Recommender systems are widely used in a variety of scenarios, including online shopping, social network, and contents distribution. As users rely more on recommender systems for information retrieval, they also become attractive targets for cyber-attacks. The high-level idea of attacking a recommender system is straightforward. An adversary selects a strategy to inject manipulated data into the database of the recommender system to influence the recommendation results, which is also known as a profile injection attack. Most existing works treat attacking and protection in a static manner, i.e., they only consider the adversary's behavior when analyzing the influence without considering normal users' activities. However, most recommender systems have a large number of normal users who also add data to the database, the effects of which are largely ignored when considering the protection of a recommender system. We take normal users' contributions into consideration and analyze popular attacks against a recommender system. We also propose a general protection framework under this dynamic setting.