[go: up one dir, main page]

CN105610812B - Method and device for preventing webpage from being hijacked - Google Patents

Method and device for preventing webpage from being hijacked Download PDF

Info

Publication number
CN105610812B
CN105610812B CN201510983406.0A CN201510983406A CN105610812B CN 105610812 B CN105610812 B CN 105610812B CN 201510983406 A CN201510983406 A CN 201510983406A CN 105610812 B CN105610812 B CN 105610812B
Authority
CN
China
Prior art keywords
address
webpage
domain name
client
reference index
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510983406.0A
Other languages
Chinese (zh)
Other versions
CN105610812A (en
Inventor
朱珊珊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qihoo Technology Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Qizhi Software Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd, Qizhi Software Beijing Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201510983406.0A priority Critical patent/CN105610812B/en
Publication of CN105610812A publication Critical patent/CN105610812A/en
Application granted granted Critical
Publication of CN105610812B publication Critical patent/CN105610812B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1466Active attacks involving interception, injection, modification, spoofing of data unit addresses, e.g. hijacking, packet injection or TCP sequence number attacks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/10Mapping addresses of different types
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • H04L61/4505Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols
    • H04L61/4511Network directories; Name-to-address mapping using standardised directories; using standardised directory access protocols using domain name system [DNS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

本发明涉及一种网页防劫持的方法及装置,其中,方法包括:获取用户域名请求指令;对所述用户域名请求指令进行解析,获得第一IP地址和第二IP地址;利用所述第一IP地址和第二IP地址获得参考指标;根据所述参考指标通知客户端显示正确的页面,实现网页防劫持。

The present invention relates to a method and device for preventing hijacking of web pages, wherein the method includes: obtaining a user domain name request instruction; parsing the user domain name request instruction to obtain a first IP address and a second IP address; using the first IP address The IP address and the second IP address obtain reference indicators; according to the reference indicators, the client is notified to display the correct page, so as to prevent webpage hijacking.

Description

一种网页防劫持的方法及装置Method and device for preventing web page hijacking

技术领域technical field

本发明涉及网络安全技术领域,特别涉及一种网页防劫持的方法及装置。The present invention relates to the technical field of network security, in particular to a method and device for preventing hijacking of webpages.

背景技术Background technique

随着互联网和网络应用的普及与发展,大量的黑客攻击随之而来,特别是针对互联网的网络攻击。其中,篡改网页文件是黑客攻击的普遍手法。网页篡改攻击事件往往预先检查和实时防范较难,由于网络环境复杂而难以追查责任,攻击工具简单且向智能化发展。目前虽然有防火墙、入侵检测系统等安全设备作为安全防范手段,但Web应用攻击有别于其他攻击方式,很难被传统的安全设备所检测到,可以轻松突破防火墙和入侵检测的保护。单纯依靠防火墙和入侵检测系统等传统的网络安全设备无法有效防范网页篡改攻击。With the popularization and development of the Internet and network applications, a large number of hacker attacks follow, especially network attacks against the Internet. Among them, tampering with web files is a common method of hacker attacks. Web page tampering attacks are often difficult to check in advance and prevent in real time. Due to the complex network environment, it is difficult to trace the responsibility, and the attack tools are simple and intelligent. Although firewalls, intrusion detection systems and other security devices are currently used as security prevention methods, web application attacks are different from other attack methods, and are difficult to be detected by traditional security devices, which can easily break through the protection of firewalls and intrusion detection. Simply relying on traditional network security devices such as firewalls and intrusion detection systems cannot effectively prevent web page tampering attacks.

发明内容SUMMARY OF THE INVENTION

本发明实施例的主要目的在于提出一种网页防劫持的方法及装置,克服常见劫持问题,比如DNS被劫持、页面跳转走或页面出运营商广告等等。The main purpose of the embodiments of the present invention is to provide a method and device for preventing hijacking of webpages, which overcomes common hijacking problems, such as DNS hijacking, page jumping, or operator advertisements appearing on the page.

为实现上述目的,本发明提供了一种网页防劫持的方法,包括:To achieve the above purpose, the present invention provides a method for preventing hijacking of a webpage, comprising:

获取用户域名请求指令;Get the user domain name request instruction;

对用户域名请求指令进行解析,获得第一IP地址和第二IP地址;Parse the user's domain name request instruction to obtain the first IP address and the second IP address;

利用第一IP地址和第二IP地址获得参考指标;Obtain the reference index by using the first IP address and the second IP address;

根据参考指标在客户端显示正确的页面,实现网页防劫持。Display the correct page on the client side according to the reference index to prevent web page hijacking.

在一实施例中,参考指标为第一IP地址和第二IP地址是否相同。In one embodiment, the reference indicator is whether the first IP address and the second IP address are the same.

在一实施例中,参考指标获取步骤包括:In one embodiment, the step of obtaining the reference index includes:

从业务域名服务器上获取第一IP地址,从客户端获取第二IP地址;Obtain the first IP address from the business domain name server, and obtain the second IP address from the client;

比较第一IP地址与第二IP地址是否相同,比较结果即为参考指标。Compare whether the first IP address and the second IP address are the same, and the comparison result is the reference index.

在一实施例中,根据参考指标通知客户端显示正确的页面的步骤具体为:In one embodiment, the step of notifying the client to display the correct page according to the reference index is as follows:

在第一IP地址与第二IP地址不相同时,则判定用户域名被劫持,通知客户端显示第一IP地址对应的网页;否则,则判定用户域名没有被劫持,通知客户端显示第一IP地址对应的网页或第二IP地址对应的网页。When the first IP address is different from the second IP address, it is determined that the user domain name is hijacked, and the client is notified to display the webpage corresponding to the first IP address; otherwise, it is determined that the user domain name is not hijacked, and the client is notified to display the first IP address The webpage corresponding to the address or the webpage corresponding to the second IP address.

在一实施例中,参考指标为第二IP地址对应的网页特征信息是否在白名单中。In one embodiment, the reference indicator is whether the webpage feature information corresponding to the second IP address is in the whitelist.

在一实施例中,参考指标获取步骤包括:In one embodiment, the step of obtaining the reference index includes:

通过Java Script引擎扫描第二IP地址对应的网页的dom树;Scan the dom tree of the web page corresponding to the second IP address through the JavaScript engine;

将扫描获取的网页特征信息与白名单内的信息相比较,判断第二IP地址对应的网页特征信息是否在白名单内,比较结果即为参考指标。The webpage feature information obtained by scanning is compared with the information in the whitelist to determine whether the webpage characteristic information corresponding to the second IP address is in the whitelist, and the comparison result is the reference index.

在一实施例中,根据参考指标通知客户端显示正确的页面的步骤具体为:In one embodiment, the step of notifying the client to display the correct page according to the reference index is as follows:

第二IP地址对应的网页特征信息不在白名单内,则判定用户域名被劫持,通知客户端显示第一IP地址对应的网页;否则,通知客户端显示第二IP地址对应的网页。If the feature information of the webpage corresponding to the second IP address is not in the whitelist, it is determined that the user domain name is hijacked, and the client is notified to display the webpage corresponding to the first IP address; otherwise, the client is notified to display the webpage corresponding to the second IP address.

对应地,为实现上述目的,本发明还提供了一种网页防劫持的装置,包括:Correspondingly, in order to achieve the above purpose, the present invention also provides a device for preventing hijacking of webpages, including:

域名请求获取单元,用于获取用户域名请求指令;A domain name request obtaining unit, used to obtain a user domain name request instruction;

域名解析单元,用于对用户域名请求指令进行解析,获得第一IP地址和第二IP地址;a domain name parsing unit, configured to parse the user domain name request instruction to obtain the first IP address and the second IP address;

参考指标获取单元,用于利用第一IP地址和第二IP地址获得参考指标;a reference index obtaining unit, configured to obtain a reference index by using the first IP address and the second IP address;

防劫持单元,用于根据参考指标通知客户端显示正确的页面,实现网页防劫持。The anti-hijacking unit is used to notify the client to display the correct page according to the reference index, so as to realize the anti-hijacking of the webpage.

在一实施例中,参考指标获取单元获取的参考指标为第一IP地址和第二IP地址是否相同。In one embodiment, the reference indicator acquired by the reference indicator acquiring unit is whether the first IP address and the second IP address are the same.

在一实施例中,参考指标获取单元包括:In one embodiment, the reference index obtaining unit includes:

初始化模块,用于从业务域名服务器上获取第一IP地址,从客户端获取第二IP地址;an initialization module, configured to obtain the first IP address from the service domain name server, and obtain the second IP address from the client;

IP地址比较模块,用于比较第一IP地址与第二IP地址是否相同,比较结果即为参考指标。The IP address comparison module is used to compare whether the first IP address and the second IP address are the same, and the comparison result is the reference index.

在一实施例中,防劫持单元具体用于:In one embodiment, the anti-hijacking unit is specifically used for:

在第一IP地址与第二IP地址不相同时,则判定用户域名被劫持,通知客户端显示第一IP地址对应的网页;否则,则判定用户域名没有被劫持,通知客户端显示第一IP地址对应的网页或第二IP地址对应的网页。When the first IP address is different from the second IP address, it is determined that the user domain name is hijacked, and the client is notified to display the webpage corresponding to the first IP address; otherwise, it is determined that the user domain name is not hijacked, and the client is notified to display the first IP address The webpage corresponding to the address or the webpage corresponding to the second IP address.

在一实施例中,参考指标获取单元获取的参考指标为第二IP地址对应的网页特征信息是否在白名单中。In one embodiment, the reference indicator acquired by the reference indicator acquiring unit is whether the feature information of the webpage corresponding to the second IP address is in the whitelist.

在一实施例中,参考指标获取单元包括:In one embodiment, the reference index obtaining unit includes:

扫描模块,用于通过Java Script引擎扫描第二IP地址对应的网页的dom树;The scanning module is used to scan the dom tree of the web page corresponding to the second IP address through the Java Script engine;

网页特征信息比较模块,用于将扫描获取的网页特征信息与白名单内的信息相比较,判断第二IP地址对应的网页特征信息是否在白名单内,比较结果即为参考指标。The webpage feature information comparison module is used to compare the webpage characteristic information obtained by scanning with the information in the whitelist, and determine whether the webpage characteristic information corresponding to the second IP address is in the whitelist, and the comparison result is the reference index.

在一实施例中,防劫持单元具体用于:In one embodiment, the anti-hijacking unit is specifically used for:

第二IP地址对应的网页特征信息不在白名单内,则判定用户域名被劫持,通知客户端显示第一IP地址对应的网页;否则,通知客户端显示第二IP地址对应的网页。If the feature information of the webpage corresponding to the second IP address is not in the whitelist, it is determined that the user domain name is hijacked, and the client is notified to display the webpage corresponding to the first IP address; otherwise, the client is notified to display the webpage corresponding to the second IP address.

上述技术方案具有如下有益效果:The above-mentioned technical scheme has the following beneficial effects:

本技术方案将运营商域名解析服务器的解析结果与业务域名解析服务器的解析结果对比,判断用户DNS是否被劫持,可以根除域名解析异常,避免用户DNS被劫持时导致的不能正常访问业务的情况发生。This technical solution compares the resolution result of the operator's domain name resolution server with the resolution result of the service domain name resolution server, and determines whether the user's DNS is hijacked, which can eliminate abnormal domain name resolution and avoid the situation that the user cannot access services normally when the user's DNS is hijacked. .

另外,本技术方案还可以通过Java Script引擎扫描IP地址对应的网页的dom树;将扫描获取的信息与白名单内的信息相比较,判断IP地址对应的网页是否在白名单内,从而得出页面是否被篡改和劫持,能有效避免页面内容被篡改。In addition, this technical solution can also scan the dom tree of the web page corresponding to the IP address through the Java Script engine; compare the information obtained by scanning with the information in the whitelist to determine whether the web page corresponding to the IP address is in the whitelist, so as to obtain Whether the page has been tampered with and hijacked can effectively prevent the page content from being tampered with.

上述说明仅是本发明技术方案的概述,为了能够更清楚了解本发明的技术手段,而可依照说明书的内容予以实施,并且为了让本发明的上述和其它目的、特征和优点能够更明显易懂,以下特举本发明的具体实施方式。The above description is only an overview of the technical solutions of the present invention, in order to be able to understand the technical means of the present invention more clearly, it can be implemented according to the content of the description, and in order to make the above and other objects, features and advantages of the present invention more obvious and easy to understand , the following specific embodiments of the present invention are given.

附图说明Description of drawings

为了更清楚地说明本发明实施例或现有技术中的技术方案,下面将对实施例或现有技术描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。In order to explain the embodiments of the present invention or the technical solutions in the prior art more clearly, the following briefly introduces the accompanying drawings that need to be used in the description of the embodiments or the prior art. Obviously, the accompanying drawings in the following description are only These are some embodiments of the present invention. For those of ordinary skill in the art, other drawings can also be obtained according to these drawings without creative efforts.

图1示出一种网页防劫持的方法流程图;FIG. 1 shows a flowchart of a method for preventing hijacking of a webpage;

图2示出参考指标获取步骤流程图之一;Fig. 2 shows one of the flow charts of reference index acquisition steps;

图3示出本实施例的防劫持示意图之一;FIG. 3 shows one of the anti-hijacking schematic diagrams of the present embodiment;

图4示出参考指标获取步骤流程图之二;Fig. 4 shows the second flow chart of reference index acquisition steps;

图5示出本实施例的劫持示意图之二;FIG. 5 shows the second schematic diagram of hijacking in this embodiment;

图6示出一种网页防劫持的装置框图;6 shows a block diagram of a device for preventing hijacking of a webpage;

图7示出本装置中参考指标获取单元功能框图之一;Fig. 7 shows one of the functional block diagrams of the reference index acquisition unit in the device;

图8示出本装置中参考指标获取单元功能框图之二;Fig. 8 shows the second functional block diagram of the reference index acquisition unit in the device;

具体实施方式Detailed ways

下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

本发明实施例提供了一种网页防劫持的方法及装置。以下结合附图对本发明进行详细说明。Embodiments of the present invention provide a method and device for preventing web page hijacking. The present invention will be described in detail below with reference to the accompanying drawings.

本发明实施例提供了一种网页防劫持的方法,如图1所示。包括:An embodiment of the present invention provides a method for preventing hijacking of a webpage, as shown in FIG. 1 . include:

步骤S101:获取用户域名请求指令;Step S101: obtaining a user domain name request instruction;

步骤S102:对用户域名请求指令进行解析,获得第一IP地址和第二IP地址;Step S102: parse the user domain name request instruction to obtain a first IP address and a second IP address;

步骤S103:利用第一IP地址和第二IP地址获得参考指标;Step S103: obtaining a reference index by using the first IP address and the second IP address;

步骤S104:根据参考指标通知客户端显示正确的页面,实现网页防劫持。Step S104: Notify the client to display the correct page according to the reference index, so as to realize webpage anti-hijacking.

对应地,本发明还提供了一种网页防劫持的装置,如图6所示。包括:Correspondingly, the present invention also provides a device for preventing hijacking of a webpage, as shown in FIG. 6 . include:

域名请求获取单元601,用于获取用户域名请求指令;a domain name request obtaining unit 601, configured to obtain a user domain name request instruction;

域名解析单元602,用于对用户域名请求指令进行解析,获得第一IP地址和第二IP地址;a domain name parsing unit 602, configured to parse the user domain name request instruction to obtain a first IP address and a second IP address;

参考指标获取单元603,用于利用第一IP地址和第二IP地址获得参考指标;a reference index obtaining unit 603, configured to obtain a reference index by using the first IP address and the second IP address;

防劫持单元604,用于根据参考指标通知客户端显示正确的页面,实现网页防劫持。The anti-hijacking unit 604 is configured to notify the client to display the correct page according to the reference index, so as to realize the anti-hijacking of the webpage.

在一实施例中,参考指标为第一IP地址和第二IP地址是否相同。如图2所示,为参考指标获取步骤流程图之一。步骤包括:In one embodiment, the reference indicator is whether the first IP address and the second IP address are the same. As shown in Figure 2, it is one of the flow charts of the steps for obtaining the reference index. Steps include:

步骤S1031:从业务域名服务器上获取第一IP地址,从客户端获取第二IP地址;Step S1031: Obtain the first IP address from the service domain name server, and obtain the second IP address from the client;

步骤S1032:比较第一IP地址与第二IP地址是否相同,比较结果即为参考指标。Step S1032: Compare whether the first IP address and the second IP address are the same, and the comparison result is a reference indicator.

相应地,根据参考指标在客户端显示正确的页面的步骤具体为:Correspondingly, the steps for displaying the correct page on the client side according to the reference indicators are as follows:

在第一IP地址与第二IP地址不相同时,则判定用户域名被劫持,通知客户端显示第一IP地址对应的网页;否则,则判定用户域名没有被劫持,通知客户端显示第一IP地址对应的网页或第二IP地址对应的网页。When the first IP address is different from the second IP address, it is determined that the user domain name is hijacked, and the client is notified to display the webpage corresponding to the first IP address; otherwise, it is determined that the user domain name is not hijacked, and the client is notified to display the first IP address The webpage corresponding to the address or the webpage corresponding to the second IP address.

相对应地,在同一实施例中,针对虚拟装置来说,参考指标获取单元603获取的参考指标为第一IP地址和第二IP地址是否相同。如图7所示,为本装置中参考指标获取单元的功能框图之一。包括:Correspondingly, in the same embodiment, for the virtual device, the reference index obtained by the reference index obtaining unit 603 is whether the first IP address and the second IP address are the same. As shown in FIG. 7 , it is one of the functional block diagrams of the reference index obtaining unit in the apparatus. include:

初始化模块6031,用于从业务域名服务器上获取第一IP地址,从客户端获取第二IP地址;The initialization module 6031 is used to obtain the first IP address from the service domain name server, and obtain the second IP address from the client;

IP地址比较模块6032,用于比较第一IP地址与第二IP地址是否相同,比较结果即为参考指标。The IP address comparison module 6032 is configured to compare whether the first IP address and the second IP address are the same, and the comparison result is the reference index.

同理,防劫持单元604具体用于:Similarly, the anti-hijacking unit 604 is specifically used for:

在第一IP地址与第二IP地址不相同时,则判定用户域名被劫持,通知客户端显示第一IP地址对应的网页;否则,则判定用户域名没有被劫持,通知客户端显示第一IP地址对应的网页或第二IP地址对应的网页。When the first IP address is different from the second IP address, it is determined that the user domain name is hijacked, and the client is notified to display the webpage corresponding to the first IP address; otherwise, it is determined that the user domain name is not hijacked, and the client is notified to display the first IP address The webpage corresponding to the address or the webpage corresponding to the second IP address.

如图3所示,用户输入域名“M.haosou.com”,运营商DNS服务器和业务DNS服务器均获取该域名,运营商DNS服务器根据自身的域名解析表获得域名“M.haosou.com”对应的IP地址为127.0.0.1,业务DNS服务器根据自身的域名解析表获得域名“M.haosou.com”对应的IP地址为125.88.193.213,业务DNS服务器将解析出的IP地址返回至运营商DNS服务器,而运营商DNS服务器并没有将IP地址为125.88.193.213对应的页面返回至客户端,而是将IP地址为127.0.0.1所对应的网页返回至客户端,安全域名解析服务器获取运营商DNS服务器返回的IP地址,判断该IP地址是否发生篡改,判断的过程为:从业务DNS服务器上获取解析的IP地址,将从客户端获得的IP地址和从业务DNS服务器上获取的IP地址进行对比,如果IP地址相同,则没有发生DNS篡改,如果IP地址不相同,则发生了DNS篡改。这种情况下,安全域名解析服务器将IP地址为125.88.193.213返回至客户端,客户端显示IP地址为125.88.193.213所对应的网页。As shown in Figure 3, the user enters the domain name "M.haosou.com", the carrier DNS server and the service DNS server both obtain the domain name, and the carrier DNS server obtains the corresponding domain name "M.haosou.com" according to its own domain name resolution table The IP address is 127.0.0.1, the service DNS server obtains the IP address corresponding to the domain name "M.haosou.com" according to its own domain name resolution table as 125.88.193.213, and the service DNS server returns the resolved IP address to the carrier DNS server , and the carrier DNS server does not return the page corresponding to the IP address 125.88.193.213 to the client, but returns the web page corresponding to the IP address 127.0.0.1 to the client, and the secure domain name resolution server obtains the carrier DNS server The returned IP address is used to judge whether the IP address has been tampered with. The judgment process is: obtain the resolved IP address from the service DNS server, and compare the IP address obtained from the client with the IP address obtained from the service DNS server. If the IP addresses are the same, no DNS tampering has occurred, and if the IP addresses are not the same, DNS tampering has occurred. In this case, the secure domain name resolution server returns the IP address 125.88.193.213 to the client, and the client displays the web page corresponding to the IP address 125.88.193.213.

由上述实施例可知,本技术方案能够根据用户获取的IP提供最佳解析方案,从而保证用户正常访问业务,减少公司核心利益受侵害的可能性。It can be seen from the above embodiments that the technical solution can provide the best resolution solution according to the IP obtained by the user, thereby ensuring the normal access of the user to the service and reducing the possibility of infringing the company's core interests.

在另一实施例中,参考指标为第二IP地址对应的网页特征信息是否在白名单中。如图4所示,为参考指标获取步骤流程图之二。包括:In another embodiment, the reference indicator is whether the webpage feature information corresponding to the second IP address is in the whitelist. As shown in Figure 4, it is the second flow chart of the steps for obtaining the reference index. include:

步骤S1031’:通过Java Script引擎扫描第二IP地址对应的网页的dom树;Step S1031': scan the dom tree of the web page corresponding to the second IP address by the Java Script engine;

步骤S1032’:将扫描获取的网页特征信息与白名单内的信息相比较,判断第二IP地址对应的网页特征信息是否在白名单内,比较结果即为参考指标。Step S1032': Compare the webpage characteristic information obtained by scanning with the information in the whitelist, and determine whether the webpage characteristic information corresponding to the second IP address is in the whitelist, and the comparison result is the reference index.

相应地,根据参考指标在客户端显示正确的页面的步骤具体为:Correspondingly, the steps for displaying the correct page on the client side according to the reference indicators are as follows:

第二IP地址对应的网页特征信息不在白名单内,则判定用户域名被劫持,通知客户端显示第一IP地址对应的网页;否则,通知客户端显示第二IP地址对应的网页。If the feature information of the webpage corresponding to the second IP address is not in the whitelist, it is determined that the user domain name is hijacked, and the client is notified to display the webpage corresponding to the first IP address; otherwise, the client is notified to display the webpage corresponding to the second IP address.

