CN114201370B - Webpage file monitoring method and system - Google Patents

Webpage file monitoring method and system Download PDF

Info

Publication number
CN114201370B
CN114201370B CN202210154184.1A CN202210154184A CN114201370B CN 114201370 B CN114201370 B CN 114201370B CN 202210154184 A CN202210154184 A CN 202210154184A CN 114201370 B CN114201370 B CN 114201370B
Authority
CN
China
Prior art keywords
file
directory
information
webpage
newly
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210154184.1A
Other languages
Chinese (zh)
Other versions
CN114201370A (en
Inventor
王涛
朱春华
程晓梅
张英
孙涛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Jerei Digital Technology Co Ltd
Original Assignee
Shandong Jerei Digital Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Jerei Digital Technology Co Ltd filed Critical Shandong Jerei Digital Technology Co Ltd
Priority to CN202210154184.1A priority Critical patent/CN114201370B/en
Publication of CN114201370A publication Critical patent/CN114201370A/en
Application granted granted Critical
Publication of CN114201370B publication Critical patent/CN114201370B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3003Monitoring arrangements specially adapted to the computing system or computing system component being monitored
    • G06F11/3006Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system is distributed, e.g. networked systems, clusters, multiprocessor systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/3051Monitoring arrangements for monitoring the configuration of the computing system or of the computing system component, e.g. monitoring the presence of processing resources, peripherals, I/O links, software programs
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/30Monitoring
    • G06F11/32Monitoring with visual or acoustical indication of the functioning of the machine
    • G06F11/324Display of status information
    • G06F11/327Alarm or error message display
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/958Organisation or management of web site content, e.g. publishing, maintaining pages or automatic linking
    • G06F16/986Document structures and storage, e.g. HTML extensions

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Quality & Reliability (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Mathematical Physics (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention relates to a method and a system for monitoring a webpage file, which relate to the field of portal websites and comprise the following steps: acquiring webpage file information by using a built-in function of a file system; storing the webpage file information to a source file directory; monitoring the webpage file information to determine the change content of the webpage file; comparing the change contents with the webpage file information of the source file directory one by one to obtain a comparison result; and determining alarm information according to the comparison result and an alarm threshold value. The invention realizes the comprehensive monitoring of the dynamic files and the static files by a file-level monitoring mode.

