可恶的电信,让网站访问时不时空白屏幕

  现在的互联网,有资源的企业蹂躏客户似乎已成为流行,不管愿不愿意,只要他认为OK,那总是要蹂躏一番的。这行当的领军人物360就不用说了,以蹂躏用户出身的——虽然现在的360产品用户体验真的不错!但却怎么也脱不了背地里的那些肮脏勾当。今天又发现一个让我无语的产品——电信在线防火墙!电信的劫持是老调重弹了。在线防火墙是收费的(8元/月),咱没交钱,本该享受不了的。但它却用这个东西来给我推送信息(这次给我推的是回访,虽然厌恶,但比广告好那么些)。

  本来如果他做的好些,我是应该没有机会发现的,遗憾的是,他里面这些个IP有的时候竟然无法访问,导致请求不到数据,直接让我白屏了。放其他网站上,也许我会说:'这网站做的真垃圾,老白屏,错误都不给个' —— 在今天以前,出现这种情况,我是这个想法的。不过,今天发现自己开发的网站,也出现这种情况,怎么可能?!查看下源代码,看到了下面的内容,这... 还是我的网站么?

<html>
<head>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="expires" content="-1">
<script>
<!--/*以下注释由MitchellChu添加,原本是没有的,相关参数已经调整过*/-->
//统计地址,亲~ 服务器好像扛不住了
var stat_path='http://61.145.194.131:81/stat.aspx?p=1347347|5883|235|0|0|0';
var cnt_path='';
// 这里不断的改变状态栏地址,以此来尽可能的让客户端用户发现不了
window.setInterval('window.status=location.href', 200); 
</script>
</head>
<body scroll="no" style="border:0; margin:0; padding:0;" id="mainbody" screen_capture_injected="true">
<iframe src="about:blank" width="100%" height="100%" frameborder="0">
</iframe>
<!--这个加载的是什么东西?参见下面OpenV4.js代码->
<script language="JavaScript" src="http://218.16.103.69:1010/openV4.js"></script>
<script language="JavaScript">
// 这个是回访地址,当然,改成广告地址就是广告了.
var content='http://59.37.54.194:3606/111223/RestoreRevisit.aspx?p=1347347|5883|235|0|0|0&param=here_is_some_web_info_id';
//这里是我原本访问的地址信息,后面自动带上了随机数(注:域名我改了)
var old_url='http://myDomainNameHere.com/resourcePath?1347347';
var param='350|250|9';
if(checkpop(stat_path)){
try{
OpenWin(content,stat_path,cnt_path,old_url);
}catch(e){}
}
else{
location.href = old_url;
}
</script>

</body>
</html>

   上面的代码中,我半点自己网站的影子也没有找到,能看到和我网站有关系的也就是变量old_url了,里面存放的是我要访问的原始地址。初步看起来,应该做了统计和信息推送,RestoreRevisit.aspx,这个是回访——本次推送内容。这其中checkpop在openv4.js里面,代码如下:

var hInterval = null;

var hPInterval = null;

var fPOldClick = null;

var fOldClick = null;

var IsFirefox = false;

var isAlreadyShow = false;



var iWidth = 0;

var iHeight = 0;

var iPos = 1;

var iPid = 0;

var posLeft = 0;

var posTop = 0;

var styles = "";



///<summary>

///get the parameters

function getParams()

{

	var params = param.split("|");

	try

	{

		iWidth = parseInt(params[0],10);

		iHeight = parseInt(params[1],10);

		iPos = parseInt(params[2],10);

	}

	catch(e)

	{

		iWidth = 320;

		iHeight = 240;

		iPos = 1;

	}

}



///</summary>

function calPosition()

{

	var docHeight = window.screen.height;

	var docWidth = window.screen.width;

	

	//divide into 9 parts

	var perWid = Math.round(docWidth / 3);

	var perHei = Math.round(docHeight / 3);



	switch(iPos)

	{

		case 1 :

		  posLeft = 0;

		  posTop = 0;

		  break;

		case 2 :

		  posLeft = 0;

		  posTop = perHei;

		  break;

		case 3 :

		  posLeft = 0;

		  posTop = perHei * 2;

		  break;

		case 4 :

		  posLeft = perWid;

		  posTop = 0;

		  break;

		case 5 :

		  posLeft = Math.round((docWidth - iWidth) / 2);

		  posTop = Math.round((docHeight - iHeight) / 2);

		  break;

		case 6 :

		  posLeft = perWid;

		  posTop = perHei * 2;

		  break;

		case 7 :

		  posLeft = perWid * 2;

		  posTop = 0;

		  break;

		case 8 :

		  posLeft = perWid * 2;

		  posTop = perHei;

		  break;

		case 9 :

		  posLeft = perWid * 2;

		  posTop = perHei * 2;

		  break;

		default:

		  posLeft = perWid;

		  posTop = perHei;

		  break;

	  } 

	  

	var leftAddwidth = parseInt(posLeft,10) + parseInt(iWidth,10);

    var docWidMinusiWid = parseInt(docWidth,10) - parseInt(iWidth,10);

  	posLeft = leftAddwidth > parseInt(docWidth,10) ? (docWidMinusiWid > 0 ? docWidMinusiWid : 0) : (parseInt(posLeft,10));

  

  	var topAddheight = parseInt(posTop,10) + parseInt(iHeight,10);

  	var docHeiMinusiHei = parseInt(docHeight,10) - parseInt(iHeight,10);

  

  	posTop = topAddheight > parseInt(docHeight,10) ? (docHeiMinusiHei > 0 ? docHeiMinusiHei : 0) : (parseInt(posTop,10));

	

	styles = "width="+iWidth+",height="+iHeight+",left="+posLeft+",top="+posTop;

}



///<summary>

///realize the onclick event handler in parent window

///</summary>

function pOnClick()

{

	if(!isAlreadyShow)

	{

		 if (GetCookie(String(iPid))==null)

		 {

		if (!styles)

		{

			styles = "width=320, height=240, left=200, top=150,";

		}

		



		var h = window.open(content, "_blank", styles + 

			" ,directories=0, location=0, " +

			"menubar=0, resizable=0, scrollbars=0, status=0, titlebar=0, toolbar=0");

		if (h)

		{

			isAlreadyShow = true;

			var img = new Image();

      		var imgstat = new Image();

			img.src = stat_path+"&c=1";

     		imgstat.src = cnt_path;

		}

		SetCookie(iPid, iPid, { expires: 0.5, path: '/' });

	}

		if (null!=fPOldClick)

		{

			fPOldClick();

		}    

		var parentDoc = parent.document;

		if (IsFirefox)

		{

			parentDoc.removeEventListener("click", pOnClick, true);

			if (fPOldClick)

			{

				parentDoc.addEventListener("click", fPOldClick, true);

			}

		}

		else

		{

			parentDoc.body.onclick = fPOldClick;

		}

		

	}      

}

///<summary>

///realize the onclick event handler in current window

///</summary>

function OnClick()

{

	if(!isAlreadyShow)

	{

		 if (GetCookie(String(iPid)) == null)

		 {		

		if (!styles)

		{

			styles = "width=320, height=240, left=200, top=150";

		}



		var h = window.open(content, "_blank", styles + 

			" ,directories=0, location=0, " +

			"menubar=0, resizable=0, scrollbars=0, status=0, titlebar=0, toolbar=0");

		if (h)

		{

			isAlreadyShow = true;

			var img = new Image();

      var imgstat = new Image();

			img.src = stat_path+"&c=1";

      imgstat.src = cnt_path;

		}

		SetCookie(iPid, iPid, { expires: 0.5, path: '/' });

	}

		if (null!=fOldClick)

		{

			fOldClick();

		}

		if (IsFirefox)

		{

			window.frames[0].document.removeEventListener("click", OnClick, true);

			if (fOldClick)

			{

				window.frames[0].document.addEventListener("click", fOldClick, true);

			}

		}

		else

		{

			window.frames[0].document.body.onclick = fOldClick;

		}

		

		

	}     

}



///<summary>

///here register the onclick event to the parent window

///</summary>

function PCheckAd()

