CN105678193A - Tamper-proof processing method and device - Google Patents
Tamper-proof processing method and device Download PDFInfo
- Publication number
- CN105678193A CN105678193A CN201610010211.2A CN201610010211A CN105678193A CN 105678193 A CN105678193 A CN 105678193A CN 201610010211 A CN201610010211 A CN 201610010211A CN 105678193 A CN105678193 A CN 105678193A
- Authority
- CN
- China
- Prior art keywords
- web server
- information
- tampered
- monitoring system
- cloud monitoring
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
- H04L67/025—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2115—Third party
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Bioethics (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention provides a tamper-proof processing method and device. The method comprises the steps that a cloud monitoring system acquires tampered information of an Internet WEB server; the cloud monitoring system sends the tampered information to a user device; the cloud monitoring system receives a command issued by the user device according to the tampered information; the cloud monitoring system conducts tamper-proof processing on the WEB server according to the command. By means of the technical scheme, when it is detected that the WEB page information configured on the WEB server is tampered, the tampered information can be found in time, and a webmaster is notified to conduct intervention in time. The cloud monitoring system can also find the tampered information of the WEB page information even if a local tamper-proof system of the WEB server is turned off by an attacker, the problem that malignant tampering of the webpage can not be prevented is avoided, the risk that the tampered information leaks can be prevented, and diffusion of the tampered information is effectively prevented.
Description
Technical field
The present invention relates to communication technical field, particularly relate to a kind of anti-tamper treatment process and device.
Background technology
It is compare one of serious internet security threat at present that webpage is maliciously tampered, assailant can reach certain show off (such as by distorting webpage, distort the government Home Page to carry out the declaration such as sovereignty, the human rights), or, obtain, by modes such as web page horse hangings, the user profile that access is tampered webpage.
Therefore, how to take precautions against webpage be maliciously tampered become a lot of user pay close attention to problem. In known a kind of mode, it is possible in WEB (internet) server deploy tamper-resistant software, this tamper-resistant software is for carrying out anti-tamper inspection to the file of configuration in WEB server. When the file having user to revise configuration in WEB server, can trigger whether tamper-resistant software self-verifying webpage is maliciously tampered.
But, if assailant closes the tamper-resistant software in WEB server, then the file configured in WEB server is carried out anti-tamper inspection, cannot cause still taking precautions against webpage and be maliciously tampered.
Summary of the invention
The present invention provides a kind of anti-tamper treatment process, and described method comprises the following steps:
Cloud monitoring system obtains the information being tampered of Internet WEB server;
The described information being tampered is sent to user equipment by described cloud monitoring system;
Described cloud monitoring system receive user equipment according to described in the order that issues of the information that is tampered;
Described WEB server is carried out anti-tamper process according to described order by described cloud monitoring system.
Described cloud monitoring system obtains the process of the information being tampered of WEB server, specifically comprises:
Described cloud monitoring system receives the information being tampered that the local tamper resistant systems of described WEB server reports; Wherein, the WEB page information of described WEB server is monitored by described local tamper resistant systems, and when monitoring WEB page information and be tampered, reports the information being tampered; Or,
Described cloud monitoring system regularly obtains the WEB page information of described WEB server, and it is whether identical with pre-configured WEB page information by comparing the WEB page information of acquisition, determine whether the WEB page information of described acquisition is tampered, if it does, then obtain the information being tampered;
Wherein, described WEB page information specifically comprises: the WEB file of described WEB server and/or need the content from database being illustrated in the WEB page of described WEB server.
Described method comprises further:
After described cloud monitoring system obtains the information being tampered of WEB server, the described information being tampered is sent to content identifying system by described cloud monitoring system, by described content identifying system, the described information being tampered is carried out content recognition; Described cloud monitoring system receives the content recognition result that described content identifying system returns, and described content recognition result is sent to described user equipment;
Whether the local tamper resistant systems that described cloud monitoring system makes regular check on described WEB server is in opened condition; If not, then the information of local tamper resistant systems exception is sent to described user equipment.
Described WEB server is carried out the process of anti-tamper process by described cloud monitoring system according to described order, specifically comprise: when described order be reduction be tampered information time, then the backup file of described WEB server is sent to the local tamper resistant systems of described WEB server by described cloud monitoring system, so that described local tamper resistant systems utilizes described backup file to reduce the WEB page information of described WEB server; When described order is for terminating WEB service, then described cloud monitoring system issues blackhole route to the outlet router that described WEB server is corresponding, so that described outlet router tackles the flow that all object IP addresses are described WEB server; And/or, described cloud monitoring system is by DNS corresponding for the described WEB server of intelligent DNS system log (SYSLOG), it is the IP address of third party's server at the backup page or maintain pages place by the IP address modification of described WEB server, so that the flow accessing described WEB server is assigned to third party's server at the backup page or maintain pages place.
Described method comprises further:
Described cloud monitoring system makes regular check on DNS corresponding to the described WEB server of intelligent DNS system log (SYSLOG), if the IP address of described WEB server is modified to the IP address of place, illegal website server, then information by described intelligent DNS system exception is sent to described user equipment.
