CN111967059A - Website tamper-proofing method and system and computer readable storage medium - Google Patents

Abstract

The present invention discloses a website anti-tampering method, system and computer-readable storage medium, including: obtaining a configuration file and generating a monitoring directory according to the configuration file; obtaining an underlying file and monitoring the underlying file to monitor the webpage status in real time; when the underlying file changes, determining whether the underlying file satisfies the monitoring directory, and if so, not responding to the operation. The present invention monitors the status of the underlying file in the webpage information in real time, and before the status and attributes of the underlying file in the webpage information change, the monitoring rules in the monitoring directory are used to determine whether the change action is a normal operation, thereby achieving the effect of preventing the webpage from being tampered with.

Description

A kind of website tamper-proof method, system and computer-readable storage medium

technical field

The invention relates to the field of network security, in particular to a website tamper-proof method, a system for implementing the tamper-proof method, and a computer-readable storage medium.

Background technique

With the rapid development and wide use of network information technology, network security is facing a severe test, and various security attacks on websites are becoming more and more frequent, among which web page tampering is the most serious. Web page tampering has the following characteristics: tampered website pages spread quickly, read by a large number of people, easy to copy, difficult to check in advance and prevent in real time. According to incomplete statistics, websites in my country have been attacked by different degrees of web page tampering, and there are many attack methods, so Network security has increasingly become the focus of attention.

In the face of the multi-faceted security challenges of website tampering, the early website site adopted the backup and restoration mechanism, but this passive mechanism can only be used for safe backup and restoration, and cannot achieve the protection effect; However, this method has low tamper detection efficiency, cannot quickly monitor website tampering behavior, and cannot protect continuous website tampering behavior on a large scale.

SUMMARY OF THE INVENTION

The purpose of the present invention is to, in view of the above problems, provide a website tamper-proof method, a system for implementing the tamper-proof method, and a computer-readable storage medium.

The technical scheme that the present invention adopts for realizing the above-mentioned purpose is:

A website tamper-proof method, comprising:

Obtain a configuration file, and generate a monitoring directory according to the configuration file;

Obtain the underlying file, and monitor the underlying file to monitor the status of the web page in real time;

When the underlying file is changed, it is determined whether the underlying file satisfies the monitoring directory, and if so, the operation is not responded to.

Preferably, the obtaining configuration file includes:

Users enter monitoring rules on the client to generate integrated data;

Receive the integrated data sent by the client, where the integrated data includes an identity confirmation label, an identification label and a target file, and when the target file is generated, the identification label will be generated in a corresponding bundle;

Generate target inspection parameters with the first locking parameter agreed with the client and the identification label;

Verifying the target file using the target inspection parameters to obtain inspection data;

When the verification data is the same as the identity confirmation label, the target file is confirmed as a normal operation file.

Preferably, after confirming that the target file is a conventional operation file, the method further includes:

Disassemble the monitoring rules contained in the target file into several monitoring condition files;

Several of the monitoring condition files are compared with the previous configuration file in a list or tiled manner;

If the monitoring condition file is different from the previous configuration file, the monitoring conditions on the monitoring condition file are overwritten and/or added to the previous configuration file to form a new configuration file.

Preferably, the comparison of the several monitoring condition files with the previous configuration file in a list or tiled manner includes:

Obtain the monitoring condition string on the monitoring condition file to form the first character unit;

Obtain the monitoring condition string corresponding to the monitoring condition of the previous configuration file to form a second character unit;

Compare whether the first character unit and the second character unit are the same;

When the first character unit and the second character unit are different, the second character unit is deleted, and the first character unit is added to the position of the deleted second character unit.

Preferably, before the step of generating the target inspection parameter with the first locking parameter agreed with the client and the identification label, the step further includes:

Determine whether the identification tag is contained in the local cache;

When there is no identification tag in the local cache, the identification tag is stored in the local cache, and the step of generating target inspection parameters with the first locking parameter agreed with the client and the identification tag is performed.

Preferably, before receiving the integration data sent by the client, the method further includes:

receiving the second locking parameter sent by the client, and generating a third locking parameter according to the second locking parameter;

sending the third locking parameter to the client;

generating the first locking parameter according to the second locking parameter and the third locking parameter;

The first locking parameter is saved.

Preferably, the acquiring the underlying file includes:

Attributes of the underlying file of web page information are scanned using a single-item hash unit.