Description

Webpage file monitoring method and system
Technical Field
The invention relates to the field of web portals, in particular to a method and a system for monitoring webpage files.
Background
With the rapid development of internet technology, the access rate of websites is higher and higher. In the process of accessing the webpage by the user, it is important to ensure the safety of the webpage data, and the requirement for effectively controlling the webpage files is increasing.
The existing web page file monitoring technology is mainly oriented to analysis of application layer data, and is realized by intercepting system call and locking a file directory, operations such as opening and closing files, reading, deleting, editing and the like need to be performed by closing the intercepting system, although certain protection monitoring can be provided, file information is prevented from being modified, the operation is inconvenient, the development cost is high, and event information in application cannot be recorded after closing. In addition, the application layer can only track static pages, and the change of information and content cannot be obtained for dynamic pages.
Disclosure of Invention
The invention aims to provide a webpage file monitoring method and a webpage file monitoring system, which realize comprehensive monitoring of dynamic files and static files in a file-level monitoring mode.
In order to achieve the purpose, the invention provides the following scheme:
a webpage file monitoring method comprises the following steps:
acquiring webpage file information by using a built-in function of a file system;
storing the webpage file information to a source file directory;
monitoring the webpage file information to determine the change content of the webpage file; the change content comprises an executable file, a directory, a system configuration file, a content file, a compressed file and a compressed folder;
comparing the changed contents with the webpage file information of the source file directory one by one to obtain a comparison result;
and determining alarm information according to the comparison result and an alarm threshold value.
Optionally, the storing the web page file information to a source file directory specifically includes:
selecting an operation path according to the webpage file information and creating a directory;
saving the operation path and the newly-built directory to an appointed directory;
determining a resource saving path according to the number of the newly-built directories in the appointed directory;
and saving the resource saving path to the source file directory.
Optionally, the determining a resource saving path according to the number of the newly created directories in the designated directory specifically includes:
judging whether the number of newly-built catalogues in the appointed catalogues is smaller than a set value or not to obtain a first judgment result;
if the first judgment result shows that the number of the newly-built catalogues in the specified catalogues is smaller than a set value, taking the operation path corresponding to the newly-built catalogues as a resource storage path;
and if the first judgment result shows that the number of the newly-built catalogues in the specified catalogues is greater than or equal to a set value, newly building a temporary operation path as a resource storage path.
Optionally, the determining alarm information according to the comparison result and the alarm threshold specifically includes:
judging whether any one of the file modification time, the file size, the file content and the MD5 check value of the comparison result is greater than an alarm threshold value or not to obtain a second judgment result;
and if the second judgment result indicates that any one of the file modification time, the file size, the file content and the MD5 check value of the comparison result is greater than an alarm threshold, determining to send an alarm.
A web document monitoring system comprising:
the acquisition module is used for acquiring webpage file information by utilizing a built-in function of the file system;
the storage module is used for storing the webpage file information to a source file directory;
the monitoring module is used for monitoring the webpage file information to determine the change content of the webpage file; the change content comprises an executable file, a directory, a system configuration file, a content file, a compressed file and a compressed folder;
the comparison module is used for comparing the change contents with the webpage file information of the source file directory one by one to obtain a comparison result;
and the alarm module is used for determining alarm information according to the comparison result and the alarm threshold value.
Optionally, the storage module specifically includes:
the selecting and creating unit is used for selecting an operation path according to the webpage file information and creating a new directory;
the first storage unit is used for storing the operation path and the newly-built directory to a specified directory;
a resource saving path determining unit, configured to determine a resource saving path according to the number of the newly created directories in the specified directory;
and the first saving unit is used for saving the resource saving path to the source file directory.
Optionally, the resource saving path determining unit specifically includes:
the judging subunit is used for judging whether the number of the newly-built catalogues in the specified catalogues is smaller than a set value or not to obtain a first judgment result;
a first resource saving path determining subunit, configured to, if the first determination result indicates that the number of newly created directories in the specified directory is smaller than a set value, take an operation path corresponding to the newly created directory as a resource saving path;
and a second resource saving path determining subunit, configured to, if the first determination result indicates that the number of newly created directories in the specified directory is greater than or equal to a set value, newly create a temporary operation path as a resource saving path.
Optionally, the alarm module specifically includes:
the judging unit is used for judging whether any one of the file modification time, the file size, the file content and the MD5 check value of the comparison result is greater than an alarm threshold value or not to obtain a second judgment result;
