B2 (en) | Metadata generation for incremental backup | |
| US7734669B2 (en) | Managing copies of data | |
| CN102667748B (en) | Fixed content storage within a partitioned content platform using namespaces, with replication | |
| US8874517B2 (en) | Summarizing file system operations with a file system journal | |
| US9223797B2 (en) | Reparse point replication | |
| US20030167287A1 (en) | Information protection system | |
| AU1114695A (en) | A method of operating a computer system | |
| CN111596922A (en) | Method for realizing custom cache annotation based on redis | |
| CN101888311A (en) | Equipment, method and system for preventing network contents from being tampered | |
| US8843450B1 (en) | Write capable exchange granular level recoveries | |
| CN106776851A (en) | File structure method and apparatus | |
| US11093290B1 (en) | Backup server resource-aware discovery of client application resources | |
| US11500738B2 (en) | Tagging application resources for snapshot capability-aware discovery | |
| CN112800019A (en) | Data backup method and system based on Hadoop distributed file system | |
| US20210334165A1 (en) | Snapshot capability-aware discovery of tagged application resources | |
| CN115982782A (en) | Website file tamper-proof method and system | |
| Schönig | PostgreSQL Replication | |
| CN112988473B (en) | Backup data real-time recovery method and system | |
| US11537475B1 (en) | Data guardianship in a cloud-based data storage system | |
| CN112187787B (en) | Digital marketing advertisement page tamper-proof method, device and equipment based on knowledge graph | |
| Cisco | Maintaining the TrafficDirector Environment | |
| CN113420021A (en) | Data storage method, device, equipment and medium | |
| US20230305997A1 (en) | Shared item file retention | |
| US20240143610A1 (en) | Monitoring data usage to optimize storage placement and access using content-based datasets |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |