Web tamper proofing is a value-added feature provided by Security Center. The feature monitors website directories in real time and can restore tampered files or directories by using backups. The feature also protects important website information from being tampered with and prevents trojans, hidden links, and uploads of violent and illicit content.
Background information
- Web tamper proofing is a value-added feature of Security Center. Security Center Basic does not support the feature. If you use the Basic edition, you must upgrade Security Center to the Anti-virus, Advanced, Enterprise, Ultimate, or Value-added Plan edition before you can purchase and use the feature.
- Web tamper proofing allows you to add processes on Linux and Windows servers to a whitelist. This ensures that protected files are updated in real time.
- To make illegal profits or launch business attacks, attackers exploit vulnerabilities in websites to insert illegal hidden links and tamper with the websites. Defaced web pages affect normal user access and may cause serious economic loss, damaged brand reputation, and political risks.
How web tamper proofing works
The Security Center agent automatically collects the processes that attempt to modify files in the protected directories of the protected servers. The agent identifies suspicious processes and file changes in real time and blocks the suspicious processes that cause file changes.
- Interception Mode: Security Center blocks suspicious processes and file changes. This ensures the security of websites and files on your servers. You can view the alerts that are generated for blocked suspicious processes on the Protection tab of the Tamper Protection page.
- Alert Mode: Security Center identifies suspicious processes and file changes and generates alerts for the identified suspicious processes and file changes. If you cannot determine trusted processes, you can select this mode. You can view alerts and determine whether to add a specific alert to the whitelist on the Protection tab of the Tamper Protection page. After you determine trusted processes, we recommend that you set Prevention Mode to Interception Mode for servers that you want to protect. This ensures the security of files on the servers. For more information about how to add alerts to the whitelist, see Add blocked processes to a whitelist.
How the process whitelist ensures normal workloads
You can view the alerts that are generated for unusual file changes, suspicious processes, and the number of times that each suspicious process attempts to modify files on the Tamper Protection page. To go to this page, log on to the Security Center console and choose . If a file is modified by a process due to normal workloads, you can add the process to the whitelist. After the process is added to the whitelist, web tamper proofing no longer blocks the process. In scenarios in which the content of websites is frequently modified, the whitelist eliminates the need for you to frequently enable and disable web tamper proofing. The whitelist is suitable for websites such as news and education websites. For more information, see Add blocked processes to a whitelist.
Limits on versions of operating systems and kernels
OS version | Kernel version |
---|---|
|
|
|
|
Ubuntu 14.04 |
|
Ubuntu 16.04 |
|
Ubuntu 18.04 |
|
AliyunOS 2.1903 |
|