相对应地,在同一实施例中,针对虚拟装置来说,参考指标获取单元603获取的参考指标为第二IP地址对应的网页特征信息是否在白名单中。如图8所示,为本装置中参考指标获取单元的功能框图之二。参考指标获取单元603包括:Correspondingly, in the same embodiment, for the virtual device, the reference indicator acquired by the reference indicator acquiring unit 603 is whether the webpage feature information corresponding to the second IP address is in the whitelist. As shown in FIG. 8 , it is the second functional block diagram of the reference index obtaining unit in the device. The reference index obtaining unit 603 includes:

扫描模块6031’,用于通过Java Script引擎扫描第二IP地址对应的网页的dom树;Scanning module 6031', for scanning the dom tree of the web page corresponding to the second IP address by the JavaScript engine;

网页特征信息比较模块6032’,用于将扫描获取的网页特征信息与白名单内的信息相比较,判断第二IP地址对应的网页特征信息是否在白名单内,比较结果即为参考指标。The webpage characteristic information comparison module 6032' is used to compare the webpage characteristic information obtained by scanning with the information in the whitelist, and determine whether the webpage characteristic information corresponding to the second IP address is in the whitelist, and the comparison result is the reference index.

同理,防劫持单元604具体用于:Similarly, the anti-hijacking unit 604 is specifically used for:

第二IP地址对应的网页特征信息不在白名单内,则判定用户域名被劫持,通知客户端显示第一IP地址对应的网页;否则,通知客户端显示第二IP地址对应的网页。If the feature information of the webpage corresponding to the second IP address is not in the whitelist, it is determined that the user domain name is hijacked, and the client is notified to display the webpage corresponding to the first IP address; otherwise, the client is notified to display the webpage corresponding to the second IP address.

对于本实施例来说,当用户在搜索栏“过冷度”,根据该关键词,产生用户域名请求指令,业务域名解析服务器根据该请求指令获得对应的IP地址。在客户端,根据该IP地址显示相应的网页。但是,网页实际发生了篡改,在客户端显示的网页如图5所示。此时,客户端前端Java Script引擎扫描IP地址对应的网页的dom树,将获取的网页特征信息与白名单内的信息进行比较,发现该网页信息并没有出现在白名单中,可以知道此时客户端显示的网页发生了篡改。为了修正显示出错的结果,需要将第一IP地址对应的网页在客户端上显示,即可出现正常的网页信息。For this embodiment, when the user searches "supercooling degree" in the search bar, a user domain name request instruction is generated according to the keyword, and the service domain name resolution server obtains the corresponding IP address according to the request instruction. On the client side, the corresponding web page is displayed according to the IP address. However, the webpage has actually been tampered with, and the webpage displayed on the client is shown in Figure 5. At this time, the front-end Java Script engine of the client scans the dom tree of the webpage corresponding to the IP address, compares the obtained webpage feature information with the information in the whitelist, and finds that the webpage information does not appear in the whitelist, so we can know that at this time The web page displayed by the client has been tampered with. In order to correct the displayed error result, the web page corresponding to the first IP address needs to be displayed on the client, so that normal web page information can appear.

由上述实施例描述可知,本技术方案需要页面主体加载完成后的空闲时间内去扫描客户端显示的页面信息,然后再进行纠错处理,客户端显示正确页面的时效性不强。为克服这一情况,经过一次防劫持,可知被篡改的第二IP地址对应的网页特征信息为非法篡改的信息,直接将Java Script引擎扫描获取的网页特征信息作为依据,以后再产生“过冷度”对应的域名解析时,就直接判断出页面是否发生过去相类似的篡改。当出现类似的篡改时,可以不用在客户端显示出被篡改的页面,直接在客户端显示出正确的页面信息。这样,不仅在保障用户正常访问业务的基础上,提升了用户的体验度和时效性。As can be seen from the description of the above embodiments, this technical solution needs to scan the page information displayed by the client within the idle time after the page main body is loaded, and then perform error correction processing. In order to overcome this situation, after an anti-hijacking process, it can be seen that the web page feature information corresponding to the tampered second IP address is illegally tampered with, and the web page feature information scanned by the Java Script engine is directly used as the basis, and the “too cold” is generated later. When the domain name corresponding to the “degree” is resolved, it can directly determine whether the page has been tampered with in the past. When similar tampering occurs, the correct page information can be directly displayed on the client side without displaying the tampered page on the client side. In this way, not only the user's normal access to services is guaranteed, but also the user's experience and timeliness are improved.

由上述两个实施例可知,本技术方案可以减少公司核心利益受侵害的可能,并且保障用户正常访问业务的体验度。It can be seen from the above two embodiments that the technical solution can reduce the possibility of infringing the core interests of the company, and ensure the user's experience of normal access to services.

在此处所提供的说明书中,说明了大量具体细节。然而,能够理解,本发明的实施例可以在没有这些具体细节的情况下实践。在一些实例中,并未详细示出公知的方法、结构和技术,以便不模糊对本说明书的理解。In the description provided herein, numerous specific details are set forth. It will be understood, however, that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure an understanding of this description.

类似地,应当理解,为了精简本公开并帮助理解各个发明方面中的一个或多个,在上面对本发明的示例性实施例的描述中,本发明的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而,并不应将该公开的方法解释成反映如下意图:即所要求保护的本发明要求比在每个权利要求中所明确记载的特征更多的特征。更确切地说,如下面的权利要求书所反映的那样,发明方面在于少于前面公开的单个实施例的所有特征。因此,遵循具体实施方式的权利要求书由此明确地并入该具体实施方式,其中每个权利要求本身都作为本发明的单独实施例。Similarly, it is to be understood that in the above description of exemplary embodiments of the invention, various features of the invention are sometimes grouped together into a single embodiment, figure, or its description. This disclosure, however, should not be construed as reflecting an intention that the invention as claimed requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of this invention.