and the alarm unit is used for determining to send an alarm if the second judgment result indicates that any one of the file modification time, the file size, the file content and the MD5 check value of the comparison result is greater than an alarm threshold.
According to the specific embodiment provided by the invention, the invention discloses the following technical effects:
the invention provides a method and a system for monitoring a webpage file, which utilize a built-in function of a file system to acquire webpage file information; storing the webpage file information to a source file directory; monitoring webpage file information to determine the change content of the webpage file; the change content comprises an executable file, a directory, a system configuration file, a content file, a compressed file and a compressed folder; comparing the changed content with the webpage file information of the source file directory one by one to obtain a comparison result; and determining alarm information according to the comparison result and the alarm threshold value. The invention realizes the comprehensive monitoring of the dynamic files and the static files by a file-level monitoring mode.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings needed to be used in the embodiments will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings without inventive exercise.
FIG. 1 is a flowchart of a method for monitoring web documents according to the present invention;
FIG. 2 is a schematic flow chart of a method for monitoring a web document according to the present invention;
FIG. 3 is a flowchart illustrating comparison and labeling according to information of a web page file.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The invention aims to provide a webpage file monitoring method and a webpage file monitoring system, which realize comprehensive monitoring of dynamic files and static files in a file-level monitoring mode.
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in further detail below.
As shown in fig. 1 and fig. 2, a method for monitoring a web document provided by the present invention includes:
step 101: and acquiring webpage file information by using a built-in function of the file system. The webpage file information comprises: full item directory, file name, file storage information. The project catalog and the files are web page files for monitoring, and the corresponding operation and the file access are processed through the files.
Step 102: and storing the webpage file information to a source file directory. And determining the path information of the file according to the file storage information. And storing the webpage file information in a preset source file directory. The step 102 specifically includes: selecting an operation path according to the webpage file information and creating a directory; saving the operation path and the newly-built directory to an appointed directory; determining a resource saving path according to the number of the newly-built directories in the appointed directory; and saving the resource saving path to the source file directory.
Wherein, the determining a resource saving path according to the number of the newly-created directories in the specified directory specifically includes: judging whether the number of newly-built catalogues in the appointed catalogues is smaller than a set value or not to obtain a first judgment result; if the first judgment result shows that the number of the newly-built catalogues in the specified catalogues is smaller than a set value, taking the operation path corresponding to the newly-built catalogues as a resource storage path; and if the first judgment result shows that the number of the newly-built catalogues in the specified catalogues is greater than or equal to a set value, newly building a temporary operation path as a resource storage path.
Step 103: monitoring the webpage file information to determine the change content of the webpage file; the changed content includes executable files, directories, system configuration files, content files, compressed files, and compressed folders. The webpage files comprise files taking htm, html, shtml and xml as suffixes.
And monitoring the change of the file content in the directory acquired in the step by using the file monitoring characteristic of the system, wherein the changed file comprises: executable files, directories, system configuration files, content files, zip compressed folders, and more files and directories. The file monitoring feature of the system is a system stat mechanism, through which file content, attributes, permissions, ownership, size, etc. are obtained, and a file and directory are comprehensively checked to determine if they are complete. And finally, storing file information acquired by utilizing the file monitoring characteristic of the system in a preset source file directory. stat is a built-in instruction of the server operating system that can be used to display details of the file. The following is the one-to-one verification of the information obtained by stat.
Step 104: and comparing the changed contents with the webpage file information of the source file directory one by one to obtain a comparison result.
According to the obtained content change information, comparing the content change information with file information stored in a source file directory, wherein the comparison implementation method comprises the following steps: file modification time, comparison of file size, file content and MD5 digital signature verification.
The above methods were used to perform the alignment in sequence. And using the file time attribute to execute the time command to check the content time of the latest modified file and the attribute time of the latest modified file. And comparing the acquired time information with second associated information in a preset source file directory. Block instructions using the file system compare file sizes at the kb level. The contents of the files are compared in a row-by-row fashion and the files under the directory are compared, and different rows of the comparison files are analyzed and output. By using the encryption method of the MD5, the MD5 value of the file is obtained and compared with the MD5 value of the original file.
By comparing the above methods one by one, the information which does not accord with any parameter is judged. If the two are the same, the web page file is judged to be complete and correct. And if the monitored path is different from the monitored path, judging that the webpage corresponding to the monitored path is tampered or attacked.