The present invention provides a kind of anti-tamper treatment unit, and described anti-tamper treatment unit is applied on cloud monitoring system, and described anti-tamper treatment unit specifically comprises:
Obtain module, for obtaining the information being tampered of Internet WEB server;
Sending module, for being sent to user equipment by the described information being tampered;
Receiver module, for receive user equipment according to described in the order that issues of the information that is tampered;
Processing module, for carrying out anti-tamper process according to described order to described WEB server.
Described acquisition module, specifically for, in the process of the information being tampered obtaining WEB server, receiving the information being tampered that the local tamper resistant systems of described WEB server reports; The WEB page information of described WEB server is monitored by described local tamper resistant systems, and when monitoring WEB page information and be tampered, reports the information being tampered; Or, regularly obtain the WEB page information of described WEB server, and whether identical with pre-configured WEB page information by comparing the WEB page information of acquisition, it is determined that and whether the WEB page information of described acquisition is tampered, if it does, then obtain the information being tampered; Described WEB page information: the WEB file of described WEB server and/or need the content from database being illustrated in the WEB page of described WEB server.
Described sending module, also for, after the information being tampered obtaining WEB server, the described information being tampered being sent to content identifying system, by described content identifying system, the described information being tampered is carried out content recognition; Described receiver module, also for receiving the content recognition result that described content identifying system returns; Described sending module, also for described content recognition result is sent to described user equipment;
Whether described sending module, be also in opened condition for making regular check on the local tamper resistant systems of described WEB server; If not, then the information of local tamper resistant systems exception is sent to user equipment.
Described processing module, specifically in the process that according to described order described WEB server carried out anti-tamper process, when described order be reduction be tampered information time, the local tamper resistant systems that the backup file of described WEB server is then sent to described WEB server, so that described local tamper resistant systems utilizes described backup file to reduce the WEB page information of described WEB server;
When described order is for terminating WEB service, then issue blackhole route to the outlet router that described WEB server is corresponding, so that described outlet router tackles the flow that all object IP addresses are described WEB server; And/or, by DNS corresponding for the described WEB server of intelligent DNS system log (SYSLOG), it is the IP address of third party's server at the backup page or maintain pages place by the IP address modification of described WEB server, so that the flow accessing described WEB server is assigned to third party's server at the backup page or maintain pages place.
Described sending module, also for DNS that to make regular check on the described WEB server of intelligent DNS system log (SYSLOG) corresponding, if the IP address of described WEB server is modified to the IP address of place, illegal website server, then information by described intelligent DNS system exception is sent to described user equipment.
Based on technique scheme, in the embodiment of the present invention, WEB server is carried out anti-tamper process by the cloud monitoring system that passage is deployed in public network, can when detecting that the WEB page information of configuration in WEB server is tampered, the information that Timeliness coverage is tampered, and notify that webmaster interferes in time. And, even if the local tamper resistant systems of WEB server is closed by assailant, cloud monitoring system also can find the information that WEB page information is tampered, and avoids taking precautions against the problem that webpage is maliciously tampered, the risk being tampered information leakage can be taken precautions against, effectively stop being tampered diffusion of information.
Accompanying drawing explanation
Fig. 1 is the system architecture schematic diagram in one embodiment of the present invention;
Fig. 2 is the schema of the anti-tamper treatment process in one embodiment of the present invention;
Fig. 3 is the schema of the anti-tamper treatment process in another embodiment of the present invention;
Fig. 4 is the hardware structure diagram of the cloud monitoring system in one embodiment of the present invention;
Fig. 5 is the structure iron of the anti-tamper treatment unit in one embodiment of the present invention.
Embodiment
For problems of the prior art, the embodiment of the present invention proposes a kind of anti-tamper treatment process, take Fig. 1 as the application scene schematic diagram of the embodiment of the present invention, the method can be applied at least comprise the cloud monitoring system being deployed in public network, intelligent DNS (DomainNameSystem, the domain name system) system being deployed in public network, the content identifying system being deployed in public network, WEB web station system, webmaster use user equipment, domestic consumer use terminating unit system in.
Wherein, this WEB web station system specifically can comprise local tamper resistant systems, WEB server, database server. Local tamper resistant systems can be deployed in WEB server, it is also possible to separately disposes. Database server can be deployed in WEB server, it is also possible to separately disposes.
Under above-mentioned application scene, as shown in Figure 2, this anti-tamper treatment process comprises the following steps:
Step 201, cloud monitoring system obtains the information being tampered of WEB server.
In the embodiment of the present invention, cloud monitoring system obtains the process of the information being tampered of WEB server, specifically can include but not limited to such as under type: mode one, cloud monitoring system receive the information being tampered that the local tamper resistant systems of WEB server reports; Wherein, the WEB page information of WEB server is monitored by local tamper resistant systems, and when monitoring WEB page information and be tampered, reports the information being tampered. Or, whether mode two, cloud monitoring system regularly obtain the WEB page information of WEB server, and identical with pre-configured WEB page information by comparing the WEB page information of acquisition, it is determined that whether the WEB page information of acquisition is tampered, if it does, then obtain the information being tampered. Specifically can comprise for mode one and mode two, WEB page information: the WEB file of WEB server and/or need the content from database being illustrated in the WEB page of WEB server.