Preferably, it also includes:

Obtain illegal operations and generate record files, users can view the record files on the client to check the number of times the webpage has been tampered with;

The record file is used to record one or more of the following:

Tampered operation type, file, process, time.

A website tamper-proof system, the device includes:

a management module, configured to obtain a configuration file and generate a monitoring directory according to the configuration file;

The monitoring module obtains the underlying file and monitors the underlying file to monitor the status of the webpage in real time.

A computer-readable storage medium storing a computer program, the program implementing the steps of the above method when executed by a processor.

The beneficial effects of the present invention are as follows: the present invention monitors the state of the underlying files in the web page information in real time, and before the state and attributes of the underlying files in the web page information change, it is judged that this change is normal operation according to the monitoring rules in the monitoring directory. , so as to prevent the web page from being tampered with.

The present invention will be further described below with reference to the accompanying drawings and embodiments.

Description of drawings

In order to explain the embodiments of the present invention or the technical solutions in the prior art more clearly, the following briefly introduces the drawings required in the embodiments or the prior art. Obviously, the drawings in the following description are only For some embodiments of the present invention, for those of ordinary skill in the art, other drawings can also be obtained according to these drawings without creative efforts.

Fig. 1 is the flow chart of the anti-tampering method in the present invention;

Fig. 2 is the comparison flow chart of bottom file and website protection catalog in the present invention;

Fig. 3 is the comparison flow chart of bottom layer file and file format protection directory in the present invention;

Fig. 4 is the comparison flow chart of bottom file and identity protection directory in the present invention;

Fig. 5 is the transmission flow chart of client and WEB server in the present invention;

Fig. 6 is the formation flow chart A of configuration file in the present invention;

FIG. 7 is a flow chart of the comparison of configuration files in the present invention.

Detailed ways

In order to make the above objects, features and advantages of the present invention more clearly understood, the specific embodiments of the present invention will be described in detail below with reference to the accompanying drawings. In the following description, numerous specific details are set forth in order to provide a thorough understanding of the present invention. However, the present invention can be implemented in many other ways different from those described herein, and those skilled in the art can make similar improvements without departing from the connotation of the present invention. Therefore, the present invention is not limited by the specific embodiments disclosed below.

In the description of the present invention, it should be understood that the terms "first" and "second" are only used for description purposes, and cannot be interpreted as indicating or implying relative importance or the number of indicated technical features. Thus, a feature delimited with "first", "second" may expressly or implicitly include at least one of that feature. In the description of the present invention, "plurality" means at least two, such as two, three, etc., unless otherwise expressly and specifically defined.

In this embodiment, it includes: a WEB server and a backup server. The WEB server mainly publishes web page information and provides WEB services; the website tamper-proof method in this embodiment is mainly implemented on the WEB server, and is mainly based on the information in the monitoring directory. The monitoring condition implements monitoring the state of the web page, and when the state of the web page changes or changes, the web page is restored to the state of the web page before the change. Specifically, the core of monitoring is installed into the WEB server, and automatic monitoring is performed based on the time-triggered method, and all file contents in the folder where the monitored webpage is located (including: html, asp, flash, png, bmp, gif, jpeg, php, jsp) compares the multiple attributes of the above files, and scans the attributes of each file in the folder where the monitored webpage is located in real time through the built-in fast hashing algorithm, so as to realize real-time monitoring. If it is found that the attribute change is through a non-protocol method, the content of the backup path folder will be copied to the corresponding location of the folder where the monitored web page is located through a secure copy method. Because it is driven by the underlying file technology, its running performance and monitoring real-time performance can reach the highest level.

The backup server mainly backs up files and their attributes. The backup server parses the information unit in the website information, and determines the signal change coordinates in the information unit to realize one-way transmission control; when the one-way transmission control is performed, the signal change coordinates in the information unit are changed into abnormal signals; then the modified coordinates are changed. The information unit is sent to the WEB server. Among them, by parsing the information unit of the website information, the change coordinate of the signal that realizes one-way transmission control in the information unit is modified into an abnormal signal. When the WEB server recognizes the abnormal signal, it discards the information unit and does not process it, so that the single-direction transmission control can be realized. To transfer control, the security control of transferring backup files to the backup server can be solved.

Further, the rdp agent program acts as a middle-layer role, which is responsible for receiving I/O requests sent by the rdp client. The built-in protocol parsing module of the agent service is mainly responsible for parsing information units closely related to disk mapping and clipboard. The built-in protocol of the service is set in the backup server. After the analysis of the backup server is completed, and when the WEB server detects an illegal operation, the backup server inserts an abnormal signal into the information unit to form a modified information unit. The request is forwarded to the WEB server. After the WEB server receives the information unit request, the rdp agent program receives the WEB server's response that the modified information unit is discarded and not processed, and then forwards it to the client in the WEB server. Realize one-way transmission control. Among them, the rdp agent program is installed in the WEB server, and the information unit contains the backup file of the website information. By parsing the information unit, an abnormal signal is inserted into the information unit. When the WEB server receives or recognizes the abnormal signal, the rdp agent program does not process the information unit, that is, one-way transmission control is realized.

As shown in FIG. 1 , a method for preventing tampering of a website in an optional embodiment specifically includes the following steps:

Step 101, obtaining a configuration file, and generating a monitoring directory according to the configuration file;

In the embodiment of the present application, the configuration file is a file generated in response to a client's requirement on the client, and the configuration file generally includes: a website protection directory, an identity protection directory, a file format protection directory, and an exclusion protection directory; the user can Open the client, then select and click Add Website, enter the characters of the website to be protected in the Add Website column, and then enter the identity information to be protected in the website to be protected, the file format and the excluded protection content that does not need to be protected in turn; enter When done, click the tamper-proof switch button to turn on tamper-proof protection for the protected website.

Further, in the identity protection directory, mainly add users such as ftp, mysql, www, etc., and the user can fill in the user ID to be protected in the column of the user ID to be protected.

The file format protection directory mainly adds the file types that need to be protected, such as html, asp, flash, png, bmp, gif, jpeg, php, jsp and other types of files.

Excluding the protection directory, mainly adding content that needs to be protected under the website that does not need to be protected, such as the comment function, message function, etc. in the website information, setting the exclusion protection directory can control the scalability of the anti-tampering system, and can target the website. Protect the parts that need to be protected.

Step 102, acquiring the underlying file and monitoring the underlying file to monitor the status of the webpage in real time;

Wherein, a single-item hash unit is used to scan the attributes of the underlying file of the web page information, and the single-item hash unit scans the attributes of each file in the folder where the monitored web page is located in real time, thereby realizing real-time monitoring. In addition, a single-item hash unit is a single-item hash algorithm.

When there is a web page request and there is an illegal operation in the web page request, the illegal operation changes the attributes of the web page file, and the one-way hash unit can quickly scan and monitor the change of the file attributes.

Among them, illegal operations include: creating a folder, deleting a folder, renaming, deleting a file, writing a file, creating a file, etc.

Step 103, when the underlying file is changed, determine whether the underlying file satisfies the monitoring directory, and if so, do not respond to the operation.

As shown in Figure 2, in step 103a0, when the underlying file changes (that is, the underlying file attribute changes), the underlying file is compared with the website protection directory in the monitoring directory;

Step 103a1, obtaining the website strings in the changed underlying files in sequence;

Step 103a2: Search the website protection directory in the monitoring directory for the first character of the website string, and obtain the first retrieval website directory; if the first retrieval website directory is not obtained, it is a normal operation and the operation can continue.

In step 103a3, the second character of the website string in step 103a1 is obtained, and the first retrieval website directory in step 103a2 is retrieved to obtain the second retrieval website directory; if the second retrieval website directory is not obtained, it is normal operation, you can continue the operation.

By analogy, it can be concluded whether the website to which the underlying file that has changed belongs is in the monitoring directory. If the changed underlying file belongs to one of the websites in the monitoring directory, the next step is performed, and the next step is specifically steps 103b0 and 103c0.

As shown in Figure 3, in step 103b0, the file format of the underlying file change is obtained by scanning the single-item hash algorithm;

Step 103b1, comparing the acquired changed file format with the file format protection directory in the monitoring directory;

Step 103b2, if they are different, the change is a normal operation, and if they are the same, it is an illegal operation.

As shown in Figure 4, in step 103c0, the user identity ID of the underlying file change is obtained by scanning through a single-item hash algorithm;

Step 103c1, compare the obtained changed user identity ID with the identity protection directory in the monitoring directory;

Step 103c2, if they are different, the change is a normal operation, and if they are the same, it is an illegal operation.

In a website tamper-proof method in an optional embodiment, the obtaining a configuration file includes:

As shown in Figure 5, in step 1010, the user inputs monitoring rules on the client to generate integrated data;

Specifically, the user inputs a website protection directory, an identity protection directory, a file format protection directory, etc. on the client panel corresponding to each monitoring condition input field.

Step 1011, receive the integrated data sent by the client, the integrated data includes the identity confirmation label, the identification label and the target file, when the target file is generated, the identification label will be generated in a corresponding bundle; wherein, the target file can be Any type and format of file data, in this embodiment, the target file is a data file with monitoring conditions. In addition, when the user completes inputting the monitoring directory on the client panel, and clicks the OK button, an identification label will be generated. The identification tag can be a combination of randomly generated numbers and/or English letters, and the generated combination can be four digits, five digits, or multiple digits. The identification tag generated by the bundle can be Further enhance the security of data transmission.

Step 1012: Generate target inspection parameters with the first locking parameter agreed with the client and the identification label; in this embodiment, the first locking parameter agreed between the client and the WEB server may be a fixed preset by the two. parameter. In addition, the client can set the first locking parameter with the WEB server once, click the set parameter button on the client, and input it in the pop-up input box. By setting this time, it can be used in future data transmission. The set first locking parameter and the identification tag generated by the client generate an identity confirmation tag. In addition, the user can also set the first lock parameter before each input of the monitoring rule. By setting this way, the risk of the monitoring directory being hijacked due to the long-term use of a fixed first lock parameter can be reduced, and the relationship between the client and the WEB server can be improved. security in between.

Specifically, the first locking parameter may be a character string composed of numbers, symbols, and English, wherein the first locking parameter must contain at least one number, at least one symbol, at least one English uppercase letter, and at least one English lowercase letter , the above numbers, symbols, and uppercase and lowercase letters can be in any order.

Step 1013, use the target inspection parameters to verify the target file to obtain inspection data; specifically, when the WEB server receives the target file, verify the target file through the target inspection parameters (that is, the algorithm) to obtain inspection data. .

Step 1014, when the verification data is the same as the identity confirmation label, confirm that the target file is a normal operation file. Specifically, the verification data obtained by the WEB server is compared with the identity confirmation label in the integrated data received before. When the two are the same, it can be shown that the identification label and the target file have not been hijacked and tampered with during the transmission process, so it can be Confirm that the target file is a normal operation file.

In a website tamper-proof method in an optional embodiment, after confirming that the target file is a regular operation file, the method further includes:

As shown in Figure 6 and Figure 7, step 1015, disassemble the monitoring rules contained in the target file into several monitoring condition files; specifically, disassemble and separate several monitoring condition files contained in the target file, the purpose is In order to separate each monitoring condition and make each monitoring condition be classified according to the different protection categories, there will be no string code or string category.

Step 1016, a number of the monitoring condition files are compared with the previous configuration file in a list or tiled manner;

If the monitoring condition file is different from the previous configuration file, the monitoring conditions on the monitoring condition file are overwritten and/or added to the previous configuration file to form a new configuration file.

In a website tamper-proof method in an optional embodiment, the comparison of the several monitoring condition files with the previous configuration file in a list or tile manner includes:

As shown in Figure 6 and Figure 7, in step 1016a, the monitoring condition string on the monitoring condition file is obtained to form the first character unit; specifically, if it is the monitoring condition file of the website protection directory, the first character unit is A string of website characters; if it is the monitoring condition file of the identity protection directory, the first character unit is the ID character; if it is the monitoring condition file of the file format protection directory, the first character unit is the file format character.

Step 1016b, obtaining the monitoring condition string corresponding to the monitoring condition of the previous configuration file to form a second character unit; specifically, the second character unit obtained here is the monitoring condition character of the monitoring condition in the previous configuration file By obtaining the second character unit, the monitoring condition content in the previous configuration file is obtained and compared with the first character unit in step 1016b.

Step 1016c, comparing whether the first character unit and the second character unit are the same;

When the first character unit and the second character unit are different, the second character unit is deleted, and the first character unit is added to the position of the deleted second character unit. Specifically, when comparing, when the second character unit is different from the first character unit, the second character unit is wiped or deleted, and then the first character unit is filled into the position of the second character unit, thereby completing the configuration of new monitoring condition.