Step 105: and determining alarm information according to the comparison result and an alarm threshold value.
Step 105, specifically comprising: and judging whether any one of the file modification time, the file size, the file content and the MD5 check value of the comparison result is greater than an alarm threshold value or not to obtain a second judgment result. And if the second judgment result indicates that any one of the file modification time, the file size, the file content and the MD5 check value of the comparison result is greater than an alarm threshold, determining to send an alarm.
And setting an alarm condition and an alarm threshold according to the comparison result, taking the specified behavior corresponding to the abnormal value meeting the alarm condition as alarm information, and sending a message to operation and maintenance personnel for judging a trigger event reaching a certain threshold state.
The invention provides a webpage file monitoring system, comprising:
and the acquisition module is used for acquiring the webpage file information by utilizing the built-in function of the file system.
And the storage module is used for storing the webpage file information to a source file directory.
The monitoring module is used for monitoring the webpage file information to determine the change content of the webpage file; the changed content includes executable files, directories, system configuration files, content files, compressed files, and compressed folders.
And the comparison module is used for comparing the change contents with the webpage file information of the source file directory one by one to obtain a comparison result.
And the alarm module is used for determining alarm information according to the comparison result and the alarm threshold value.
In practical application, the storage module specifically includes: the selecting and creating unit is used for selecting an operation path according to the webpage file information and creating a new directory; the first saving unit is used for saving the operation path and the newly-built catalog to a specified catalog; a resource saving path determining unit, configured to determine a resource saving path according to the number of the newly created directories in the specified directory; and the first saving unit is used for saving the resource saving path to the source file directory.
In practical application, the resource saving path determining unit specifically includes: the judging subunit is used for judging whether the number of the newly-built catalogues in the specified catalogues is smaller than a set value or not to obtain a first judgment result; a first resource saving path determining subunit, configured to, if the first determination result indicates that the number of newly created directories in the specified directory is smaller than a set value, take an operation path corresponding to the newly created directory as a resource saving path; and a second resource saving path determining subunit, configured to, if the first determination result indicates that the number of newly created directories in the specified directory is greater than or equal to a set value, newly create a temporary operation path as a resource saving path.
In practical application, the alarm module specifically includes: the judging unit is used for judging whether any one of the file modification time, the file size, the file content and the MD5 check value of the comparison result is greater than an alarm threshold value or not to obtain a second judgment result; and the alarm unit is used for determining to send an alarm if the second judgment result indicates that any one of the file modification time, the file size, the file content and the MD5 check value of the comparison result is greater than an alarm threshold.
According to the invention, all file information is acquired through a file-level monitoring mode, the integrity and consistency of the webpage files are verified, and the comprehensive monitoring of the static files and the dynamic files of the files is realized. The invention also provides a working process of the webpage file monitoring method in practical application, which comprises the following steps:
and acquiring file information for operation by using a built-in function of the file system.
The website file information is viewed by instructing list (). The file information includes: full item directory, file name, file storage information. Typically, only a portion of the files within the system are operated on by changes to the file access content.
And selecting an operation path and creating a new directory.
And saving the unknown path to a specified directory, and marking the file name.
Files and data are constructed from the resulting paths.
And when only one new directory exists under one directory, the path corresponding to the new directory is used as a corresponding resource storage path.
When more than two new directories exist under one directory, the new temporary directory path determines the corresponding resource storage path. A plurality of new directories can be arranged under one directory, and each directory corresponds to one path, and if the number of the directories is large, the path which is the resource path is not determined, so that a new path which is used as a resource storage path is created. Namely, a resource saving path is newly built for the path corresponding to the second or more new directories.
And storing the corresponding resource saving path information determined above in the source file directory information. The directory stores resource information correspondingly, and the information comprises categories such as pictures and videos.
And acquiring corresponding URL address information and file type information such as mp4, jpg and the like through the resources.
And executing a built-in function to acquire the file type, the byte length of the file, the state information of the directory and the last modification time of the file.
As shown in fig. 3, the information obtained above is compared with the monitoring web page file item by item.
And executing a system instruction stat to display detailed information of the file, wherein the detailed information comprises access time, data modification time and state modification time.
And acquiring the current mtime data modification time, comparing the current mtime data modification time with the file time information in the source file directory, and judging whether the webpage file information is tampered. Three times, atime access time, mtime modification time and ctime execution time can be obtained through a stat instruction, and the obtained time information is represented by the three words.
And executing a block instruction of the file system, and recording file size information.
And executing a comparison instruction, i.e. compressing-common-lines, and acquiring file content information. Wherein, the-responses-common-lines is a built-in instruction of the operating system, and the difference between the contents of the two files can be compared by recording the contents and the line number of the files.
Put, delete and patch information appear in the page file, and the page file is understood as a dynamic file. The information is respectively the operations of uploading, deleting and updating the data. When a page access is requested, if the page is not updated, a 304 state code is fed back, and whether the page is modified or updated is judged by using the 304 state code.
The web page file is stored on disk and there is a modification time (i.e., the time to update this file) for the first access.
When the file is accessed again, an If-Modified-site request is sent to the server, and the modification time of the file is brought up. If-Modified-site is that when the user accesses the webpage, the information of the request time zone is sent to the server, the time of the last modification is included, and the file comparison between the file of the webpage and the file recorded by the cache is generated.
If the file is modified during this time, the server will feed back a modified status code.
If the content of the file does not change during this time, the server will return the status code 304 (no file content is returned).
And recording Last modification time Last-Modified of the webpage file by using the file information attribute.
Comparing the two variables with the last recorded value to determine whether the web page file is modified.
The pagefile is fetched and compared to the current file size.
One or more element nodes to be compared are selected from each file.
And taking the file containing the designated element node as a comparison unit.
And judging the keyword information of the element nodes of the files, and adding the files to a list to be compared when judging that any comparison unit of any file contains the keyword information of the compared element nodes.
The element nodes in the file may contain child nodes, and may not have the keyword information, and the comparison units which do not have the keyword information are not compared separately, and only the comparison units corresponding to the nodes at the upper level are compared.
The encryption algorithm applied to the file results in the MD5 value for the file, which changes after any modifications are made to the file.
The MD5 value and the signature information of the file are integrated into a complete piece of information and stored in a list.
And generating an MD5 digital signature S1, generating a signature S2 in the same way next time, and comparing S2 with S1, wherein if the signatures are the same, the webpage file is not modified, otherwise, the webpage file is modified.
It should be noted that the speed of signing text with the MD5 algorithm is extremely fast, and data can be completed in milliseconds. Although the strategy is also used for file data transmission, I/O operation is omitted, and the strategy is helpful to improving the system performance.
And when one or more technical characteristics are matched according to the comparison result, forming a standard alarm event flow according to a preset strategy, and quickly and accurately sending the standard alarm event flow to operation and maintenance personnel.
The pre-configured policy refers to: when any one of the modification time, the file size, the file content and the MD5 check value of the information file is different, specific different information content is sent out an alarm.
And configuring alarm rules aiming at the monitoring file, wherein the alarm rules comprise file time, content, attributes and states. The file alarm rule comprises any one or more of filtering strategies.
The alarm rule filters and matches the collected information, and specifically includes: and when the file alarm rule comprises the information, matching the file alarm rule with the filtering field, and when the file alarm rule is matched with the filtering field, triggering the alarm information of the application server.
When the alarm information of the application server is triggered, a calling interface required for receiving the alarm information needs to be provided in the monitoring alarm system. Once the alert information is generated, the alert information is sent directly to the calling interface. After receiving the request, the calling interface sends the message to the operation and maintenance personnel corresponding to the project by triggering the alarm module, so that the operation and maintenance personnel of the project receive the message at the first time and take effective measures in time.
The method adopts a monitoring mode, can monitor all file contents including static files and dynamic files, and ensures the complete creation source of the content pages. The prior art cannot comprehensively identify the dynamic page and only can track the application layer protocol identification technology. By matching a set of complete strategies, the monitored files are operated from the aspects of type, attribute and content verification, more dimensional data analysis methods are provided compared with the prior art, and the identification and labeling effects on the files are improved through accurate comparison and judgment of multiple data. By means of the dynamic alarm allocation strategy, compared with the traditional single fixed template form, the method has the advantages of flexibility, accuracy and traceability, and realizes effective alarm.
In the present specification, the embodiments are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other. For the system disclosed by the embodiment, the description is relatively simple because the system corresponds to the method disclosed by the embodiment, and the relevant points can be referred to the method part for description.
The principles and embodiments of the present invention have been described herein using specific examples, which are provided only to help understand the method and the core concept of the present invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, the specific embodiments and the application range may be changed. In view of the above, the present disclosure should not be construed as limiting the invention.