In real time the WEB page information of WEB server is monitored for mode one, local tamper resistant systems, and when monitoring WEB page information and be tampered, the information being tampered is reported cloud monitoring system. In one example in which, for the WEB file of WEB server, local tamper resistant systems can safeguard complete WEB file in advance, and the WEB file of configuration in WEB server is carried out monitor in real time, when the WEB file having user to revise configuration in WEB server, local tamper resistant systems is by the WEB file after comparing amendment and the complete WEB file safeguarded in advance, it is determined that go out the information being tampered, and the information being tampered is reported cloud monitoring system. In another example, for the content from database needing to be illustrated in the WEB page of WEB server, namely the content stored in database server, the database table entry of database server maintenance can be carried out monitor in real time by local tamper resistant systems, when database table entry changes, based on the database table entry after change, local tamper resistant systems can determine the information being tampered, and the information being tampered is reported cloud monitoring system.
For mode two, in order to avoid local tamper resistant systems abnormal, cause reporting the information being tampered to cloud monitoring system, or, local tamper resistant systems occurs checking situation about omitting, fail the information being tampered to be detected in time, then cloud monitoring system can also regularly obtain the WEB page information of WEB server, and the relatively current WEB page information that obtains and pre-configured WEB page information (the WEB page information before namely unmodified, whether it is modified for detecting the WEB page information of WEB server) whether identical, if the two is different, determine that the WEB page information of current acquisition is tampered, and can based on the WEB page information obtained and pre-configured WEB page information, analyze the information being tampered. if the two is identical, then determine that the WEB page information of current acquisition is not tampered.
Step 202, the information being tampered is sent to user equipment by cloud monitoring system.
Wherein, cloud monitoring system is after obtaining the information being tampered of WEB server, it is possible to directly the information being tampered is sent to user equipment. Or, the information being tampered can be sent to content identifying system by cloud monitoring system, by content identifying system, the information being tampered is carried out content recognition, and content recognition result is returned to cloud monitoring system. Cloud monitoring system receives the content recognition result that content identifying system returns, and content recognition result is sent to user equipment together with the information being tampered.
In practical application, the information being tampered may be one section of simple content, as related to a word of the content such as political speech, porns, gambling and drugs, now the information being tampered directly can be sent to the user equipment that webmaster uses by cloud monitoring system, and the information analysis that webmaster is directly tampered based on this this goes out the type of the information being tampered. or, the information being tampered may be also an image content or one section of complex contents, as related to the image content of yellow, or webmaster may go out the complex contents of type by direct analysis, now the information being tampered can be sent to content identifying system by cloud monitoring system, content recognition is carried out by content identifying system, receive the content recognition result that content identifying system returns, and content recognition result is sent to together with the information being tampered the user equipment that webmaster uses, webmaster goes out the type of the information being tampered based on this content recognition result and the information analysis being tampered.
Wherein, content identifying system provides the function that all kinds of information being tampered carries out accurately identification, and such as identifying the information being tampered is the information such as yellow picture, political speech, porns, gambling and drugs. Content identifying system is received to the concrete recognition process after the information being tampered, repeat no longer in detail at this.
Step 203, cloud monitoring system receives the order that user equipment issues according to the information being tampered.
Webmaster can by user equipment to cloud monitoring system transmitting order to lower levels, and this order can for not processing, reduce the information of being tampered, terminate WEB service etc. When webmaster is normal network upgrade based on the type that the information (or content recognition result and the information that is tampered) being tampered analyzes the information being tampered, issue the order not processed to cloud monitoring system. When webmaster is Network Intrusion based on the type that the information (or content recognition result and the information that is tampered) being tampered analyzes the information being tampered, issues reduction to cloud monitoring system and it is tampered information or terminates the order of WEB service.
Step 204, WEB server is carried out anti-tamper process according to order by cloud monitoring system.
In the embodiment of the present invention, WEB server is carried out the process of anti-tamper process by cloud monitoring system according to order, specifically can include but not limited to such as under type: when ordering as not processing, then cloud monitoring system obtains up-to-date WEB file WEB server, and upgrades the WEB file of local backup. When order is tampered information for reduction, then the backup file of WEB server (namely WEB file) before not being tampered of WEB server is sent to the local tamper resistant systems of WEB server by cloud monitoring system, so that local tamper resistant systems utilizes the WEB page information of this backup file reduction WEB server.When ordering as terminating WEB service, then cloud monitoring system issues blackhole route to the outlet router that WEB server is corresponding, so that it is the flow of WEB server that outlet router tackles all object IP addresses; And/or, cloud monitoring system is by DNS corresponding for the WEB server of intelligent DNS system log (SYSLOG), it is the IP address of third party's server at the backup page or maintain pages place by the IP address modification of WEB server, so that the flow of access WEB server is assigned to third party's server at the backup page or maintain pages place.