In an optional embodiment of the method for preventing tampering of a website, before the step of generating the target verification parameter with the first locking parameter agreed with the client and the identification label, the method further includes:

Determine whether the identification tag is contained in the local cache;

When there is no identification tag in the local cache, the identification tag is stored in the local cache, and the step of generating target inspection parameters with the first locking parameter agreed with the client and the identification tag is performed. Specifically, the WEB server can confirm whether the identification tag exists in the local cache according to the identification tag, so as to determine whether the integrated data of the client is a replay attack. When the WEB server receives the integrated data, and the integrated data contains the identification tag, the WEB server parses the identification tag from the integrated data, and the WEB server starts to search the local cache for the existence of the same tag as the identification tag. If the identification tag is not found in the WEB server, it can indicate that the data request from the client is a normal request. At the same time, if there is no identification tag in the WEB server, the identification tag will be stored in the temporary folder of the WEB, and the deletion time will be set. After a period of deletion, the WEB server will clear the files in the temporary folder. ; By setting the temporary folder to save the setting of the identification tag, you can confirm whether there is a replay attack during the deletion time, and it will not occupy the cache.

Replay attack, also known as replay attack and playback attack, means that the attacker sends a packet that the destination host has received to deceive the system. It is mainly used in the identity authentication process and destroys the correctness of the authentication. A replay attack can be carried out by the initiator or by an adversary who intercepts and retransmits the data. Attackers use network snooping or other means to steal authentication credentials and then re-send them to the authentication server. Replay attacks may occur in any network communication process, and are one of the commonly used attack methods by hackers in the computer world.

In an optional embodiment of the method for preventing tampering of a website, before receiving the integration data sent by the client, the method further includes:

Step a1011: Receive the second locking parameter sent by the client, and generate a third locking parameter according to the second locking parameter; specifically, the second locking parameter may be a random alphanumeric string, or a set number Alphabet string, the number of digits of the second locking parameter can be 16 or 32.

Step b1011, sending the third locking parameter to the client; specifically, the WEB server receives the second locking parameter, and then obtains the second locking parameter through parsing and decryption, and the WEB server generates the second locking parameter after receiving the second locking parameter The third locking parameter, and the third locking parameter is a randomly generated combination of numbers and letters, which may be a combination of 16-bit or 32-bit numbers and letters.

Step c1011, generate the first locking parameter according to the second locking parameter and the third locking parameter; for example, if the second locking parameter is 16 digits and the third locking parameter is 16 digits, then the A locking parameter is a 32-digit combination of the second locking parameter and the third locking parameter; if the second locking parameter is 32 digits and the third locking parameter is 32 digits, then the first locking parameter is the second 64 digits of the combination of the lock parameter and the third lock parameter;

Step d1011, save the first locking parameter. By exchanging the second locking parameter and the third locking parameter between the client and the WEB server, the security of the first locking parameter is increased, because the first locking parameter is formed by the combination of the second locking parameter and the third locking parameter, The second locking parameter and the third locking parameter are respectively generated by the client and the WEB server, which can effectively increase the randomness of the first locking parameter, thereby effectively increasing the security of the first locking parameter.

In an optional embodiment, the website tamper-proof method further includes:

Obtain illegal operations and generate record files, users can view the record files on the client to check the number of times the webpage has been tampered with;

The record file is used to record one or more of the following:

Tampered operation type, file, process, time.

A website tamper-proof system, the device includes:

a management module, configured to obtain a configuration file and generate a monitoring directory according to the configuration file;

The monitoring module obtains the underlying file and monitors the underlying file to monitor the status of the webpage in real time.

A computer-readable storage medium storing a computer program, the program implementing the steps of the above method when executed by a processor.

Memory may include non-persistent memory in computer readable media, random access memory (RAM) and/or non-volatile memory, such as read only memory (ROM) or flash memory (flashRAM). Memory is an example of a computer-readable medium.

Computer-readable media includes both persistent and non-permanent, removable and non-removable media, and storage of information may be implemented by any method or technology. Information may be computer readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, phase-change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read only memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), Flash Memory or other memory technology, Compact Disc Read Only Memory (CD-ROM), Digital Versatile Disc (DVD) or other optical storage, Magnetic tape cartridges, magnetic tape-disk storage or other magnetic storage devices or any other non-transmission medium that can be used to store information that can be accessed by a computing device. Computer-readable media, as defined herein, excludes non-transitory computer-readable media, such as modulated data signals and carrier waves.

The present invention monitors the state of the underlying files in the web page information in real time. Before the state and attributes of the underlying files in the web page information are changed, it is judged that this change is a normal operation according to the monitoring rules in the monitoring directory, so as to prevent the web page from being tampered with. Effect.

The technical features of the above-described embodiments can be combined arbitrarily. For the sake of brevity, all possible combinations of the technical features in the above-described embodiments are not described. However, as long as there is no contradiction between the combinations of these technical features, All should be regarded as the scope described in this specification.

The above descriptions are only preferred embodiments of the present invention, and do not limit the present invention in any form. Any person skilled in the art, without departing from the scope of the technical solution of the present invention, can make many possible changes and modifications to the technical solution of the present invention by using the methods and technical contents disclosed above, or modify them into equivalents of equivalent changes. Example. Therefore, all equivalent changes made according to the shape, structure and principle of the present invention without departing from the technical solution of the present invention shall be covered within the protection scope of the present invention.

Claims (10)

1. a website tamper-proof method, is characterized in that: comprise: Obtain a configuration file, and generate a monitoring directory according to the configuration file; Obtain the underlying file, and monitor the underlying file to monitor the status of the web page in real time; When the underlying file is changed, it is determined whether the underlying file satisfies the monitoring directory, and if so, the operation is not responded to. 2. a kind of website anti-tampering method according to claim 1, is characterized in that, described obtaining configuration file comprises: Users enter monitoring rules on the client to generate integrated data; Receive the integrated data sent by the client, where the integrated data includes an identity confirmation label, an identification label and a target file, and when the target file is generated, the identification label will be generated in a corresponding bundle; Generate target inspection parameters with the first locking parameter agreed with the client and the identification label; Verifying the target file using the target inspection parameters to obtain inspection data; When the verification data is the same as the identity confirmation label, the target file is confirmed as a normal operation file. 3. a kind of website tamper-proof method according to claim 2, is characterized in that, after confirming that described target file is a regular operation file, described method also comprises: Disassemble the monitoring rules contained in the target file into several monitoring condition files; Several of the monitoring condition files are compared with the previous configuration file in a list or tiled manner; If the monitoring condition file is different from the previous configuration file, the monitoring conditions on the monitoring condition file are overwritten and/or added to the previous configuration file to form a new configuration file. 4. The method for preventing tampering of a website according to claim 3, wherein the comparison of the plurality of the monitoring condition files with the previous configuration file in a list or tiled manner comprises: Obtain the monitoring condition string on the monitoring condition file to form the first character unit; Obtain the monitoring condition string corresponding to the monitoring condition of the previous configuration file to form a second character unit; Compare whether the first character unit and the second character unit are the same; When the first character unit and the second character unit are different, the second character unit is deleted, and the first character unit is added to the position of the deleted second character unit. 5. A kind of website tamper-proof method according to claim 2, is characterized in that, before the step of generating the target inspection parameter with the first locking parameter agreed with the client and the identification label, further comprising: Determine whether the identification tag is contained in the local cache; When there is no identification tag in the local cache, the identification tag is stored in the local cache, and the step of generating target inspection parameters with the first locking parameter agreed with the client and the identification tag is performed. 6. a kind of website tamper-proof method according to claim 2, is characterized in that, before described receiving the integrated data that the client sends, also comprises: receiving the second locking parameter sent by the client, and generating a third locking parameter according to the second locking parameter; sending the third locking parameter to the client; generating the first locking parameter according to the second locking parameter and the third locking parameter; The first locking parameter is saved. 7. A kind of website anti-tampering method according to claim 1, is characterized in that, described acquiring bottom layer file comprises: Attributes of the underlying file of web page information are scanned using a single-item hash unit. 8. a kind of website tamper-proof method according to claim 1, is characterized in that, wherein also comprises: Obtain illegal operations and generate record files, users can view the record files on the client to check the number of times the webpage has been tampered with; The record file is used to record one or more of the following: Tampered operation type, file, process, time. 9. A website tamper-proof system, wherein the device comprises: a management module, configured to obtain a configuration file and generate a monitoring directory according to the configuration file; The monitoring module obtains the underlying file and monitors the underlying file to monitor the status of the webpage in real time. 10. A computer-readable storage medium storing a computer program, characterized in that, when the program is executed by a processor, the steps of any one of the methods of claims 1-8 are implemented.

Images