摘要
针对互联网中各网站存在木马入侵并恶意篡改网页内容的问题,对目前网页防篡改技术进行研究,设计出适用于内蒙古电力(集团)有限责任公司网站的网页防篡改系统。该系统由监控代理(Monitor Agent)、监控中心(Monitor Center)2个子系统组成,采用Inotify文件系统监控技术,对公司网站内容进行实时监控。从防SQL注入、跨站点攻击、非法上传等方面综合考虑,设计了用户管理、系统日志、被监控网站管理、监控内容类型管理的功能,保护公司网站的网页内容,实现网页不被篡改或被篡改后及时自动恢复,确保访问者浏览不到被篡改网页。经过测试及上线应用,证明该系统具有较强的防篡改能力,保障了公司网站内容的安全。
For Trojan invasion and malicious tampering with the web, on the basis of the current page tamper technology, design a webpage tamper-proof system suitable for Inner Mongolia Electric Power (Group) Co.,Ltd.. The system consists of Monitor Agent and Monitor Center, through the file system monitoring technology of Inotify, to realize real-time monitor on the company's website. From the anti-SQL injection, cross-site attacks, illegal uploading and other aspects into account, design the functions of the user management, system logs, monitored website management, content type management, to protect web content, by which to ensure the site not be altered or tampered with an in- time recovery, and make sure the visitors not to browse the tampered pages. The testing and practical application shows that the system has a strong anti-tampering capabilities to ensure the safety of the company's web site content.
出处
《内蒙古电力技术》
2013年第4期54-57,共4页
Inner Mongolia Electric Power