摘要

网站作为信息的载体在互联网高速发展的今天正起着越来越重要的作用。然而由于各类Web应用系统的复杂性和多样性，导致系统漏洞层出不穷，黑客入侵和篡改页面时有发生。针对这些问题，网站防篡改系统应运而生。防篡改作为网站保护的一种重要技术正受到越来越多的关注。

本文应用时间轮询技术，加MD5加密技术，对需要保护的文件进行了特征值加密，在客户端与服务端之间传输命令，再由服务端将其存入数据库。这样在UDP传输时可以更好的体现出其传输效率问题的同时，也避免了安全问题。相比较全文对比提高了工作效率。并且节省了带宽，降低了服务器cpu的使用率与内存使用率。同时本文分析了网站防篡改系统的发展与国内外现状，对国内外防篡改软件进行了对比，介绍了本文相关技术所涉及的要点如基于UDP协议的字符串传输，利用WMI进行远程关机，还有利用C#的mail实例进行邮件发送。在本文最后，进行了测试。在网站端不被控制的情况下可以实现快速的内容替换，从而将负面影响降低到最低。并且通过email发送模块发邮件提示管理员网站已经遭到篡改。在恢复网站失败后，将采取远程自动关机，用以保护服务器的安全。测试结果均符合预期。

关键词：网站安全；防篡改；部署；设计

Abstract

As a carrier of information, web pages are playing a more and more important role in the rapid development of the Internet today. However, because of the complexity and diversity of all kinds of Web application systems, the system vulnerabilities emerge endlessly, and hacking and tampering pages occur from time to time. Aiming at these problems, the tamper-proof system of web pages emerges as the times require. Tamper-proof as an important technology of web page protection is receiving more and more attention.

In this paper, we use the technology of time polling and MD5 encryption to encrypt the files that need to be protected, transmit commands between the client and the server, and save them to the database by the server. In this way, UDP transmission can better reflect its transmission efficiency, but also avoid security problems. Compared with the full text, the work efficiency is improved. And save bandwidth, reduce server cpu usage and memory usage. At the same time, this paper analyzes the development of the tamper-proof system of web pages and the present situation at home and abroad, compares the domestic and foreign tamper-proof software, and introduces the key points of the related technologies in this paper. Such as string transmission based on UDP protocol, remote shutdown using WMI, and email sending using mail instance of C #. At the end of this paper, the test is carried out. Rapid content substitution can be achieved without the control of the webpage end, thus minimizing the negative effects. And through the email sending module email prompted the administrator web page has been tampered with. After page recovery fails, remote automatic shutdown is used to secure the server. The test results are in line with expectations.

Keywords: Web security; tamper-proof; deployment; design

摘要

Abstract

目 录

目录