Claims (4)

1. A webpage file monitoring method is characterized by comprising the following steps:
acquiring webpage file information by using a built-in function of a file system;
storing the webpage file information to a source file directory; the storing the web page file information to a source file directory specifically includes:
selecting an operation path according to the webpage file information and creating a directory;
saving the operation path and the newly-built directory to an appointed directory;
determining a resource saving path according to the number of the newly-built directories in the appointed directory; the determining a resource saving path according to the number of the newly-built directories in the specified directory specifically includes:
judging whether the number of newly-built catalogues in the appointed catalogues is smaller than a set value or not to obtain a first judgment result;
if the first judgment result shows that the number of the newly-built catalogues in the specified catalogues is smaller than a set value, taking the operation path corresponding to the newly-built catalogues as a resource storage path;
if the first judgment result shows that the number of the newly-built catalogues in the appointed catalogues is larger than or equal to a set value, newly building a temporary operation path as a resource storage path;
saving the resource saving path to a source file directory;
monitoring the webpage file information to determine the change content of the webpage file; the change content comprises an executable file, a directory, a system configuration file, a content file, a compressed file and a compressed folder;
comparing the change contents with the webpage file information of the source file directory one by one to obtain a comparison result;
and determining alarm information according to the comparison result and an alarm threshold value.
2. The method for monitoring the webpage file according to claim 1, wherein the determining the alarm information according to the comparison result and the alarm threshold specifically comprises:
judging whether any one of the file modification time, the file size, the file content and the MD5 check value of the comparison result is greater than an alarm threshold value or not to obtain a second judgment result;
and if the second judgment result indicates that any one of the file modification time, the file size, the file content and the MD5 check value of the comparison result is greater than an alarm threshold, determining to send an alarm.
3. A web document monitoring system, comprising:
the acquisition module is used for acquiring webpage file information by utilizing a built-in function of the file system;
the storage module is used for storing the webpage file information to a source file directory; the storage module specifically comprises:
the selecting and creating unit is used for selecting an operation path according to the webpage file information and creating a new directory;
the first storage unit is used for storing the operation path and the newly-built directory to a specified directory;
a resource saving path determining unit, configured to determine a resource saving path according to the number of the newly created directories in the specified directory; the resource saving path determining unit specifically includes:
the judging subunit is used for judging whether the number of the newly-built catalogues in the specified catalogues is smaller than a set value or not to obtain a first judgment result;
a first resource saving path determining subunit, configured to, if the first determination result indicates that the number of newly created directories in the specified directory is smaller than a set value, take an operation path corresponding to the newly created directory as a resource saving path;
a second resource saving path determining subunit, configured to, if the first determination result indicates that the number of newly created directories in the specified directory is greater than or equal to a set value, newly create a temporary operation path as a resource saving path;
the first saving unit is used for saving the resource saving path to the source file directory;
the monitoring module is used for monitoring the webpage file information to determine the change content of the webpage file; the change content comprises an executable file, a directory, a system configuration file, a content file, a compressed file and a compressed folder;
the comparison module is used for comparing the change contents with the webpage file information of the source file directory one by one to obtain a comparison result;
and the alarm module is used for determining alarm information according to the comparison result and the alarm threshold value.
4. The system for monitoring web documents according to claim 3, wherein the alarm module specifically comprises:
the judging unit is used for judging whether any one of the file modification time, the file size, the file content and the MD5 check value of the comparison result is greater than an alarm threshold value or not to obtain a second judgment result;
and the alarm unit is used for determining to send an alarm if the second judgment result indicates that any one of the file modification time, the file size, the file content and the MD5 check value of the comparison result is greater than an alarm threshold.
CN202210154184.1A 2022-02-21 2022-02-21 Webpage file monitoring method and system Active CN114201370B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210154184.1A CN114201370B (en) 2022-02-21 2022-02-21 Webpage file monitoring method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210154184.1A CN114201370B (en) 2022-02-21 2022-02-21 Webpage file monitoring method and system

