How to Implement webpage tamper-proofing

I recently want to develop a tamper-proofing solution with my friends. I have listed some of the items on my own. I would like to ask you how to tamper with the web page and the corresponding methods.

1. webpage tampering
(1) Obtain Webshell after SQL injection:
Hackers use web application vulnerabilities, SQL statements to submit illegal statements to data, and system and third-party software vulnerabilities to obtain web control or server permissions;
(2) Introduce XSS vulnerabilities to malicious HTML interfaces:
Passive cross-site attacks can introduce illegal HTML or JS Code in legal places, so that visitors can "normally" change the page content; for example, Intranet worm;
(3) control the Web Server:
Attackers may exploit server or third-party vulnerabilities to obtain server and database management permissions and modify the page;
(4) DNS Server Control:
Attackers can penetrate the Domain Name Server of the website, obtain the resolution permission of the domain name, and change the resolution address to achieve tampering. For example, Baidu was hacked;
(5) ARP attacks:
Attackers may attack the outer segment of the web server. When a machine in the same network segment is mastered, the attacker will send an ARP spoofing packet to the host where the web server is located, seduce visitors or web servers to point to other pages for tampering;

2. webpage tamper-proofing
(1) give a pass to a normal file;
Record the number and name of normal program files, and save the MD5 hash of each normal file as a digital signature and save it to the database; if, in the event of a hacker attack, the homepage, Trojan, and webshell are modified or newly submitted, the files do not exist in the database, delete or restore it to achieve the protection effect;
(2) detection and protection of SQL injection attacks;
Filter dangerous SQL characters such as ', select, where, insert, and; to prevent harmless coding or transcoding from the source; filter and check whether "eval" and "wscript" are contained in the datagram submitted to the web server. shell, iframe, and so on;
(3) detection and protection of DNS attack resolution;
Constantly resolve the domain name locally through nslookup to monitor whether the domain name's pointing is legal;
(4) detection and protection of ARP attacks;
Bind a MAC address to detect ARP attacks and filter out dangerous ARP data packets;
(5) filter requests to the WEB server;
Set the access control list, set the IP blacklist and whitelist to filter out the IP addresses that illegally access the background. Perform file pre-Resolution on the web Server File requests and compare the parsed files with the original files, return requests for different source files;
(6) encrypt the cluster or database;
Folder permissions are set for the NT system to control the loss caused by Operation errors. For SQL 2005, you can set management IP addresses and database encryption to cut off the source of database tampering;
(7) Strengthen training;
Strengthen security awareness training and operation rationalization training to curb the source of the program and the source of the Administrator.