What Is Web Tamper Protection?

Web Tamper Protection (WTP) monitors website directories in real time, backs up files, and restores tampered files using the backup. WTP protects your websites from Trojans, illegal links, and tampering.

Web Tamper Protection (WTP) can detect and prevent tampering of files in specified directories, including web pages, documents, and images, and quickly restore them using valid backup files.

This section describes the operation process and main functions of WTP. See Figure 1 and Table 1.

**Figure 1** WTP operation process

Figure 1 WTP operation process

Table 1 WTP operation process and function description

Type

Operation

Description and Reference

Preparations

--

If no VDC operator account is available, contact an operations administrator to create a VDC.

Getting Started with WTP

Applying for Quota

Apply for WTP quota.

Installing an Agent

The agent is provided by HSS. It runs scan tasks to scan all servers, monitors server security, and reports collected server information to the cloud protection center.

You can enable WTP only after the agent is installed.

Parameters required for configuring alarm notifications

After alarm notification is enabled, you can receive alarm notifications sent by HSS to learn about security risks facing your servers and web pages.

Without this function, you have to log in to the management console to view alarms.

Enabling HSS

Allocate a quota to a server and enable HSS for the server.

Enabling WTP

Adding a Protected Directory

Add a directory to be protected by WTP.

Create remote backup

By default, HSS backs up the files from the protected directories to the local backup directory you specified when you added protected directories. To protect the local backup files from tampering, you must enable the remote backup function.

Adding a privileged process

After WTP is enabled, the content in the protected directories is read-only. To allow certain processes to modify files in the directories, add them to the privileged process list.

Set scheduled WTP protection

You can schedule WTP protection to allow website updates in specific periods.

Enabling dynamic WTP

Dynamic WTP protects your data while Tomcat is running, detecting dynamic data tampering in databases.

View WTP reports

After WTP is enabled, HSS will immediately check the protected directories you specified. You can check records about detected tampering.