Publications (2)

Publication Number Publication Date
CN114201370A CN114201370A (en) 2022-03-18
CN114201370B true CN114201370B (en) 2022-06-03

Family

ID=80645555

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210154184.1A Active CN114201370B (en) 2022-02-21 2022-02-21 Webpage file monitoring method and system

Country Status (1)

Country Link
CN (1) CN114201370B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116302711B (en) * 2023-05-19 2023-10-03 山东捷瑞数字科技股份有限公司 Disaster recovery method and device based on cloud platform mirror image, electronic equipment and storage medium

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103279710A (en) * 2013-04-12 2013-09-04 深圳市易聆科信息技术有限公司 Method and system for detecting malicious codes of Internet information system
CN103902855A (en) * 2013-12-17 2014-07-02 哈尔滨安天科技股份有限公司 File tamper detecting and repairing method and system
CN103929440A (en) * 2014-05-09 2014-07-16 国家电网公司 Web page tamper prevention device based on web server cache matching and method thereof
CN104036157A (en) * 2014-06-05 2014-09-10 蓝盾信息安全技术有限公司 Method based on comprehensive characteristic value for detecting tampering of file
CN107196929A (en) * 2017-05-11 2017-09-22 国网山东省电力公司信息通信公司 Suitable for the intelligent protecting method and its system under high frequency time network-combination yarn environment
CN107257373A (en) * 2017-06-15 2017-10-17 国电南瑞科技股份有限公司 A kind of grid model data maintenance management method based on CIM/E files
CN107609411A (en) * 2017-09-15 2018-01-19 郑州云海信息技术有限公司 A kind of system and method for intelligent monitoring classified document
US9887969B1 (en) * 2015-05-01 2018-02-06 F5 Networks, Inc. Methods for obfuscating javascript and devices thereof
CN109309730A (en) * 2018-10-31 2019-02-05 北京国信宏数科技有限责任公司 A kind of believable document transmission method and system
CN109871359A (en) * 2019-03-21 2019-06-11 国网福建省电力有限公司 File watching system and method
CN111159775A (en) * 2019-12-11 2020-05-15 中移(杭州)信息技术有限公司 Webpage tampering detection method, system and device and computer readable storage medium
CN111967064A (en) * 2020-09-05 2020-11-20 湖南西盈网络科技有限公司 Webpage tamper-proofing method and system
CN112532589A (en) * 2020-11-06 2021-03-19 北京冠程科技有限公司 Webpage monitoring method and device and storage medium

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080027866A1 (en) * 2006-07-26 2008-01-31 Halcrow Michael A System and method for authenticating file content
US20080244686A1 (en) * 2007-03-27 2008-10-02 Witness Systems, Inc. Systems and Methods for Enhancing Security of Files
US9118713B2 (en) * 2011-09-26 2015-08-25 The Board Of Trustees Of The University Of Illinois System and a method for automatically detecting security vulnerabilities in client-server applications
CN113221194B (en) * 2021-06-07 2024-03-08 云尖(北京)软件有限公司 Tamper web page hybrid detection technology

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103279710A (en) * 2013-04-12 2013-09-04 深圳市易聆科信息技术有限公司 Method and system for detecting malicious codes of Internet information system
CN103902855A (en) * 2013-12-17 2014-07-02 哈尔滨安天科技股份有限公司 File tamper detecting and repairing method and system
CN103929440A (en) * 2014-05-09 2014-07-16 国家电网公司 Web page tamper prevention device based on web server cache matching and method thereof
CN104036157A (en) * 2014-06-05 2014-09-10 蓝盾信息安全技术有限公司 Method based on comprehensive characteristic value for detecting tampering of file
US9887969B1 (en) * 2015-05-01 2018-02-06 F5 Networks, Inc. Methods for obfuscating javascript and devices thereof
CN107196929A (en) * 2017-05-11 2017-09-22 国网山东省电力公司信息通信公司 Suitable for the intelligent protecting method and its system under high frequency time network-combination yarn environment
CN107257373A (en) * 2017-06-15 2017-10-17 国电南瑞科技股份有限公司 A kind of grid model data maintenance management method based on CIM/E files
CN107609411A (en) * 2017-09-15 2018-01-19 郑州云海信息技术有限公司 A kind of system and method for intelligent monitoring classified document
CN109309730A (en) * 2018-10-31 2019-02-05 北京国信宏数科技有限责任公司 A kind of believable document transmission method and system
CN109871359A (en) * 2019-03-21 2019-06-11 国网福建省电力有限公司 File watching system and method
CN111159775A (en) * 2019-12-11 2020-05-15 中移(杭州)信息技术有限公司 Webpage tampering detection method, system and device and computer readable storage medium
CN111967064A (en) * 2020-09-05 2020-11-20 湖南西盈网络科技有限公司 Webpage tamper-proofing method and system
CN112532589A (en) * 2020-11-06 2021-03-19 北京冠程科技有限公司 Webpage monitoring method and device and storage medium

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
《The design and implementation of a real-time webpage Tamper-Proof technology》;Luo Yue-guo et al.;《2011 International Conference on Mechatronic Science, Electric Engineering and Computer (MEC)》;20110923;全文 *
《基于安全的文件监控***的设计与实现》;李骥;《中国优秀硕士学位论文全文数据库(电子期刊)信息科技辑》;20040415;全文 *

Also Published As

Publication number Publication date
CN114201370A (en) 2022-03-18

Similar Documents

Publication Publication Date Title
CN111198848B (en) Distributed file access method, system, server and storage medium
JP6774499B2 (en) Providing access to hybrid applications offline
CN106021256B (en) De-duplication distributed file system using cloud-based object storage
CN106302337B (en) Vulnerability detection method and device
US9864736B2 (en) Information processing apparatus, control method, and recording medium
US20060259854A1 (en) Structuring an electronic document for efficient identification and use of document parts
US9075722B2 (en) Clustered and highly-available wide-area write-through file system cache
US9729672B2 (en) Collaborative editing
CN111008348A (en) Anti-crawler method, terminal, server and computer readable storage medium
US20140358868A1 (en) Life cycle management of metadata
US9910968B2 (en) Automatic notifications for inadvertent file events
CA2883029A1 (en) Method and system for securely updating a website
CN113010476A (en) Metadata searching method, device and equipment and computer readable storage medium
CN114201370B (en) Webpage file monitoring method and system
CN113469866A (en) Data processing method and device and server
CN115357590A (en) Recording method and device for data change, electronic device and storage medium
DE102017205165A1 (en) Identifiers for securing the integrity of digitally encoded copies
Raghavan A framework for identifying associations in digital evidence using metadata
US11809381B2 (en) Accessing network based content items by a mobile device while offline
CN110991358A (en) Text comparison method and device based on block chain
CN111460436B (en) Unstructured data operation method and system based on blockchain
Park et al. An enhanced security framework for reliable Android operating system
CN115186255B (en) Industrial host white list extraction method and device, terminal device and storage medium
KR101790594B1 (en) Method for managing attribute information of file and computing device using the same
US20240046027A1 (en) Identifying downloadable objects in markup language

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant