| Under the development and popularization of internet, government agencies and enterprises, even individuals have established their own web sites. However, they quickly become hackers' target because of their openness for the need. Among all hacker's attacks, website defacement is the most serious one. So, the most urgent problem is how to ensure the safety of websites. According to the condition, defacement-proof technology emerges and becomes more and more sophisticated.After generations'development, file filter driver technology adds event-triggered technology and file recovery mechanism is mainly applied for the current defacement-proof products. The principles of these products are almost the same: websites are checked by the testing program and the recovery is made after defacement contents being found. However, possible errors and mistakes are still existed. This paper puts forward a defacement-proof mechanism with active defense by refusing illegal modification behavior of the web page document. It is a modified mechanism based on existing technology. The mechanism requires administrator to set up web documents into a controlled object and set an authorization code for it. The code will be required when operation behavior to the controlled object is found by the file system filter driver, and those unauthorized illegal defacement will be refused. Administrator can modify the document by input a particular authorization codes in specific programs when modification is needed. This mechanism can also ensure its own safety and continuance, so it really achieves the goal of active defense. |
PDF Full Text Request