A website access attack interception method and related components

Abstract

This application discloses a method for intercepting website access attacks. In this method, artificial verification is performed on the intercepted access requests in the man-machine detection of website access, to distinguish between tool attacks and human access, and to reduce false interception of human access; After being classified into the whitelist state, further anti-escape detection can prevent secondary attacks after the IP whitelist, and effectively improve the risks caused by simultaneous bypass of human attacks and tool attacks. It not only realizes the protection of website security access, but also can effectively improve While the accuracy and efficiency of website protection are maximized, false interception is minimized and user experience is optimized. The present application also provides a website access attack intercepting device, equipment and a readable storage medium, which have the above beneficial effects.

Description

technical field [0001] The present application relates to the technical field of computer software, in particular to a website access attack interception method, device, equipment and a readable storage medium. Background technique [0002] Our country has entered the information age. While informatization brings us convenience, it also brings us troubles. [0003] A few days ago, after monitoring, it was discovered that CC (Challenge Collapsar) attacks against important websites in my country (CC attacks refer to attackers using proxy servers to generate legitimate requests to victim hosts to achieve DDOS (denial of service attacks) and camouflage) incidents are high. The attacker uses the public proxy server to initiate a large number of visits to the target website. The content of the visit includes non-existent pages, large website files, dynamic pages, etc., thereby bypassing the CDN nodes (also called edge nodes, cache nodes, etc.) configured by the website. Refers to...

AI Technical Summary

Problems solved by technology

In related technologies, the protection methods for website scanning and CC attacks are broad. After suffering scanning and CC attacks, the defense threshold can be adjusted (increased) in real time or the human-machine detection page can be pushed through the cloud protection to improve the protection, and the resulting misjudgment and interception Behaviors emerge in endlessly. For example, increasing the defense threshold midway may cause high-frequency access by normal business users to be blocked by mistake. At the same time, there are also phenomena that bypass these protection methods and directly conduct secondary attacks on the website, such as in the man-machine detection interface. After passing the whitelist, the bypass continues the second attack, which hinders the normal access and operation of the website

Images