本领域那些技术人员可以理解,可以对实施例中的设备中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个设备中。可以把实施例中的模块或单元或组件组合成一个模块或单元或组件,以及此外可以把它们分成多个子模块或子单元或子组件。除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外,可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者设备的所有过程或单元进行组合。除非另外明确陈述,本说明书(包括伴随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征来代替。Those skilled in the art will understand that the modules in the device in the embodiment can be adaptively changed and arranged in one or more devices different from the embodiment. The modules or units or components in the embodiments may be combined into one module or unit or component, and further they may be divided into multiple sub-modules or sub-units or sub-assemblies. All features disclosed in this specification (including accompanying claims, abstract and drawings) and any method so disclosed may be employed in any combination unless at least some of such features and/or procedures or elements are mutually exclusive. All processes or units of equipment are combined. Each feature disclosed in this specification (including accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.

此外,本领域的技术人员能够理解,尽管在此所述的一些实施例包括其它实施例中所包括的某些特征而不是其它特征,但是不同实施例的特征的组合意味着处于本发明的范围之内并且形成不同的实施例。例如,在权利要求书中,所要求保护的实施例的任意之一都可以以任意的组合方式来使用。Furthermore, it will be understood by those skilled in the art that although some of the embodiments described herein include certain features, but not others, included in other embodiments, that combinations of features of different embodiments are intended to be within the scope of the invention within and form different embodiments. For example, in the claims, any of the claimed embodiments may be used in any combination.

本发明的各个部件实施例可以以硬件实现,或者以在一个或者多个处理器上运行的软件模块实现,或者以它们的组合实现。本领域的技术人员应当理解,可以在实践中使用微处理器或者数字信号处理器(DSP)来实现根据本发明实施例的自然背景中图像边缘定位装置中的一些或者全部部件的一些或者全部功能。本发明还可以实现为用于执行这里所描述的方法的一部分或者全部的设备或者装置程序(例如,计算机程序和计算机程序产品)。这样的实现本发明的程序可以存储在计算机可读介质上,或者可以具有一个或者多个信号的形式。这样的信号可以从因特网网站上下载得到,或者在载体信号上提供,或者以任何其他形式提供。Various component embodiments of the present invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art should understand that a microprocessor or a digital signal processor (DSP) may be used in practice to implement some or all of the functions of some or all of the components of the apparatus for locating image edges in the natural background according to embodiments of the present invention . The present invention can also be implemented as apparatus or apparatus programs (eg, computer programs and computer program products) for performing part or all of the methods described herein. Such a program implementing the present invention may be stored on a computer-readable medium, or may be in the form of one or more signals. Such signals may be downloaded from Internet sites, or provided on carrier signals, or in any other form.

应该注意的是上述实施例对本发明进行说明而不是对本发明进行限制,并且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施例。在权利要求中,不应将位于括号之间的任何参考符号构造成对权利要求的限制。单词“包含”不排除存在未列在权利要求中的元件或步骤。位于元件之前的单词“一”或“一个”不排除存在多个这样的元件。本发明可以借助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。在列举了若干装置的单元权利要求中,这些装置中的若干个可以是通过同一个硬件项来具体体现。单词第一、第二、以及第三等的使用不表示任何顺序。可将这些单词解释为名称。It should be noted that the above-described embodiments illustrate rather than limit the invention, and that alternative embodiments may be devised by those skilled in the art without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention can be implemented by means of hardware comprising several different elements and by means of a suitably programmed computer. In a unit claim enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the words first, second, and third, etc. do not denote any order. These words can be interpreted as names.

至此,本领域技术人员应认识到,虽然本文已详尽示出和描述了本发明的多个示例性实施例,但是,在不脱离本发明精神和范围的情况下,仍可根据本发明公开的内容直接确定或推导出符合本发明原理的许多其他变型或修改。因此,本发明的范围应被理解和认定为覆盖了所有这些其他变型或修改。By now, those skilled in the art will recognize that, although various exemplary embodiments of the present invention have been illustrated and described in detail herein, the present invention may still be implemented in accordance with the present disclosure without departing from the spirit and scope of the present invention. The content directly determines or derives many other variations or modifications consistent with the principles of the invention. Accordingly, the scope of the present invention should be understood and deemed to cover all such other variations or modifications.

以上具体实施方式,对本发明的目的、技术方案和有益效果进行了进一步详细说明,所应理解的是,以上仅为本发明的具体实施方式而已,并不用于限定本发明的保护范围,凡在本发明的精神和原则之内,所做的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The above specific embodiments further describe the purpose, technical solutions and beneficial effects of the present invention in detail. It should be understood that the above are only specific embodiments of the present invention, and are not intended to limit the protection scope of the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention shall be included within the protection scope of the present invention.

Claims (8)

1.一种网页防劫持的方法,其特征在于,包括:1. a method for preventing hijacking of webpage, is characterized in that, comprises: 获取用户域名请求指令;Get the user domain name request instruction; 对所述用户域名请求指令进行解析,获得第一IP地址和第二IP地址;Parsing the user domain name request instruction to obtain a first IP address and a second IP address; 利用所述第一IP地址和第二IP地址获得参考指标;其中,从业务域名服务器上获取第一IP地址,从客户端获取由运营商域名服务器返回的第二IP地址;Using the first IP address and the second IP address to obtain the reference index; wherein, the first IP address is obtained from the service domain name server, and the second IP address returned by the operator's domain name server is obtained from the client; 根据所述参考指标通知客户端显示正确的页面,实现网页防劫持;Notify the client to display the correct page according to the reference indicator, so as to realize anti-hijacking of the webpage; 其中,比较所述第一IP地址与所述第二IP地址是否相同,得到的第一IP地址和第二IP地址是否相同的比较结果即为参考指标;Wherein, comparing whether the first IP address and the second IP address are the same, the obtained comparison result of whether the first IP address and the second IP address are the same is the reference index; 其中,在第一IP地址与第二IP地址不相同时,则判定用户域名被劫持,通知客户端显示所述第一IP地址对应的网页;否则,则判定用户域名没有被劫持,通知客户端显示所述第一IP地址对应的网页或所述第二IP地址对应的网页。Wherein, when the first IP address is different from the second IP address, it is determined that the user domain name is hijacked, and the client is notified to display the webpage corresponding to the first IP address; otherwise, it is determined that the user domain name is not hijacked, and the client is notified The webpage corresponding to the first IP address or the webpage corresponding to the second IP address is displayed. 2.如权利要求1所述的方法,其特征在于,所述参考指标为第二IP地址对应的网页特征信息是否在白名单中。2 . The method of claim 1 , wherein the reference indicator is whether the webpage feature information corresponding to the second IP address is in a whitelist. 3 . 3.如权利要求2所述的方法,其特征在于,所述利用所述第一IP地址和第二IP地址获得参考指标步骤包括:3. The method of claim 2, wherein the step of obtaining a reference index by using the first IP address and the second IP address comprises: 通过Java Script引擎扫描第二IP地址对应的网页的dom树;Scan the dom tree of the web page corresponding to the second IP address through the JavaScript engine; 将扫描获取的网页特征信息与白名单内的信息相比较,判断所述第二IP地址对应的网页特征信息是否在所述白名单内,比较结果即为参考指标。Comparing the webpage feature information obtained by scanning with the information in the whitelist, it is determined whether the webpage characteristic information corresponding to the second IP address is in the whitelist, and the comparison result is a reference index. 4.如权利要求3所述的方法,其特征在于,所述根据所述参考指标通知客户端显示正确的页面的步骤具体为:4. The method according to claim 3, wherein the step of notifying the client to display the correct page according to the reference index is specifically: 所述第二IP地址对应的网页特征信息不在所述白名单内,则判定用户域名被劫持,通知客户端显示所述第一IP地址对应的网页;否则,客户端显示所述第二IP地址对应的网页。If the feature information of the webpage corresponding to the second IP address is not in the white list, it is determined that the user domain name is hijacked, and the client is notified to display the webpage corresponding to the first IP address; otherwise, the client displays the second IP address the corresponding webpage. 5.一种网页防劫持的装置,其特征在于,包括:5. A device for preventing hijacking of webpages, comprising: 域名请求获取单元,用于获取用户域名请求指令;A domain name request obtaining unit, used to obtain a user domain name request instruction; 域名解析单元,用于对所述用户域名请求指令进行解析,获得第一IP地址和第二IP地址;a domain name parsing unit, configured to parse the user domain name request instruction to obtain a first IP address and a second IP address; 参考指标获取单元,用于利用所述第一IP地址和第二IP地址获得参考指标;所述参考指标获取单元包括:初始化模块,用于从业务域名服务器上获取第一IP地址,从客户端获取由运营商域名服务器返回的第二IP地址;A reference index obtaining unit, configured to obtain a reference index by using the first IP address and the second IP address; the reference index obtaining unit includes: an initialization module, used for obtaining the first IP address from the service domain name server, from the client Obtain the second IP address returned by the operator's domain name server; 防劫持单元,用于根据所述参考指标通知客户端显示正确的页面,实现网页防劫持;An anti-hijacking unit, used for notifying the client to display the correct page according to the reference index, so as to realize webpage anti-hijacking; 其中,参考指标获取单元还包括:IP地址比较模块,用于比较所述第一IP地址与所述第二IP地址是否相同,得到的第一IP地址和第二IP地址是否相同的比较结果即为参考指标;Wherein, the reference index obtaining unit further includes: an IP address comparison module, configured to compare whether the first IP address and the second IP address are the same, and the obtained comparison result of whether the first IP address and the second IP address are the same is that as a reference indicator; 其中,防劫持单元进一步用于:在第一IP地址与第二IP地址不相同时,则判定用户域名被劫持,通知客户端显示所述第一IP地址对应的网页;否则,则判定用户域名没有被劫持,通知客户端显示所述第一IP地址对应的网页或所述第二IP地址对应的网页。Wherein, the anti-hijacking unit is further configured to: when the first IP address and the second IP address are different, determine that the user domain name is hijacked, and notify the client to display the webpage corresponding to the first IP address; otherwise, determine the user domain name If not hijacked, notify the client to display the webpage corresponding to the first IP address or the webpage corresponding to the second IP address. 6.如权利要求5所述的装置,其特征在于,所述参考指标获取单元获取的参考指标为第二IP地址对应的网页特征信息是否在白名单中。6 . The apparatus according to claim 5 , wherein the reference index obtained by the reference index obtaining unit is whether the webpage feature information corresponding to the second IP address is in a whitelist. 7 . 7.如权利要求6所述的装置,其特征在于,所述参考指标获取单元包括:7. The apparatus according to claim 6, wherein the reference index obtaining unit comprises: 扫描模块,用于通过Java Script引擎扫描第二IP地址对应的网页的dom树;The scanning module is used to scan the dom tree of the web page corresponding to the second IP address through the Java Script engine; 网页特征信息比较模块,用于将扫描获取的网页特征信息与白名单内的信息相比较,判断所述第二IP地址对应的网页特征信息是否在所述白名单内,比较结果即为参考指标。The webpage characteristic information comparison module is used to compare the webpage characteristic information obtained by scanning with the information in the whitelist, and determine whether the webpage characteristic information corresponding to the second IP address is in the whitelist, and the comparison result is the reference index . 8.如权利要求7所述的装置,其特征在于,所述防劫持单元具体用于:8. The device according to claim 7, wherein the anti-hijacking unit is specifically used for: 所述第二IP地址对应的网页特征信息不在所述白名单内,则判定用户域名被劫持,通知客户端显示所述第一IP地址对应的网页;否则,通知客户端显示所述第二IP地址对应的网页。If the feature information of the webpage corresponding to the second IP address is not in the whitelist, it is determined that the user domain name is hijacked, and the client is notified to display the webpage corresponding to the first IP address; otherwise, the client is notified to display the second IP The web page corresponding to the address.
CN201510983406.0A 2015-12-24 2015-12-24 Method and device for preventing webpage from being hijacked Active CN105610812B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510983406.0A CN105610812B (en) 2015-12-24 2015-12-24 Method and device for preventing webpage from being hijacked

