[go: up one dir, main page]

WO2018166365A1 - Procédé et dispositif d'enregistrement de journal d'accès de site internet - Google Patents

Procédé et dispositif d'enregistrement de journal d'accès de site internet Download PDF

Info

Publication number
WO2018166365A1
WO2018166365A1 PCT/CN2018/077965 CN2018077965W WO2018166365A1 WO 2018166365 A1 WO2018166365 A1 WO 2018166365A1 CN 2018077965 W CN2018077965 W CN 2018077965W WO 2018166365 A1 WO2018166365 A1 WO 2018166365A1
Authority
WO
WIPO (PCT)
Prior art keywords
access
request
information
identifier
log
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/CN2018/077965
Other languages
English (en)
Chinese (zh)
Inventor
吴鸣刚
乔平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Group Holding Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Publication of WO2018166365A1 publication Critical patent/WO2018166365A1/fr
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/06Management of faults, events, alarms or notifications
    • H04L41/069Management of faults, events, alarms or notifications using logs of notifications; Post-processing of notifications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0876Network architectures or network communication protocols for network security for authentication of entities based on the identity of the terminal or configuration, e.g. MAC address, hardware or software configuration or device fingerprint

Definitions

  • the present application relates to the field of network technologies, and in particular, to a method and apparatus for recording a website access log.
  • the user's access behavior can be recorded to the website access log, which is used to implement functions such as user behavior analysis.
  • the user sends an access request to the server of the website, and the server of the website returns the website information requested by the user to the user, and after sending the access request, the user sends a log record request corresponding to the access request to the server of the website,
  • the server of the website records the access behavior generated by the user under the access request to the website access log based on the log record request.
  • the inventor has found through research that some users will forge a log request corresponding to the access request and send it to the server of the website without actually accessing the website information, so that the server of the website will not actually have a user who actually happened.
  • the access behavior is logged to the website access log to achieve malicious behavior such as swiping web access traffic.
  • the server of the website receives the log request of the user, it often cannot accurately distinguish whether the user access behavior requested by the user has actually occurred. Therefore, the server of the website inevitably records the user access behavior that has not actually occurred. Go to the website access log.
  • the technical problem to be solved by the embodiments of the present application is to provide a method and apparatus for recording a website access record, so that the server of the website can accurately distinguish whether the user access behavior requested by the user is true when receiving the user's log record request. Occurs, so that the server of the website will not record the user access behavior that has actually occurred to the website access log.
  • an embodiment of the present application provides a system for recording a website access log, including a client and a server system;
  • the server system is configured to receive an access request sent by the client, and obtain related information of the access request, generate a first fingerprint information by using a fingerprint algorithm, and send the first fingerprint information to the client.
  • the identifier information of the first fingerprint information is received, and a log record request for requesting the record of the access behavior is received, and related information of the access behavior is obtained, and the information about the access behavior is generated by the fingerprint algorithm.
  • Fingerprint information if the log record satisfies the recording condition, the access behavior is recorded to the website access log according to the log record request, and if the log record does not satisfy the record condition, the access is refused according to the log record request Behavior recorded to the website access log;
  • the client is configured to send an access request to the server system, and receive the identifier information returned by the server system for the access request, and carry the identifier information in the log access request to the server.
  • System sending
  • the recording condition is that the log record request carries the identifier information and the first fingerprint information is the same as the second fingerprint information.
  • the embodiment of the present application provides a method for recording a website access log, which is applied to a server system, and includes:
  • the access behavior is recorded to the website access log according to the log record request;
  • the recording condition is that the log record request carries the identifier information and the first fingerprint information is the same as the second fingerprint information.
  • the embodiment of the present application provides a method for recording a website access log, which is applied to a client, and includes:
  • the recording condition is that the log record request carries the identifier information and the first fingerprint information is the same as the second fingerprint information.
  • the embodiment of the present application provides an apparatus for recording a website access log, which is configured in a server system, and includes:
  • a first receiving unit configured to receive an access request sent by the client
  • a first acquiring unit configured to acquire related information of the access request
  • a first generating unit configured to generate, by using a fingerprint algorithm, related information of the access request to generate first fingerprint information
  • a sending unit configured to send, to the client, identifier information that carries the first fingerprint information
  • a second receiving unit configured to receive a log record request, where the log record request is used to request to record an access behavior
  • a second obtaining unit configured to acquire related information about the access behavior
  • a second generating unit configured to generate, by using the fingerprint algorithm, related information of the access behavior to generate second fingerprint information
  • a recording unit configured to record the access behavior to a website access log according to the log record request if the log record request satisfies a record condition
  • a rejecting unit configured to refuse to record the access behavior to a website access log according to the log record request if the log record request does not satisfy the record condition
  • the recording condition is that the log record request carries the identifier information and the first fingerprint information is the same as the second fingerprint information.
  • the embodiment of the present application provides a device for recording a website access log, which is configured on a client, and includes:
  • a first sending unit configured to send an access request to the server system, so that the server system acquires related information of the access request and generates first fingerprint information by using a fingerprint algorithm to generate related information of the access request;
  • a receiving unit configured to receive the identifier information sent by the server system, where the identifier information carries the first fingerprint information
  • a second sending unit configured to: send the identifier information to a server system for requesting to record an access behavior, so that the server system uses the fingerprint algorithm to perform information about the access behavior Generating second fingerprint information, recording the access behavior to the website access log according to the log record request if the log record request satisfies the record condition, and rejecting if the log record does not satisfy the record condition Recording the access behavior to a website access log according to the log record request;
  • the recording condition is that the log record request carries the identifier information and the first fingerprint information is the same as the second fingerprint information.
  • the server system of the website may increase the fingerprint verification of the access request in the process of recording the access behavior.
  • the server system can determine whether the access behavior of the request record corresponds to the access request that the server system has received, thereby being able to accurately distinguish whether the access behavior of the user request record has actually occurred.
  • the server system of the website when receiving the access request sent by the client, may generate the first fingerprint information based on the related information of the access request and carry the information in the identifier information to the client to indicate that the client is requesting When the access behavior corresponding to the access request is recorded, the identifier information is carried in the log record request and sent to the server system.
  • the server system of the website may generate the second fingerprint information based on the related information of the access behavior corresponding to the log record request and analyze whether the log record request satisfies the recording condition. To determine whether to log the access behavior to the website access log in accordance with the log request record.
  • the first fingerprint information and the second fingerprint information are generated by using the same fingerprint algorithm.
  • the recording condition is: the log record request carries the identifier information, and the first fingerprint information is the same as the second fingerprint information. It can be understood that if the log record request does not carry the identifier information or the second fingerprint information is different from the first fingerprint information carried by the log record request, the server system of the website does not receive the access behavior of the record requested by the log record request.
  • the access behavior has not actually occurred. If the log record request carries the identification information and the second fingerprint information is the same as the first fingerprint information carried by the log record request, the server system of the website receives the access request corresponding to the access behavior requested by the log record request, and is visible. This access behavior has actually happened. It can be seen that the server of the website can accurately distinguish whether the access behavior of the user request record actually occurs when receiving the user's log record request, so that the user access behavior that has not actually occurred can be prevented from being recorded to the website access log.
  • FIG. 1 is a schematic diagram of a network system framework involved in an application scenario in an embodiment of the present application
  • FIG. 2 is a schematic structural diagram of a system for recording a website access log according to an embodiment of the present application
  • FIG. 3 is a schematic flowchart of a method for recording a website access log according to an embodiment of the present application
  • FIG. 4 is a schematic flowchart of a method for recording a website access log according to an embodiment of the present application
  • FIG. 5 is a schematic flowchart of a method for recording a website access log according to an embodiment of the present application
  • FIG. 6 is a schematic structural diagram of an apparatus for recording a website access log according to an embodiment of the present application.
  • FIG. 7 is a schematic structural diagram of an apparatus for recording a website access log according to an embodiment of the present application.
  • This application can be used in a variety of general purpose or special purpose computing system environments or configurations.
  • the application can be described in the general context of computer-executable instructions executed by a computer, such as a program module.
  • program modules include routines, programs, objects, components, data structures, and the like that perform particular tasks or implement particular abstract data types.
  • the present application can also be practiced in a distributed computing environment where tasks are performed by remote processing devices that are connected through a communication network.
  • program modules can be located in both local and remote computer storage media including storage devices.
  • the inventor of the present application has found through research that some users will forge a log record request corresponding to the access request and send it to the server of the website without actually accessing the website information, so that the server of the website will not actually occur.
  • the user's access behavior is recorded to the website access log, so as to achieve malicious behavior such as swiping webpage access traffic.
  • the server of the website receives the log request of the user, it often cannot accurately distinguish whether the user access behavior requested by the user has actually occurred. Therefore, the server of the website inevitably records the user access behavior that has not actually occurred. Go to the website access log.
  • the server system of the website may increase the fingerprint verification of the access request in the process of recording the access behavior.
  • the server system can determine whether the access behavior of the request record corresponds to the access request that the server system has received, thereby being able to accurately distinguish whether the access behavior of the user request record has actually occurred.
  • the server system of the website receives the access request sent by the client, the first fingerprint information may be generated and returned to the client based on the related information of the access request.
  • the server system of the website when receiving the log record request, may generate the second fingerprint information based on the related information of the access behavior and determine whether the second fingerprint information is the same as the first fingerprint information carried in the log record request, thereby determining whether The access behavior is logged to the website access log in accordance with the log request record. It can be understood that, if the log record request does not carry the identifier information or the second fingerprint information is different from the first fingerprint information carried by the log record request, the server system of the website does not receive the access request corresponding to the access behavior, and is visible. The access behavior was not actually happened, but the user falsified without actually accessing the website information.
  • the server system of the website receives the access request corresponding to the access behavior requested by the log record request, and is visible. This access behavior has actually happened. It can be seen that the server of the website can accurately distinguish whether the access behavior of the user request record actually occurs when receiving the user's log record request, so that the user access behavior that has not actually occurred can be prevented from being recorded to the website access log.
  • one of the scenarios in the embodiment of the present application may be applied to an application scenario as shown in FIG. 1 .
  • the user can access the website provided by the server system 101 through the client 102, wherein the server system 101 of the website can interact with the client 102.
  • the client 102 may send an access request to the server system 101, where the access request carries related information of the access request.
  • the server system 101 may generate the first fingerprint information by using the fingerprint algorithm to generate the first fingerprint information, and send the identifier information carrying the first fingerprint information to the client 102.
  • the client 102 may send a log record request to the server system 101, where the log record request is used to request to record an access behavior corresponding to the access request, where the log record request is carried. There is related information about the access behavior and the identification information.
  • the server system 101 may generate the second fingerprint information by using the fingerprint algorithm to generate related information of the access behavior.
  • the server system 101 may record the access behavior to the website access log according to the log record request. If the log record request does not satisfy the record condition, the server system 101 may refuse to record the access behavior to the website access log according to the log record request.
  • the recording condition is that the log record request carries the identifier information and the first fingerprint information is the same as the second fingerprint information.
  • FIG. 2 a schematic structural diagram of a system for recording a website access log in the embodiment of the present application is shown.
  • the system may specifically include a client 202 and a server system 201;
  • the server system 201 is configured to receive an access request sent by the client 202, and obtain related information of the access request, and generate, by using a fingerprint algorithm, information about the access request to generate first fingerprint information, to the client.
  • 202 Send the identifier information carrying the first fingerprint information, receive a log record request for requesting the record of the access behavior, and obtain related information about the access behavior, where the information about the access behavior is obtained by using the fingerprint algorithm Generating second fingerprint information, if the log record satisfies the recording condition, recording the access behavior to the website access log according to the log record request, and rejecting the log record request if the log record does not satisfy the record condition
  • the access behavior is recorded to a website access log;
  • the client 202 is configured to send an access request to the server system 201 and receive the identifier information returned by the server system 201 for the access request, and carry the identifier information in the log access request.
  • the server system 201 sends
  • the recording condition is that the log record request carries the identifier information and the first fingerprint information is the same as the second fingerprint information.
  • the related information of the access request includes a user IP address corresponding to the access request and/or an access time corresponding to the access request;
  • the related information of the access behavior includes a user IP address corresponding to the access behavior and/or an access time corresponding to the access behavior.
  • the related information of the access request further includes a reference page referer identifier corresponding to the access request and an entry page entry identifier;
  • the related information of the access behavior further includes a referer identifier and an entry identifier corresponding to the access behavior.
  • the referer identifier corresponding to the access request is specifically a hash value of the referer address corresponding to the access request, and the entry identifier corresponding to the access request is specifically a hash value of the entry address corresponding to the access request;
  • the referer identifier corresponding to the access behavior is specifically a hash value of the referer address corresponding to the access behavior
  • the entry identifier corresponding to the access behavior is specifically a hash value of the entry address corresponding to the access behavior.
  • the identifier information further carries a referer identifier and an entry identifier corresponding to the access request;
  • the recording condition is specifically: the log record request carries the identifier information, the first fingerprint information is the same as the second fingerprint information, and the referer identifier corresponding to the access request corresponds to the access behavior
  • the referer identifier is the same, and the entry corresponding to the access request identifies an entry identifier corresponding to the access behavior.
  • the identifier information also carries an access time corresponding to the access request
  • the recording condition is specifically: the log record request carries the identifier information, the first fingerprint information is the same as the second fingerprint information, and the current time is between the access time corresponding to the access request The time difference does not exceed the effective time threshold.
  • the server of the website when the server of the website receives the log request of the user, it can accurately distinguish whether the access behavior requested by the user has actually occurred, thereby avoiding that the user access behavior that has not actually occurred is recorded to the website. Log.
  • FIG. 3 a schematic flowchart of a method for recording a website access log in the embodiment of the present application is shown.
  • the method of this embodiment can be applied to a server system such as a server system of a website.
  • the method may specifically include the following steps, for example:
  • the server system may extract some related information from the access request and generate the first fingerprint information by using the extracted fingerprint related information. Then, the server system can generate the identification information carrying the first fingerprint information and send it to the client.
  • the identifier information is used to be carried in the log record request corresponding to the access request, so that the server system performs fingerprint verification on the log record request based on the first fingerprint information.
  • the log record request corresponding to the access request is used to record the access behavior corresponding to the access request.
  • the client may adopt different processing manners on the identifier information, and therefore, the server system may receive different log record requests. .
  • the client may carry the identification information in a log record request for requesting the real access behavior corresponding to the access request. Sent to the server system.
  • the related information of the real access behavior is also carried in the log record request. Since the real access behavior corresponds to the access request, that is, the real access behavior is generated under the access request, and therefore, related information of the real access behavior and related information of the access request the same.
  • the client may carry the identifier information in a log for requesting a forged access behavior that does not correspond to the access request.
  • the record request is sent to the server system.
  • the related information of the forged access behavior is also carried in the log record request.
  • the forged access behavior is not corresponding to the access request, that is, the forged access behavior is not generated under the access request, and therefore, the related information of the forged access behavior is related to the access request.
  • the information is not the same.
  • the client may not carry the log request in the request for requesting the forged access behavior that does not correspond to the access request.
  • the log record request is sent to the server system in the case of the identification information. Therefore, the identification information is not carried in the log record request received in the server system.
  • the recording condition is that the log record request carries the identifier information and the first fingerprint information is the same as the second fingerprint information.
  • the server system may determine whether the log record request carries the identifier information. If the log record request does not carry the identifier information, step 307 is performed. If the log record request carries the identifier information, the server system may determine whether the first fingerprint information is carried in the identifier information. If the first fingerprint information is carried in the identifier information, step 307 is performed. If the identifier information carries the first fingerprint information, the server system may obtain some related information about the access behavior of the request record from the log record request, and generate the second fingerprint information by using the fingerprint algorithm, and then determine the first Whether the fingerprint information and the second fingerprint information are the same. If they are the same, step 306 is performed. If not, step 307 is performed.
  • the client-initiated logging request is used to request the recording of the forged access behavior
  • the forged access behavior is not the real access behavior generated under the access request received by the server system
  • the information related to the forgery of the access behavior needs to be different from the information related to the access request received by the server system. Therefore, based on the same fingerprint algorithm, the first fingerprint information and the second fingerprint information are different. It can be seen that, for the log record request received by the server system, if it is determined that the first fingerprint information is different from the second fingerprint information, it may be determined that the access behavior requested by the log record request is a forged access behavior and is not true.
  • the log request initiated by the client is used to request the real access behavior generated under the access request
  • the information about the real access behavior is the same as the information about the access request received by the server, and therefore, based on the same
  • the fingerprint algorithm is the same as the first fingerprint information and the second fingerprint information. It can be seen that, for the log record request received by the server system, if it is determined that the first fingerprint information is the same as the second fingerprint information, it may be determined that the access behavior requested by the log record request is a real occurrence of the access behavior, thereby This access behavior can be logged to the website access log.
  • the related information of the access request represents information for generating first fingerprint information
  • the related information of the access behavior represents information for generating second fingerprint information. Since the related information of the access request can be used to describe the access request, related information of the access behavior can be used to describe the access behavior, and therefore, the first fingerprint information can function to identify the access request, and the second fingerprint information Can play the role of identifying the access behavior. Therefore, the first fingerprint information and the second fingerprint information can be used to distinguish whether the access behavior is an action generated under the access request, thereby implementing fingerprint verification for a log recording request.
  • the plurality of different related information of the access request may be used to generate first fingerprint information, and correspondingly, the plurality of different related information of the access behavior may be used to generate second fingerprint information.
  • the forgery of the access behavior can be implemented by modifying the user IP address corresponding to the actually generated access request, and the forged access behavior and the real access request often have different user IP addresses. Therefore, in some implementations of this embodiment, the user IP address corresponding to the access request may be used to generate first fingerprint information, and correspondingly, the user IP address corresponding to the access behavior may be used to generate second fingerprint information. That is, the related information of the access request may include a user IP address corresponding to the access request, and correspondingly, the related information of the access behavior may include a user IP address corresponding to the access behavior.
  • the forgery of the access behavior can also be implemented by modifying the access time corresponding to the actual occurrence of the access request, and the forged access behavior often has a different access time than the real access request. Therefore, in other implementation manners of the embodiment, the access time corresponding to the access request may be used to generate the first fingerprint information, and correspondingly, the access time corresponding to the access behavior may be used to generate the second fingerprint information. That is, the related information of the access request may include an access time corresponding to the access request, and correspondingly, the related information of the access behavior may include an access time corresponding to the access behavior.
  • the search keyword corresponding to the access request may be used to generate first fingerprint information, and correspondingly, the search keyword corresponding to the access behavior may be used to generate a second fingerprint.