In the embodiment of the present invention, after preventing local tamper resistant systems from being closed by assailant, be in closing condition, then whether the local tamper resistant systems that cloud monitoring system can also make regular check on WEB server is in opened condition always; If it does, then terminate this process; If not, then the information of local tamper resistant systems exception is sent to the user equipment of webmaster's use by cloud monitoring system. Afterwards, if it is cause being closed due to abnormal conditions that webmaster analyzes local tamper resistant systems, then webmaster can issue the order heavily opening local tamper resistant systems by user equipment to cloud monitoring system. If it is cause being closed due to Network Intrusion that webmaster analyzes local tamper resistant systems, then webmaster can issue the order terminating WEB service by user equipment to cloud monitoring system.
Cloud monitoring system, after receiving the order heavily opening local tamper resistant systems, directly heavily opens local tamper resistant systems. Cloud monitoring system is after receiving the order terminating WEB service, then cloud monitoring system can issue blackhole route to the outlet router that WEB server is corresponding, so that it is the flow of WEB server that outlet router tackles all object IP addresses; And/or, cloud monitoring system can by DNS corresponding for the WEB server of intelligent DNS system log (SYSLOG), it is the IP address of third party's server at the backup page or maintain pages place by the IP address modification of WEB server, so that the flow of access WEB server is assigned to third party's server at the backup page or maintain pages place.
Blackhole route is a special static routing, and the down hop of blackhole route points to an outgoing interface not existed, and like this, when receiving the flow of coupling blackhole route, can abandon all flows matching this blackhole route. Based on this, blackhole route is issued by the outlet router corresponding to WEB server, and blackhole route can match the flow that object IP address is WEB server, like this, when exporting router and receive the flow that object IP address is WEB server, this blackhole route can be matched, thus abandon the flow that object IP address is WEB server, flow can not be sent to WEB server.
In intelligent DNS system, the DNS that each WEB server is corresponding can be safeguarded, this DNS records the corresponding relation between the domain name of this WEB server and the IP address of this WEB server. On this basis, by the DNS that the WEB server by intelligent DNS system log (SYSLOG) is corresponding, it is the IP address of third party's server at the backup page or maintain pages place by the IP address modification of WEB server so that this DNS records the corresponding relation between the domain name of this WEB server and the IP address of third party's server. Like this, when domestic consumer accesses WEB server by terminating unit, the DNS request that can send the domain name carrying WEB server is to intelligent DNS system, and the IP address of third party's server corresponding for this domain name can be sent to terminating unit by DNS response by intelligent DNS system, and terminating unit can by the IP address access WEB server of third party's server, namely terminating unit can have access to the backup page or maintain pages, and can not have access to the page being tampered of WEB server.
Wherein, third party's server at the page or maintain pages place is backed up, it is possible to be a publicly-owned Cloud Server, it is also possible to be third party's server that cloud monitoring system externally provides.
In the embodiment of the present invention, cloud monitoring system can also make regular check on DNS corresponding to the WEB server of intelligent DNS system log (SYSLOG), if the IP address of this WEB server is modified to the IP address of place, illegal website server, then the information of intelligent DNS system exception is sent to the user equipment that webmaster uses.
Concrete, if assailant obtains, by modes such as web page horse hangings, the user profile that access is tampered webpage, then assailant can revise DNS corresponding to the WEB server of intelligent DNS system log (SYSLOG), by the corresponding relation between the domain name of this WEB server of record in DNS and the IP address of this WEB server, the corresponding relation being revised as between the domain name of this WEB server and the IP address of place, illegal website server, like this when domestic consumer accesses WEB server by terminating unit, terminating unit can by the IP address access WEB server of place, illegal website server, namely terminating unit can have access to illegal website, thus reveal user profile. based on this, cloud monitoring system passes through the DNS checking that the WEB server of intelligent DNS system log (SYSLOG) is corresponding, if the IP address of this WEB server is modified to the IP address of place, illegal website server, then the information of intelligent DNS system exception is sent to the user equipment that webmaster uses, later maintenance is carried out by webmaster, to avoid user profile to reveal, it is possible to strick precaution intelligent DNS system is invaded by assailant and kidnapped the situation that DNS records.
In the said process of the embodiment of the present invention, the interactive mode between the user equipment that cloud monitoring system and webmaster use can be short message mode, micro-letter mode etc., does not repeat them here.
Based on technique scheme, in the embodiment of the present invention, WEB server is carried out anti-tamper process by the cloud monitoring system that passage is deployed in public network, can when detecting that the WEB page information of configuration in WEB server is tampered, the information that Timeliness coverage is tampered, and notify that webmaster interferes in time. And, even if the local tamper resistant systems of WEB server is closed by assailant, cloud monitoring system also can find the information that WEB page information is tampered, and avoids taking precautions against the problem that webpage is maliciously tampered, the risk being tampered information leakage can be taken precautions against, effectively stop being tampered diffusion of information.