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510983406.0A CN105610812B (en) 2015-12-24 2015-12-24 Method and device for preventing webpage from being hijacked

Publications (2)

Publication Number Publication Date
CN105610812A CN105610812A (en) 2016-05-25
CN105610812B true CN105610812B (en) 2019-12-06

Family

ID=55990350

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510983406.0A Active CN105610812B (en) 2015-12-24 2015-12-24 Method and device for preventing webpage from being hijacked

Country Status (1)

Country Link
CN (1) CN105610812B (en)

Families Citing this family (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106230864A (en) * 2016-09-22 2016-12-14 安徽云图信息技术有限公司 Website security detection system
CN107979611B (en) * 2017-12-18 2020-09-29 北京奇艺世纪科技有限公司 Method and device for judging file hijacking
CN108494728B (en) * 2018-02-07 2021-01-26 平安普惠企业管理有限公司 Method, device, equipment and medium for creating blacklist library for preventing traffic hijacking
CN108494762A (en) * 2018-03-15 2018-09-04 广州优视网络科技有限公司 Web access method, device and computer readable storage medium, terminal
CN112511499B (en) * 2020-11-12 2023-03-24 视若飞信息科技(上海)有限公司 Method and device for processing AIT in HBBTV terminal
CN113094619A (en) * 2021-04-22 2021-07-09 杭州推啊网络科技有限公司 Method and system for detecting cheating returned by advertisement landing page

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102685074A (en) * 2011-03-14 2012-09-19 国基电子(上海)有限公司 Anti-phishing network communication system and method
CN103118026A (en) * 2013-02-01 2013-05-22 北京奇虎科技有限公司 Method and device for displaying web address security identification information
CN103401836A (en) * 2013-07-01 2013-11-20 北京卓易讯畅科技有限公司 Method and device used for judging whether webpage is hijacked by ISP (internet service provider) or not
CN103825895A (en) * 2014-02-24 2014-05-28 联想(北京)有限公司 Information processing method and electronic device
CN103916490A (en) * 2014-04-03 2014-07-09 深信服网络科技(深圳)有限公司 DNS tamper-proof method and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102685074A (en) * 2011-03-14 2012-09-19 国基电子(上海)有限公司 Anti-phishing network communication system and method
CN103118026A (en) * 2013-02-01 2013-05-22 北京奇虎科技有限公司 Method and device for displaying web address security identification information
CN103401836A (en) * 2013-07-01 2013-11-20 北京卓易讯畅科技有限公司 Method and device used for judging whether webpage is hijacked by ISP (internet service provider) or not
CN103825895A (en) * 2014-02-24 2014-05-28 联想(北京)有限公司 Information processing method and electronic device
CN103916490A (en) * 2014-04-03 2014-07-09 深信服网络科技(深圳)有限公司 DNS tamper-proof method and device

Also Published As

Publication number Publication date
CN105610812A (en) 2016-05-25

Similar Documents

Publication Publication Date Title
CN105610812B (en) Method and device for preventing webpage from being hijacked
CN103561120B (en) Detect method, the processing method of device and suspicious DNS, the system of suspicious DNS
US9215242B2 (en) Methods and systems for preventing unauthorized acquisition of user information
US9747441B2 (en) Preventing phishing attacks
US8646071B2 (en) Method and system for validating site data
US9251282B2 (en) Systems and methods for determining compliance of references in a website
US20180219907A1 (en) Method and apparatus for detecting website security
CN103179125B (en) Method for displaying website authentication information and browser
US20130111594A1 (en) Detection of dom-based cross-site scripting vulnerabilities
CN106789939B (en) Method and device for detecting phishing website
US20130007870A1 (en) Systems for bi-directional network traffic malware detection and removal
CN103685294B (en) Method and device for identifying attack sources of denial of service attack
US20130007882A1 (en) Methods of detecting and removing bidirectional network traffic malware
US20160112405A1 (en) System, Network Terminal, Browser And Method For Displaying The Relevant Information Of Accessed Website
CN103491543A (en) Method for detecting malicious websites through wireless terminal, and wireless terminal
CN103685258A (en) Method and device for fast scanning website loopholes
CN103618696B (en) Method and server for processing cookie information
US20200092333A1 (en) Content policy based notification of application users about malicious browser plugins
US11461484B2 (en) Capturing contextual information for data accesses to improve data security
US10104116B2 (en) System for detecting link spam, a method, and an associated computer readable medium
CN111131236A (en) Web fingerprint detection device, method, equipment and medium
WO2015188604A1 (en) Phishing webpage detection method and device
CN105515882B (en) Website security detection method and device
US10931688B2 (en) Malicious website discovery using web analytics identifiers
CN102664913B (en) Method and device for webpage access control

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20220720

Address after: Room 801, 8th floor, No. 104, floors 1-19, building 2, yard 6, Jiuxianqiao Road, Chaoyang District, Beijing 100015

Patentee after: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Address before: 100088 room 112, block D, 28 new street, new street, Xicheng District, Beijing (Desheng Park)

Patentee before: BEIJING QIHOO TECHNOLOGY Co.,Ltd.

Patentee before: Qizhi software (Beijing) Co.,Ltd.