  • the information, that is, the related information of the access request may include a search keyword corresponding to the access request, and correspondingly, the related information of the access behavior may include a search keyword corresponding to the access behavior.
  • the forgery of the access behavior can also be implemented by modifying the reference page referer and the entry page entry corresponding to the actual occurrence of the access request.
  • the forged access behavior and the real access request often have different referer identifiers and different entry identifiers. . Therefore, in still another embodiment of the present embodiment, the referer identifier and the entry identifier corresponding to the access request may be used to generate first fingerprint information, and correspondingly, the referer identifier and the entry identifier corresponding to the access behavior may be used.
  • the second fingerprint information is generated, that is, the related information of the access request may include a referer identifier and an entry identifier corresponding to the access request.
  • the related information of the access behavior may include a referer identifier and an entry identifier corresponding to the access behavior.
  • the referer can also be called the source page, and the entry can also be called the current page.
  • the user requests access to the entry when accessing the referer; for an access behavior, the webpage currently accessed by the user is an entry, and the webpage accessed by the user before the current webpage is a referer.
  • the referer identifier may be a hash value of the referer address url, and the entry identifier may be a hash value of the entry address url.
  • the referer identifier corresponding to the access request may be a hash value of the referer address corresponding to the access request
  • the entry identifier corresponding to the access request may be a hash value of the entry address corresponding to the access request.
  • the referer identifier corresponding to the access behavior may be a hash value of the referer address corresponding to the access behavior
  • the entry identifier corresponding to the access behavior may specifically be a hash of the entry address corresponding to the access behavior. value.
  • the first fingerprint information and the second fingerprint information may be generated by any one or more kinds of information mentioned above, that is, related information of the access request and the access behavior are related.
  • the information may include any one or more of the information mentioned above.
  • the first fingerprint information may be generated by the user IP address, the access time, the referer identifier, and the entry identifier corresponding to the access request, that is, the related information of the access request may include a user IP address corresponding to the access request
  • the second fingerprint information may be generated by the user IP address, the access time, the referer identifier, and the entry identifier corresponding to the access behavior, that is, the related information of the access behavior may include The user IP address, access time, referer identifier, and entry identifier corresponding to the access behavior.
  • the plurality of related information of the access request may be connected to a character string, for example, by an anchor symbol or the like.
  • the string is the first fingerprint information.
  • the user IP address, the access time, the hash value of the referer address, and the hash value of the entry address corresponding to the access request may be connected to the first fingerprint information by means of an anchor symbol or the like.
  • the second fingerprint information includes a plurality of related information of the access behavior
  • the plurality of related information of the access behavior may be connected to a character string, for example, by an anchor symbol or the like. That is, the second fingerprint information.
  • the user IP address, the access time, the hash value of the referer address, and the hash value of the entry address corresponding to the access behavior may be connected to the second fingerprint information by means of an anchor symbol or the like.
  • the log record request may be further verified by other verification methods to further identify whether the access behavior requested by the log record request is actually generated. Over.
  • the server system can verify whether the referer and the entry corresponding to the access behavior are related to whether the identifier information is carried in the log request and whether the first fingerprint information and the second fingerprint information are the same.
  • the referer and entry corresponding to the access request are the same.
  • the identifier information may carry a referer identifier and an entry identifier in addition to the first fingerprint information.
  • the recording condition may include: the log record request carries the identifier information, the first fingerprint information is the same as the second fingerprint information, and the referer identifier corresponding to the access request corresponds to the access behavior
  • the referer identifier is the same, and the entry identifier corresponding to the access request identifies an entry identifier corresponding to the access behavior.
  • 306 is performed 306 in the case where the above-described recording condition is completely satisfied
  • 307 is performed in the case where the above-described recording condition is not completely satisfied.
  • the referer identifier and the entry identifier corresponding to the access request are the same as the referer identifier and the entry identifier corresponding to the access behavior
  • 307 is executed.
  • the referer identifier and the entry identifier corresponding to the access request are different from the referer identifier and the entry identifier corresponding to the access behavior, even if the first fingerprint information is the same as the second fingerprint information, 307 is performed. .
  • the server system may require the client to be effective after the access request occurs, in addition to verifying whether the identifier information is carried in the log request and whether the first fingerprint information and the second fingerprint information are the same.
  • the log request is initiated within the time, that is, the server system can also verify whether the access time corresponding to the access request is within the valid time threshold.
  • the identifier information may carry the access time corresponding to the access request in addition to the first fingerprint information.
  • the recording condition may include: the log record request carrying the identifier information, the first fingerprint information being the same as the second fingerprint information, and an access time corresponding to the access request at a current time The time difference between them does not exceed the effective time threshold.
  • 306 is performed 306 in the case where the above-described recording condition is completely satisfied
  • 307 is performed in the case where the above-described recording condition is not completely satisfied. For example, if the first fingerprint information is different from the second fingerprint information, 307 is performed even if the time difference between the current time and the access time corresponding to the access request does not exceed the effective time threshold. For another example, if the time difference between the current time and the access time corresponding to the access request exceeds the effective time threshold, even if the first fingerprint information is the same as the second fingerprint information, 307 is performed.
  • the client may be a browser running on the user terminal, or may be a client program of a web application running on the user terminal.
  • the identification information may be specifically sent by the server system to the client in the form of a JS code and instructing the client to send a log record request.
  • various information to be carried in the identification information may generate a character string by means of an anchor symbol, and encode the identification information by using BASE64, and the generated feature string may be recorded as SIGNATURE.
  • the SIGNATURE can be used as the identification information.
  • SIGNATURE can be inserted as a parameter sig into the JS code of the BEACON module.
  • the server system can send the JS code to the client.
  • the client may collect information about the access behavior during the execution of the JS code and send a log record request carrying the parameter sig to the server system based on the related information of the access behavior.
  • the server system can obtain the SIGNATURE by parsing the parameter sig, and then decode the SIGNATURE with the BASE64 and decompose it using the anchor symbol to obtain various information carried in the identifier information.
  • the server system mentioned in this embodiment may specifically include a web application server (Web Server) for processing user access and a log server (Log Server) for processing access behavior records.
  • Web Server web application server
  • Log Server log server
  • the network application server is configured to process an access request of the client, that is, the network application server is used to execute 301, 302, and 303.
  • the log server is used to process the client's logging request, ie the log server is used to execute 304, 305, 306, and 307.
  • the server system of the website may increase the fingerprint verification of the access request during the process of recording the access behavior. Through the result of the fingerprint verification, the server system can determine whether the access behavior of the request record corresponds to the access request that the server system has received, thereby being able to accurately distinguish whether the access behavior of the user request record has actually occurred. Specifically, if the server system of the website receives the access request sent by the client, the first fingerprint information may be generated and returned to the client based on the related information of the access request.
  • the server system of the website when receiving the log record request, may generate the second fingerprint information based on the related information of the access behavior and determine whether the second fingerprint information is the same as the first fingerprint information carried in the log record request, thereby determining whether The access behavior is logged to the website access log in accordance with the log request record. It can be understood that, if the log record request does not carry the identifier information or the second fingerprint information is different from the first fingerprint information carried by the log record request, the server system of the website does not receive the access request corresponding to the access behavior, and is visible. The access behavior was not actually happened, but the user falsified without actually accessing the website information.
  • the server system of the website receives the access request corresponding to the access behavior requested by the log record request, and is visible. This access behavior has actually happened. It can be seen that the server of the website can accurately distinguish whether the access behavior of the user request record actually occurs when receiving the user's log record request, so that the user access behavior that has not actually occurred can be prevented from being recorded to the website access log.
  • FIG. 4 a schematic flowchart of a method for recording a website access log in the embodiment of the present application is shown.
  • the method of this embodiment can be applied to a client.
  • the method may specifically include the following steps, for example:
  • the identifier information is sent to the server system in a log record request for requesting to record the access behavior, so that the server system generates the second fingerprint information by using a fingerprint algorithm to generate information about the access behavior. And logging the access behavior to the website access log according to the log record request if the log record request satisfies the record condition, and rejecting the log record if the log record does not satisfy the record condition Requesting to record the access behavior to a website access log;
  • the recording condition is that the log record request carries the identifier information and the first fingerprint information is the same as the second fingerprint information.
  • the related information of the access request includes a user IP address corresponding to the access request and/or an access time corresponding to the access request;
  • the related information of the access behavior includes a user IP address corresponding to the access behavior and/or an access time corresponding to the access behavior.
  • the related information of the access request further includes a reference page referer identifier corresponding to the access request and an entry page entry identifier;
  • the related information of the access behavior further includes a referer identifier and an entry identifier corresponding to the access behavior.
  • the referer identifier corresponding to the access request is specifically a hash value of the referer address corresponding to the access request, and the entry identifier corresponding to the access request is specifically a hash value of the entry address corresponding to the access request;
  • the referer identifier corresponding to the access behavior is specifically a hash value of the referer address corresponding to the access behavior
  • the entry identifier corresponding to the access behavior is specifically a hash value of the entry address corresponding to the access behavior.
  • the identifier information further carries a referer identifier and an entry identifier corresponding to the access request;
  • the recording condition is specifically: the log record request carries the identifier information, the first fingerprint information is the same as the second fingerprint information, and the referer identifier corresponding to the access request corresponds to the access behavior
  • the referer identifier is the same, and the entry corresponding to the access request identifies an entry identifier corresponding to the access behavior.
  • the identifier information also carries an access time corresponding to the access request
  • the recording condition is specifically: the log record request carries the identifier information, the first fingerprint information is the same as the second fingerprint information, and the current time is between the access time corresponding to the access request The time difference does not exceed the effective time threshold.
  • the server of the website when the server of the website receives the log request of the user, it can accurately distinguish whether the access behavior requested by the user has actually occurred, thereby avoiding that the user access behavior that has not actually occurred is recorded to the website. Log.
  • the server system of the website includes a web application server and a log server, the web application server is used to process user access to the website, and the log server is used to process the record of user access behavior.
  • the client that interacts with the server system is the browser on the user terminal. Referring to FIG. 5, a schematic flowchart of a method for recording a website access log in the embodiment of the present application is shown. The method may specifically include the following steps, for example:
  • a user browser sends an access request to a web application server.
  • the network application server obtains a referer url and an entry url corresponding to the access request, and calculates a referer url and an entry url respectively by using a hash algorithm, and generates a referer url hash value and an entry url hash value corresponding to the access request. .
  • connection may be, for example, an anchor symbol.
  • the network application server generates a first fingerprint information by using a fingerprint algorithm to generate a character string generated in 503.
  • the network application server connects the string generated in 503 with the first fingerprint information into a character string, and generates a feature string SIGNATURE by using BASE64 encoding.
  • the manner of connection may be, for example, an anchor symbol.
  • the feature string SIGNATURE is the identification information mentioned in the foregoing embodiment.
  • the web application server inserts the SIGNATURE as a parameter sig into the JS code of the BEACON module and sends it to the user browser.
  • the user browser collects related information of the access behavior by parsing and executing the JS code, and sends a log record request carrying the SIGNATURE to the log server.
  • the log record request further carries related information about the access behavior.
  • the information related to the access behavior may include a user IP address, an access time, a referer url, and an entry url corresponding to the access behavior.
  • the log server verifies the SIGNATURE carried in the log record request.
  • SIGNATURE carried in the log request is null or an illegal BASE64 string, enter 516. If there is no SIGNATURE in the log request, go to 516. If the log request contains SIGNATURE and SIGNATURE is a legal BASE64 string, go to 509.
  • the log server performs BASE64 decoding on the SIGNATURE carried in the log record request, generates a character string, and decomposes the string into the first fingerprint information and a user IP address, an access time, and an access time corresponding to the access request. Referer url hash value and entry url hash value.
  • the manner of decomposition may be, for example, an anchor symbol.
  • the log server verifies whether the time difference between the current time and the access time corresponding to the access request exceeds a valid time threshold.
  • time difference exceeds the effective time threshold, then 516 is entered. If the time difference does not exceed the effective time threshold, then 511 is entered.
  • the log server obtains a referer url and an entry url corresponding to the access behavior, and calculates a referer url and an entry url respectively by using a hash algorithm, and generates a referer url hash value and an entry url hash value corresponding to the access behavior.
  • the log server verifies whether the referer url hash value corresponding to the access request is the same as the referer url hash value corresponding to the access behavior, and the entry url hash value corresponding to the access request and the entry corresponding to the access behavior. Whether the url hash value is the same.
  • the referer url hash value corresponding to the access request is the same as the referer url hash value corresponding to the access behavior, and the entry url hash value corresponding to the access request is the same as the entry url hash value corresponding to the access behavior Then go to 513. If the referer url hash value corresponding to the access request is different from the referer url hash value corresponding to the access behavior, and/or the entry url hash value corresponding to the access request and the entry url corresponding to the access behavior If the Greek values are different, go to 516.
  • the log server concatenates the user IP address, the access time, the referer url hash value, and the entry url hash value corresponding to the access behavior into a character string, and generates a second fingerprint information by using a fingerprint algorithm.
  • the log server verifies whether the first fingerprint information and the second fingerprint information are the same.
  • first fingerprint information is the same as the second fingerprint information, go to 515. If the first fingerprint information is different from the second fingerprint information, go to 516.
  • the log server records the access behavior to a website access log according to the log record request.
  • the log server refuses to record the access behavior to the website access log according to the log record request.
  • the server of the website when the server of the website receives the log request of the user, it can accurately distinguish whether the access behavior requested by the user has actually occurred, thereby avoiding that the user access behavior that has not actually occurred is recorded to the website. Log.
  • FIG. 6 a schematic structural diagram of an apparatus for recording a website access log in the embodiment of the present application is shown.
  • the device of this embodiment may be configured in a server system, and the device may include, for example:
  • the first receiving unit 601 is configured to receive an access request sent by the client.
  • the first obtaining unit 602 is configured to acquire related information of the access request.
  • the first generating unit 603 is configured to generate, by using a fingerprint algorithm, related information of the access request to generate first fingerprint information
  • the sending unit 604 is configured to send, to the client, identifier information that carries the first fingerprint information.
  • a second receiving unit 605 configured to receive a log record request, where the log record request is used to request to record an access behavior
  • the second obtaining unit 606 is configured to acquire related information about the access behavior.
  • a second generating unit 607 configured to generate, by using the fingerprint algorithm, related information of the access behavior to generate second fingerprint information
  • the recording unit 608 is configured to record the access behavior to the website access log according to the log record request if the log record request satisfies the record condition;
  • the rejecting unit 609 is configured to refuse to record the access behavior to the website access log according to the log record request if the log record request does not satisfy the record condition;
  • the recording condition is that the log record request carries the identifier information and the first fingerprint information is the same as the second fingerprint information.
  • the related information of the access request includes a user IP address corresponding to the access request and/or an access time corresponding to the access request;
  • the related information of the access behavior includes a user IP address corresponding to the access behavior and/or an access time corresponding to the access behavior.
  • the related information of the access request further includes a reference page referer identifier corresponding to the access request and an entry page entry identifier;
  • the related information of the access behavior further includes a referer identifier and an entry identifier corresponding to the access behavior.
  • the referer identifier corresponding to the access request is specifically a hash value of the referer address corresponding to the access request, and the entry identifier corresponding to the access request is specifically a hash value of the entry address corresponding to the access request;
  • the referer identifier corresponding to the access behavior is specifically a hash value of the referer address corresponding to the access behavior
  • the entry identifier corresponding to the access behavior is specifically a hash value of the entry address corresponding to the access behavior.
  • the identifier information further carries a referer identifier and an entry identifier corresponding to the access request;
  • the recording condition is specifically: the log record request carries the identifier information, the first fingerprint information is the same as the second fingerprint information, and the referer identifier corresponding to the access request corresponds to the access behavior
  • the referer identifier is the same, and the entry corresponding to the access request identifies an entry identifier corresponding to the access behavior.
  • the identifier information also carries an access time corresponding to the access request
  • the recording condition is specifically: the log record request carries the identifier information, the first fingerprint information is the same as the second fingerprint information, and the current time is between the access time corresponding to the access request The time difference does not exceed the effective time threshold.
  • the server of the website when the server of the website receives the log request of the user, it can accurately distinguish whether the access behavior requested by the user has actually occurred, thereby avoiding that the user access behavior that has not actually occurred is recorded to the website. Log.
  • FIG. 7 a schematic structural diagram of an apparatus for recording a website access log in an embodiment of the present application is shown.
  • the device in this embodiment may be configured on a client, and the device may include, for example:
  • a first sending unit 701 configured to send an access request to the server system, so that the server system acquires related information of the access request, and generates, by using a fingerprint algorithm, related information of the access request to generate first fingerprint information;
  • the receiving unit 702 is configured to receive the identifier information that is sent by the server system, where the identifier information carries the first fingerprint information.
  • a second sending unit 703 configured to: send the identifier information to a server system for requesting to record an access behavior, so that the server system associates the access behavior by using a fingerprint algorithm
  • the information generates second fingerprint information, and records the access behavior to the website access log according to the log record request if the log record request satisfies the record condition, if the log record does not satisfy the record condition Refusing to record the access behavior to the website access log according to the log record request;
  • the recording condition is that the log record request carries the identifier information and the first fingerprint information is the same as the second fingerprint information.
  • the related information of the access request includes a user IP address corresponding to the access request and/or an access time corresponding to the access request;
  • the related information of the access behavior includes a user IP address corresponding to the access behavior and/or an access time corresponding to the access behavior.
  • the related information of the access request further includes a reference page referer identifier corresponding to the access request and an entry page entry identifier;
  • the related information of the access behavior further includes a referer identifier and an entry identifier corresponding to the access behavior.
  • the referer identifier corresponding to the access request is specifically a hash value of the referer address corresponding to the access request, and the entry identifier corresponding to the access request is specifically a hash value of the entry address corresponding to the access request;
  • the referer identifier corresponding to the access behavior is specifically a hash value of the referer address corresponding to the access behavior
  • the entry identifier corresponding to the access behavior is specifically a hash value of the entry address corresponding to the access behavior.
  • the identifier information further carries a referer identifier and an entry identifier corresponding to the access request;
  • the recording condition is specifically: the log record request carries the identifier information, the first fingerprint information is the same as the second fingerprint information, and the referer identifier corresponding to the access request corresponds to the access behavior
  • the referer identifier is the same, and the entry corresponding to the access request identifies an entry identifier corresponding to the access behavior.
  • the identifier information also carries an access time corresponding to the access request
  • the recording condition is specifically: the log record request carries the identifier information, the first fingerprint information is the same as the second fingerprint information, and the current time is between the access time corresponding to the access request The time difference does not exceed the effective time threshold.
  • the server of the website when the server of the website receives the log request of the user, it can accurately distinguish whether the access behavior requested by the user has actually occurred, thereby avoiding that the user access behavior that has not actually occurred is recorded to the website. Log.
  • the device embodiment since it basically corresponds to the method embodiment, reference may be made to the partial description of the method embodiment.
  • the device embodiments described above are merely illustrative, wherein the units described as separate components may or may not be physically separate, and the components displayed as units may or may not be physical units, ie may be located A place, or it can be distributed to multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the embodiment. Those of ordinary skill in the art can understand and implement without any creative effort.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Debugging And Monitoring (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)

Abstract

Des modes de réalisation de la présente invention concernent un procédé d'enregistrement d'un journal d'accès à un site Internet. Le procédé consiste à : recevoir une demande d'accès envoyée par un client ; générer des premières informations d'empreinte digitale à l'aide d'informations associées de la demande d'accès au moyen d'un algorithme d'empreinte digitale ; envoyer au client des informations d'identification contenant les premières informations d'empreinte digitale ; recevoir une demande d'enregistrement de journal, la demande d'enregistrement de journal étant utilisée pour demander l'enregistrement d'un comportement d'accès ; générer des secondes informations d'empreinte digitale à l'aide d'informations associées du comportement d'accès au moyen de l'algorithme d'empreinte digitale ; si la demande d'enregistrement de journal satisfait une condition d'enregistrement, enregistrer le comportement d'accès dans un journal d'accès de site Internet ; et si la demande d'enregistrement de journal ne satisfait pas la condition d'enregistrement, s'abstenir d'enregistrer le comportement d'accès dans un journal d'accès de site Internet, la condition d'enregistrement stipulant que la demande d'enregistrement de journal contient les informations d'identification et que les premières informations d'empreinte digitale sont identiques aux secondes informations d'empreinte digitale. Les modes de réalisation de la présente invention concernent également un dispositif d'enregistrement d'un journal d'accès à un site Internet, et un système.
PCT/CN2018/077965 2017-03-15 2018-03-05 Procédé et dispositif d'enregistrement de journal d'accès de site internet Ceased WO2018166365A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201710153803.4A CN108632050B (zh) 2017-03-15 2017-03-15 一种记录网站访问日志的方法和装置
CN201710153803.4 2017-03-15

Publications (1)

Publication Number Publication Date
WO2018166365A1 true WO2018166365A1 (fr) 2018-09-20

Family

ID=63521879

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/077965 Ceased WO2018166365A1 (fr) 2017-03-15 2018-03-05 Procédé et dispositif d'enregistrement de journal d'accès de site internet

Country Status (3)

Country Link
CN (1) CN108632050B (fr)
TW (1) TWI750252B (fr)
WO (1) WO2018166365A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115391358A (zh) * 2022-07-15 2022-11-25 北京沃东天骏信息技术有限公司 数组更新方法、装置、电子设备和计算机可读介质
CN115858466A (zh) * 2023-02-07 2023-03-28 广州市千钧网络科技有限公司 一种操作日志生成方法、装置、设备及介质

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104468477A (zh) * 2013-09-16 2015-03-25 杭州迪普科技有限公司 一种WebShell的检测方法及系统
CN104765883A (zh) * 2015-04-30 2015-07-08 中电运行(北京)信息技术有限公司 一种用于Webshell的检测方法
CN105721427A (zh) * 2016-01-14 2016-06-29 湖南大学 一种从Web日志中挖掘攻击频繁序列模式的方法

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8214899B2 (en) * 2006-03-15 2012-07-03 Daniel Chien Identifying unauthorized access to a network resource
US8767737B2 (en) * 2011-11-30 2014-07-01 Industrial Technology Research Institute Data center network system and packet forwarding method thereof
CN103166917B (zh) * 2011-12-12 2016-02-10 阿里巴巴集团控股有限公司 网络设备身份识别方法及系统
CN103067470B (zh) * 2012-12-21 2016-08-03 北京奇虎科技有限公司 一种向浏览器推送信息的方法、服务器和系统
CN104462156B (zh) * 2013-09-25 2018-12-28 阿里巴巴集团控股有限公司 一种基于用户行为的特征提取、个性化推荐方法和系统
CN103699828A (zh) * 2013-12-25 2014-04-02 柳州市欧博科技有限公司 一种信息安全管理方法
CN105991511A (zh) * 2015-01-27 2016-10-05 阿里巴巴集团控股有限公司 一种检测cc攻击的方法及设备

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104468477A (zh) * 2013-09-16 2015-03-25 杭州迪普科技有限公司 一种WebShell的检测方法及系统
CN104765883A (zh) * 2015-04-30 2015-07-08 中电运行(北京)信息技术有限公司 一种用于Webshell的检测方法
CN105721427A (zh) * 2016-01-14 2016-06-29 湖南大学 一种从Web日志中挖掘攻击频繁序列模式的方法

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115391358A (zh) * 2022-07-15 2022-11-25 北京沃东天骏信息技术有限公司 数组更新方法、装置、电子设备和计算机可读介质
CN115858466A (zh) * 2023-02-07 2023-03-28 广州市千钧网络科技有限公司 一种操作日志生成方法、装置、设备及介质
CN115858466B (zh) * 2023-02-07 2023-06-09 广州市千钧网络科技有限公司 一种操作日志生成方法、装置、设备及介质

Also Published As

Publication number Publication date
TWI750252B (zh) 2021-12-21
CN108632050A (zh) 2018-10-09
CN108632050B (zh) 2021-03-02
TW201835794A (zh) 2018-10-01

Similar Documents

Publication Publication Date Title
US11005779B2 (en) Method of and server for detecting associated web resources
US11671448B2 (en) Phishing detection using uniform resource locators
TWI587672B (zh) Login authentication method, client, server and system
US12021894B2 (en) Phishing detection based on modeling of web page content
CN103607385B (zh) 基于浏览器进行安全检测的方法和装置
CN105472052B (zh) 一种跨域服务器的登录方法和系统
CN105939326B (zh) 处理报文的方法及装置
CN111079104A (zh) 一种权限控制方法、装置、设备及存储介质
WO2018188558A1 (fr) Procédé et appareil pour identifier une autorisation de compte
CN109194671B (zh) 一种异常访问行为的识别方法及服务器
WO2015096528A1 (fr) Procédé et dispositif pour détecter la sécurité d'un environnement d'achat en ligne
CN107332804B (zh) 网页漏洞的检测方法及装置
US9021085B1 (en) Method and system for web filtering
CN108154029A (zh) 入侵检测方法、电子设备和计算机存储介质
CN104580230B (zh) 网站攻击验证方法及装置
TWI646479B (zh) Business authentication method, system and server
CN105635064B (zh) Csrf攻击检测方法及装置
CN108965335B (zh) 防止恶意访问登录接口的方法、电子设备及计算机介质
CN116094808B (zh) 基于RBAC模式Web应用安全的访问控制漏洞检测方法及系统
CN105184559A (zh) 一种支付系统及方法
WO2017206605A1 (fr) Procédé et dispositif pour empêcher l'attaque d'un serveur
CN111949363B (zh) 业务访问的管理方法、计算机设备、存储介质及系统
WO2018166365A1 (fr) Procédé et dispositif d'enregistrement de journal d'accès de site internet
CN110955890A (zh) 恶意批量访问行为的检测方法、装置和计算机存储介质
CN106713114B (zh) 一种核验信息处理方法及设备

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18767637

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18767637

Country of ref document: EP

Kind code of ref document: A1