Concrete, it is possible to find fast to be tampered information, it is possible to the page that Timeliness coverage is distorted by assailant, and notify that webmaster interferes in time by analyzing. And, after finding that webpage is tampered, it is possible to the diffusion be tampered information by reduction, terminating the modes such as WEB service and stop the information of being tampered. And, it is possible to effectively take precautions against assailant and directly close local tamper resistant systems, it is also possible to strick precaution assailant invades intelligent DNS system and carries out DNS abduction. And, directly WEB file and database information are carried out tampering detection by local tamper resistant systems, performance impact is very little. And, webmaster can be linked by note/micro-letter mode and cloud monitoring system, after terminating the service that WEB server externally provides, it is also possible to adopts the backup page or maintain pages externally to show, user's good experience.
Below in conjunction with the schema shown in Fig. 3, said process is further detailed.
Step 301, the information being tampered is reported cloud monitoring system by local tamper resistant systems.
Step 302, the information being tampered is sent to content identifying system by cloud monitoring system.
Step 303, cloud monitoring system receives the content recognition result that content identifying system returns.
Step 304, the information being tampered and content recognition result are issued user equipment by cloud monitoring system.
Step 305, cloud monitoring system receives the order that webmaster is issued by user equipment.
Step 306, if order is tampered information for reduction, backup file is sent to local tamper resistant systems by cloud monitoring system, and local tamper resistant systems utilizes and backs up file and reduce WEB page information. If order is for terminating WEB service, cloud monitoring system issues blackhole route to the outlet router that WEB server is corresponding, by DNS corresponding for the WEB server of intelligent DNS system log (SYSLOG), it is the IP address of third party's server at the backup page or maintain pages place by the IP address modification of WEB server.
Based on the invention same with aforesaid method design, additionally providing a kind of anti-tamper treatment unit in the embodiment of the present invention, this anti-tamper treatment unit is applied on cloud monitoring system. Wherein, this anti-tamper treatment unit can pass through software simulating, it is also possible to is realized by the mode of hardware or software and hardware combining. For software simulating, as the device on a logical meaning, being the treater of the cloud monitoring system by its place, computer program instructions corresponding in reading non-volatile storage is formed. Say from hardware view, as shown in Figure 4, for a kind of hardware structure diagram of cloud monitoring system at the anti-tamper treatment unit place that the present invention proposes, except the treater shown in Fig. 4, nonvolatile memory, cloud monitoring system can also comprise other hardware, such as the forwarding chip of responsible process message, network interface, internal memory etc.; From, hardware structure, this this end cloud monitoring system may be also distributed apparatus, it is possible to comprise multiple interface card, to carry out the expansion of Message processing at hardware view.
As shown in Figure 5, being the structure iron of the anti-tamper treatment unit that the present invention proposes, described anti-tamper treatment unit is applied on cloud monitoring system, and described anti-tamper treatment unit specifically comprises:
Obtain module 11, for obtaining the information being tampered of Internet WEB server;
Sending module 12, for being sent to user equipment by the described information being tampered;
Receiver module 13, for receive user equipment according to described in the order that issues of the information that is tampered;
Processing module 14, for carrying out anti-tamper process according to described order to described WEB server.
Described acquisition module 11, specifically for, in the process of the information being tampered obtaining WEB server, receiving the information being tampered that the local tamper resistant systems of described WEB server reports; The WEB page information of described WEB server is monitored by described local tamper resistant systems, and when monitoring WEB page information and be tampered, reports the information being tampered; Or, regularly obtain the WEB page information of described WEB server, and whether identical with pre-configured WEB page information by comparing the WEB page information of acquisition, it is determined that and whether the WEB page information of described acquisition is tampered, if it does, then obtain the information being tampered; Described WEB page information: the WEB file of described WEB server and/or need the content from database being illustrated in the WEB page of described WEB server.
Described sending module 12, also for, after the information being tampered obtaining WEB server, the described information being tampered being sent to content identifying system, by described content identifying system, the described information being tampered is carried out content recognition; Described receiver module 13, also for receiving the content recognition result that described content identifying system returns; Described sending module 12, also for described content recognition result is sent to described user equipment;
Whether described sending module 12, be also in opened condition for making regular check on the local tamper resistant systems of described WEB server; If not, then the information of local tamper resistant systems exception is sent to user equipment.
Described processing module 14, specifically in the process that according to described order described WEB server carried out anti-tamper process, when described order be reduction be tampered information time, the local tamper resistant systems that the backup file of described WEB server is then sent to described WEB server, so that described local tamper resistant systems utilizes described backup file to reduce the WEB page information of described WEB server;
When described order is for terminating WEB service, then issue blackhole route to the outlet router that described WEB server is corresponding, so that described outlet router tackles the flow that all object IP addresses are described WEB server; And/or, by DNS corresponding for the described WEB server of intelligent DNS system log (SYSLOG), it is the IP address of third party's server at the backup page or maintain pages place by the IP address modification of described WEB server, so that the flow accessing described WEB server is assigned to third party's server at the backup page or maintain pages place.
Described sending module 12, also for DNS that to make regular check on the described WEB server of intelligent DNS system log (SYSLOG) corresponding, if the IP address of described WEB server is modified to the IP address of place, illegal website server, then information by described intelligent DNS system exception is sent to described user equipment.
Wherein, each module of apparatus of the present invention can be integrated in one, it is also possible to separation is disposed. Above-mentioned module can merge into a module, it is also possible to splits into multiple submodule block further.
Through the above description of the embodiments, the technician of this area can be well understood to the present invention and can realize by the mode that software adds required general hardware platform, naturally it is also possible to by hardware, but in a lot of situation, the former is better enforcement mode. Based on such understanding, the technical scheme of the present invention in essence or says that part prior art contributed can embody with the form of software product, this computer software product is stored in a storage media, comprise some instructions with so that a computer equipment (can be Personal Computer, server, or the network equipment etc.) perform the method described in each embodiment of the present invention. It will be appreciated by those skilled in the art that accompanying drawing is the schematic diagram of a preferred embodiment, module or flow process in accompanying drawing might not be that enforcement the present invention is necessary.
It will be appreciated by those skilled in the art that the module in the device in embodiment can describe according to embodiment to carry out being distributed in the device of embodiment, it is also possible to carry out respective change and be arranged in the one or more devices being different from the present embodiment. The module of above-described embodiment can merge into a module, it is possible to splits into multiple submodule block further. Above-mentioned embodiment of the present invention sequence number, just to describing, does not represent the quality of embodiment.
Several specific embodiments being only the present invention disclosed in above, but, the present invention is not limited thereto, and the changes that any person skilled in the art can think of all should fall into protection scope of the present invention.
Claims (10)
1. an anti-tamper treatment process, it is characterised in that, described method comprises the following steps:
Cloud monitoring system obtains the information being tampered of Internet WEB server;
The described information being tampered is sent to user equipment by described cloud monitoring system;
Described cloud monitoring system receive user equipment according to described in the order that issues of the information that is tampered;
Described WEB server is carried out anti-tamper process according to described order by described cloud monitoring system.
2. method according to claim 1, it is characterised in that, described cloud monitoring system obtains the process of the information being tampered of Internet WEB server, specifically comprises:
Described cloud monitoring system receives the information being tampered that the local tamper resistant systems of described WEB server reports; Wherein, the WEB page information of described WEB server is monitored by described local tamper resistant systems, and when monitoring WEB page information and be tampered, reports the information being tampered; Or,
Described cloud monitoring system regularly obtains the WEB page information of described WEB server, and it is whether identical with pre-configured WEB page information by comparing the WEB page information of acquisition, determine whether the WEB page information of described acquisition is tampered, if it does, then obtain the information being tampered;
Wherein, described WEB page information specifically comprises: the WEB file of described WEB server and/or need the content from database being illustrated in the WEB page of described WEB server.
3. method according to claim 1, it is characterised in that, described method comprises further:
After described cloud monitoring system obtains the information being tampered of WEB server, the described information being tampered is sent to content identifying system by described cloud monitoring system, by described content identifying system, the described information being tampered is carried out content recognition; Described cloud monitoring system receives the content recognition result that described content identifying system returns, and described content recognition result is sent to described user equipment;
Whether the local tamper resistant systems that described cloud monitoring system makes regular check on described WEB server is in opened condition; If not, then the information of local tamper resistant systems exception is sent to described user equipment.
4. method according to claim 1, it is characterised in that, described WEB server is carried out the process of anti-tamper process by described cloud monitoring system according to described order, specifically comprises:
When described order be reduction be tampered information time, then the backup file of described WEB server is sent to the local tamper resistant systems of described WEB server by described cloud monitoring system, so that described local tamper resistant systems utilizes described backup file to reduce the WEB page information of described WEB server;
When described order is for terminating WEB service, then described cloud monitoring system issues blackhole route to the outlet router that described WEB server is corresponding, so that described outlet router tackles the flow that all object IP addresses are described WEB server; And/or, described cloud monitoring system is by DNS corresponding for the described WEB server of intelligent DNS system log (SYSLOG), it is the IP address of third party's server at the backup page or maintain pages place by the IP address modification of described WEB server, so that the flow accessing described WEB server is assigned to third party's server at the backup page or maintain pages place.
5. method according to claim 1, it is characterised in that, described method comprises further:
Described cloud monitoring system makes regular check on DNS corresponding to the described WEB server of intelligent DNS system log (SYSLOG), if the IP address of described WEB server is modified to the IP address of place, illegal website server, then information by described intelligent DNS system exception is sent to described user equipment.
6. an anti-tamper treatment unit, it is characterised in that, described anti-tamper treatment unit is applied on cloud monitoring system, and described anti-tamper treatment unit specifically comprises:
Obtain module, for obtaining the information being tampered of Internet WEB server;
Sending module, for being sent to user equipment by the described information being tampered;
Receiver module, for receive user equipment according to described in the order that issues of the information that is tampered;
Processing module, for carrying out anti-tamper process according to described order to described WEB server.
7. device according to claim 6, it is characterised in that,
Described acquisition module, specifically for, in the process of the information being tampered obtaining WEB server, receiving the information being tampered that the local tamper resistant systems of described WEB server reports; The WEB page information of described WEB server is monitored by described local tamper resistant systems, and when monitoring WEB page information and be tampered, reports the information being tampered; Or, regularly obtain the WEB page information of described WEB server, and whether identical with pre-configured WEB page information by comparing the WEB page information of acquisition, it is determined that and whether the WEB page information of described acquisition is tampered, if it does, then obtain the information being tampered; Described WEB page information: the WEB file of described WEB server and/or need the content being illustrated in the WEB page of described WEB server from database.
8. device according to claim 6, it is characterised in that,
Described sending module, also for, after the information being tampered obtaining WEB server, the described information being tampered being sent to content identifying system, by described content identifying system, the described information being tampered is carried out content recognition; Described receiver module, also for receiving the content recognition result that described content identifying system returns; Described sending module, also for described content recognition result is sent to described user equipment;
Whether described sending module, be also in opened condition for making regular check on the local tamper resistant systems of described WEB server; If not, then the information of local tamper resistant systems exception is sent to user equipment.
9. device according to claim 6, it is characterised in that,
Described processing module, specifically in the process that according to described order described WEB server carried out anti-tamper process, when described order be reduction be tampered information time, the local tamper resistant systems that the backup file of described WEB server is then sent to described WEB server, so that described local tamper resistant systems utilizes described backup file to reduce the WEB page information of described WEB server;
When described order is for terminating WEB service, then issue blackhole route to the outlet router that described WEB server is corresponding, so that described outlet router tackles the flow that all object IP addresses are described WEB server; And/or, by DNS corresponding for the described WEB server of intelligent DNS system log (SYSLOG), it is the IP address of third party's server at the backup page or maintain pages place by the IP address modification of described WEB server, so that the flow accessing described WEB server is assigned to third party's server at the backup page or maintain pages place.
10. device according to claim 6, it is characterised in that,
Described sending module, also for DNS that to make regular check on the described WEB server of intelligent DNS system log (SYSLOG) corresponding, if the IP address of described WEB server is modified to the IP address of place, illegal website server, then information by described intelligent DNS system exception is sent to described user equipment.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610010211.2A CN105678193B (en) | 2016-01-06 | 2016-01-06 | A kind of anti-tamper treating method and apparatus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610010211.2A CN105678193B (en) | 2016-01-06 | 2016-01-06 | A kind of anti-tamper treating method and apparatus |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105678193A true CN105678193A (en) | 2016-06-15 |
| CN105678193B CN105678193B (en) | 2018-08-14 |
Family
ID=56299505
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610010211.2A Active CN105678193B (en) | 2016-01-06 | 2016-01-06 | A kind of anti-tamper treating method and apparatus |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105678193B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106534174A (en) * | 2016-12-07 | 2017-03-22 | 北京奇虎科技有限公司 | Cloud protection method, apparatus and system of sensitive data |
| CN106599242A (en) * | 2016-12-20 | 2017-04-26 | 福建六壬网安股份有限公司 | Webpage change monitoring method and system based on similarity calculation |
| CN106953874A (en) * | 2017-04-21 | 2017-07-14 | 深圳市科力锐科技有限公司 | Website falsification-proof method and device |
| CN107819733A (en) * | 2016-09-14 | 2018-03-20 | 中国电信股份有限公司 | User self-help performs the methods, devices and systems of blackhole route |
| CN109688129A (en) * | 2018-12-24 | 2019-04-26 | 中电福富信息科技有限公司 | A kind of web site emergence treating method |
| CN111460440A (en) * | 2020-04-03 | 2020-07-28 | 大汉软件股份有限公司 | Health degree evaluation and tamper-proof method and system for government portal website |
| CN113032842A (en) * | 2019-12-25 | 2021-06-25 | 南通理工学院 | Webpage tamper-proofing system and method based on cloud platform |
| CN113343312A (en) * | 2021-06-25 | 2021-09-03 | 工银科技有限公司 | Page tamper-proofing method and system based on front-end point burying technology |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN201054604Y (en) * | 2007-07-04 | 2008-04-30 | 福建伊时代信息科技有限公司 | Driver website tamper prevention architecture |
| CN101292252A (en) * | 2005-10-18 | 2008-10-22 | 松下电器产业株式会社 | Information processing device, and method therefor |
| CN101888311A (en) * | 2009-05-11 | 2010-11-17 | 中联绿盟信息技术(北京)有限公司 | Equipment, method and system for preventing network contents from being tampered |
| CN102624570A (en) * | 2012-04-27 | 2012-08-01 | 杭州东信北邮信息技术有限公司 | Monitoring system and method for detecting availability of web server |
| US8613102B2 (en) * | 2004-03-30 | 2013-12-17 | Intellectual Ventures I Llc | Method and system for providing document retention using cryptography |
| CN103561076A (en) * | 2013-10-28 | 2014-02-05 | 中国科学院信息工程研究所 | Webpage trojan-linking real-time protection method and system based on cloud |
-
2016
- 2016-01-06 CN CN201610010211.2A patent/CN105678193B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8613102B2 (en) * | 2004-03-30 | 2013-12-17 | Intellectual Ventures I Llc | Method and system for providing document retention using cryptography |
| CN101292252A (en) * | 2005-10-18 | 2008-10-22 | 松下电器产业株式会社 | Information processing device, and method therefor |
| CN201054604Y (en) * | 2007-07-04 | 2008-04-30 | 福建伊时代信息科技有限公司 | Driver website tamper prevention architecture |
| CN101888311A (en) * | 2009-05-11 | 2010-11-17 | 中联绿盟信息技术(北京)有限公司 | Equipment, method and system for preventing network contents from being tampered |
| CN102624570A (en) * | 2012-04-27 | 2012-08-01 | 杭州东信北邮信息技术有限公司 | Monitoring system and method for detecting availability of web server |
| CN103561076A (en) * | 2013-10-28 | 2014-02-05 | 中国科学院信息工程研究所 | Webpage trojan-linking real-time protection method and system based on cloud |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107819733A (en) * | 2016-09-14 | 2018-03-20 | 中国电信股份有限公司 | User self-help performs the methods, devices and systems of blackhole route |
| CN107819733B (en) * | 2016-09-14 | 2020-05-01 | 中国电信股份有限公司 | Method, device and system for self-help execution of black hole routing by user |
| CN106534174A (en) * | 2016-12-07 | 2017-03-22 | 北京奇虎科技有限公司 | Cloud protection method, apparatus and system of sensitive data |
| CN106599242A (en) * | 2016-12-20 | 2017-04-26 | 福建六壬网安股份有限公司 | Webpage change monitoring method and system based on similarity calculation |
| CN106953874A (en) * | 2017-04-21 | 2017-07-14 | 深圳市科力锐科技有限公司 | Website falsification-proof method and device |
| CN106953874B (en) * | 2017-04-21 | 2019-11-29 | 深圳市科力锐科技有限公司 | Website falsification-proof method and device |
| CN109688129A (en) * | 2018-12-24 | 2019-04-26 | 中电福富信息科技有限公司 | A kind of web site emergence treating method |
| CN113032842A (en) * | 2019-12-25 | 2021-06-25 | 南通理工学院 | Webpage tamper-proofing system and method based on cloud platform |
| CN113032842B (en) * | 2019-12-25 | 2024-01-26 | 南通理工学院 | Webpage tamper-proof system and method based on cloud platform |
| CN111460440A (en) * | 2020-04-03 | 2020-07-28 | 大汉软件股份有限公司 | Health degree evaluation and tamper-proof method and system for government portal website |
| CN113343312A (en) * | 2021-06-25 | 2021-09-03 | 工银科技有限公司 | Page tamper-proofing method and system based on front-end point burying technology |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105678193B (en) | 2018-08-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105678193A (en) | Tamper-proof processing method and device | |
| CN108304704B (en) | Authority control method and device, computer equipment and storage medium | |
| CN104767757B (en) | Various dimensions safety monitoring method and system based on WEB service | |
| Hauer | Data and information leakage prevention within the scope of information security | |
| CN112217835B (en) | Message data processing method and device, server and terminal equipment | |
| CN111274583A (en) | Big data computer network safety protection device and control method thereof | |
| CN108932426B (en) | Unauthorized vulnerability detection method and device | |
| US20090157574A1 (en) | Method and apparatus for analyzing web server log by intrusion detection system | |
| CN113489713B (en) | Network attack detection method, device, equipment and storage medium | |
| CN103391216A (en) | Alarm and blocking method for illegal external connections | |
| CN107154939B (en) | Data tracking method and system | |
| CN105357482B (en) | A kind of video monitoring system, headend equipment and safety permission equipment | |
| CN111404937B (en) | Method and device for detecting server vulnerability | |
| CN111885210A (en) | Cloud computing network monitoring system based on end user environment | |
| CN107276983A (en) | A kind of the traffic security control method and system synchronous with cloud based on DPI | |
| US20170187730A1 (en) | Security indicator linkage determination | |
| CN110716973A (en) | Big data based security event reporting platform and method | |
| CN103095693A (en) | Method for positioning and accessing database user host information | |
| CN113411297A (en) | Situation awareness defense method and system based on attribute access control | |
| KR100819030B1 (en) | Method for deterrence of personal information using server registration and apparatus thereof | |
| KR101666791B1 (en) | System and method of illegal usage prediction and security for private information | |
| CN107819758A (en) | A kind of IP Camera leak remote detecting method and device | |
| CN114338171A (en) | Black product attack detection method and device | |
| CN113660222A (en) | Situation awareness defense method and system based on mandatory access control | |
| CN116894259A (en) | Safety access control system of database |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |