This topic provides an overview of tamper protection. Tamper protection is a value-added service provided by Security Center. This service monitors website directories in real time and backs up and restores tampered files or directories. This service prevents Trojans, hidden links, and uploads of violent or illicit content.

Background information

To make illegal profits or conduct business attacks, attackers exploit vulnerabilities in websites to insert illegal hidden links and tamper with the websites. Defaced web pages affect normal user access and may lead to serious economic losses, damaged brand reputation, or political risks.

Tamper protection allows you to add Linux and Windows processes to the whitelists and update protected files in real time.

How tamper protection works

The Security Center agent automatically collects the list of processes that attempt to modify files in the protected directories of the protected servers. It identifies unusual processes and file changes in real time and terminates unusual processes.

On the Tamper Protection page in the Security Center console, find the alert list to view the alerts of unusual file changes, unusual processes and the number of times that the unusual process attempts to write files. If a file is modified by a trusted process, you can add the process to the whitelist. After the process is added to the whitelist, tamper protection no longer blocks the process. In scenarios where the content of websites, such as news and education websites, is frequently modified, the whitelist saves you the effort of frequently enabling and disabling tamper protection. For more information, see Add blocked processes to the whitelist.

Note Tamper protection is supported by the Advanced and Enterprise editions. It is not supported by the Basic edition. You must upgrade the Basic edition to the Advanced or Enterprise edition before you use tamper protection.

Versions of operating systems and kernels supported by tamper protection

Operating system Supported operating system version Supported kernel version
Windows Windows Server 2008 and later All versions
CentOS 6.5, 6.6, 6.7, 6.8, 6.9, 6.10, 7.0, 7.1, 7.2, 7.3, 7.4, 7.5, and 7.6
  • version 2.6.32-x
  • version 3.10.0-x
Ubuntu version 14, version 16, and version 18
  • version 3.13.0-32-generic
  • version 3.13.0-86-generic
  • version 4.4.0-62-generic
  • version 4.4.0-63-generic
  • version 4.4.0-93-generic
  • version 4.4.0-151-generic
  • version 4.4.0-117-generic
  • version 4.15.0-23-generic
  • version 4.15.0-42-generic
  • version 4.15.0-45-generic
  • version 4.15.0-52-generic
  • Kernel versions supported by tamper protection are listed in the preceding table. Servers that use an unsupported kernel version cannot use tamper protection. Make sure that your server uses a supported kernel version. If the kernel version is not supported, you need to upgrade it to a supported version. Otherwise, you cannot add processes to the whitelist.
  • Before you upgrade the server kernel, back up your asset data.

Related topics

Activate service

Enable tamper protection

View the protection status

Add blocked processes to the whitelist