Design And Implementation Of Web Anti-Tampering System Based On LAMP

A wide variety and the growing popularity of Internet applications and the dependent on networks to access information freom all walks of business to everyday's life further promote the development of the Internet and accelerating the speed of the site construction. With the construction of large-scale Websites, hacking and tampering Web pages have also followed. In response to Web security threats, building a complete network security system to become the content of current information security field is an important issue.The system puts forward a new tamper-resistant system design framework for Web pages based on LAMP platform, protect a protected directory from the user mode and kernel-mode using the latest updated file system discovery mechanism and a more lightweight digital signature algorithm. This architecture improved system performance greatly. At the same time being different from the existing Web page tamper-resistant products, the system put the backup server and publishing server in parallel configuration making backup server hidden in the site located within the network management staff. This design further improve the safety performance of the system.The system will be released into the main function of the publishing server module, Apache embedded modules, the core of embedded modules. The publishing server uses the latest updated file system discovery mechanism:Inotify. The introduction of this mechanism let the time from finding changes in filesystem to the end of the secure transmission to be several seconds. Meanwhile the publishing server supports the secure transmission between the publishling server mode and the Web server mode. Publishing server module will activate an backup-restore thread after received an request message. This thread re-send the file been tampered to the Web server. Apache embedded modules use the idea of bottom half mechanism in interrupt handler implementation. This module notify the primary receiver process at the Web server site the name of the file been tampered using shared memory. This primary receiver process starts an thread to retransmit the Web document. This design makes the Apache built-in modules as simple as possible and meets the requirements of high-concurrency of Apache server. Embedded core module checks the legitimacy of the process from the file system driver layer with black and white list management. This module take the initiative to end the process and sends the corresponding alarm information after the discovery of illegal process and fundamentally stop the illegal behavior of Web pages. Based on the above three modules, this system achieve a tamper detection, tamper recovery, system alarms and other basic functions eliminating the possibility of hackers illegally tampering with Web pages from both the user mode and kernel-mode. In order to further increase the system security performance, the system is designed to join the system security module. This module greatly enhanced the security of this system with distributed anti-tampering module and systems hidden module. With the right combination of Apache server configuration, the system's security are greatly enhanced.