Tamper protection is a value-added service provided by Security Center. This service monitors website directories in real time and backs up and restores tampered files or directories. This service prevents drive-by downloads, hidden links, and uploads of violent and illicit content.

Background information

To enable illegal profit-making activities or business attacks, attackers exploit vulnerabilities in websites to insert illegal hidden links or defaced web pages. Defaced web pages affect normal user access and may lead to serious economic losses, damaged brand reputation, or political risks.

Tamper protection allows you to add Linux and Windows processes to whitelists and update protected files in real time.

How tamper protection works

The Security Center agent automatically collects the list of processes that attempt to modify files under the protected directories of the protected servers. It identifies unusual processes and file changes in real time and blocks unusual processes.

The alert list is displayed on the Tamper Protection page. You can view unusual file changes, the corresponding processes, and the number of attempts made by each process in the alert list. If a file is modified by a process due to normal workload activities, you can add the process to the whitelist. After the process is added to the whitelist, tamper protection no longer blocks the process. In scenarios where the content of websites, such as news and education, is frequently modified, the whitelist saves you the effort of frequently enabling and disabling tamper protection. .

Note Tamper protection is supported by the Advanced and Enterprise editions. It is not supported by the Basic edition. You must upgrade the Basic edition to the Advanced or Enterprise edition before you can use tamper protection.

Versions of operating systems and kernels supported by tamper protection

Operating system Supported version Supported kernel version
CentOS 6.5, 6.6, 6.7, 6.8, 6.9, 6.10, 7.0, 7.1, 7.2, 7.3, 7.4, 7.5, and 7.6
  • 2.6.32-x
  • 3.10.0-x
Ubuntu 14, 16, and 18
  • 3.13.0-32-generic
  • 3.13.0-86-generic
  • 4.4.0-62-generic
  • 4.4.0-63-generic
  • 4.4.0-93-generic
  • 4.4.0-151-generic
  • 4.4.0-117-generic
  • 4.15.0-23-generic
  • 4.15.0-42-generic
  • 4.15.0-45-generic
  • 4.15.0-52-generic
  • Kernel versions supported by tamper protection are listed in the preceding table. Servers that use an unsupported kernel version cannot use tamper protection. Make sure that your server uses a supported kernel version. If the kernel version is not supported, you need to upgrade it to a supported version. Otherwise, you cannot add processes to the whitelist.
  • Before you upgrade the kernel, back up the asset data.

Related topics

Activate service

Enable Web tamper protection