{

	var win = parent;



	if (!IsFirefox)

	{

		if (win.document.readyState != 'complete')

		{

			return;

		}

	}

	try

	{

		var doc = win.document;

		fPOldClick = doc.body.onclick;       

		if (IsFirefox)

		{

			doc.addEventListener("click",pOnClick,true);			

		}

		else

		{

   doc.body.attachEvent("onclick", pOnClick); 





	//		doc.body.onclick = pOnClick;

		}



		for (var i in doc.links)

		{

			if (doc.links[i].target == "")

			{

				doc.links[i].target = "_top";

			}

		}

		for (var i in doc.forms)

		{

			if (doc.forms[i].target == "")

			{

				doc.forms[i].target = "_top";

			}

		}

	}

	catch(e)

	{

		

	}

	

	window.clearInterval(hPInterval);

}



function CheckAd()

{

	var win = window.frames[0];

	if (!IsFirefox)

	{

		if (win.document.readyState != 'complete')

		{

			return;

		}

	}

	try

	{

		var doc = win.document;

		fOldClick = doc.body.onclick;  

      



		if (IsFirefox)

		{

			doc.addEventListener("click", OnClick, false);		

		}

		else

		{

         doc.body.attachEvent("onclick", OnClick); 

			//doc.body.onclick = OnClick;

		}



		for (var i in doc.links)

		{

			if (doc.links[i].target == "")

			{

				doc.links[i].target = "_top";

			}

		}

		for (var i in doc.forms)

		{

			if (doc.forms[i].target == "")

			{

				doc.forms[i].target = "_top";

			}

		}

	}

	catch(e)

	{

		

	}



	window.clearInterval(hInterval);

	hInterval = null;

}



function OpenWin(popurl,staturl,counturl,curl)

{	

	getParams();

	calPosition();

	

	var h = window.open(popurl, "_blank", styles + 

		" directories=0, location=0, " +

		"menubar=0, resizable=0, scrollbars=0, status=0, titlebar=0, toolbar=0");



	if (h)

	{

		var img = new Image();

		img.src = staturl;

    	var imgcount = new Image();

   		 imgcount.src = counturl;    

		location.href = curl;

		return;

	}

	if (navigator.userAgent.indexOf("Firefox")!=-1)

	{

		IsFirefox = true;

	}

	if (top.location != self.location)

	{	

		if (IsFirefox)

		{

			hPInterval = window.setInterval("PCheckAd()", 1000);			

		}

		else

		{			

			hPInterval = window.setInterval("PCheckAd()", 100);

		}		

		

		//location.href = old_url;

	}



	if (!styles)

	{

		styles = "width=320, height=240, left=200, top=150";

	}



	if (window.frames.length!=1)

	{		

		return;

	}



	window.frames[0].location = curl;

	if (IsFirefox)

	{

		hInterval = window.setInterval("CheckAd()", 1000);

	}

	else

	{

		hInterval = window.setInterval("CheckAd()", 100);

	}

}





function trim(text){  

 return (text || "").replace(/^\s+|\s+$/g, "");   

}



function GetCookie(name) {

    var cookieValue = null;

    if (document.cookie && document.cookie != '') {

        var cookies = document.cookie.split(';');

        for (var i = 0; i < cookies.length; i++) {

            var cookie = trim(cookies[i]);

            if (cookie.substring(0, name.length + 1) == (name + '=')) {

                cookieValue = decodeURIComponent(cookie.substring(name.length + 1));

                break;

            }

        }

    }  

    return cookieValue;



}



function SetCookie(name, value, options) {

    options = options || {};

    if (value === null) {

        value = '';

        options.expires = -1;

    }

    var expires = '';

    if (options.expires && (typeof options.expires == 'number' || options.expires.toUTCString)) {

        var date;

        if (typeof options.expires == 'number') {

            date = new Date();

            date.setTime(date.getTime() + (options.expires *  60 * 60 * 1000));

        } else {

            date = options.expires;

        }

        expires = '; expires=' + date.toUTCString();

    }

    var path = options.path ? '; path=' + (options.path) : '';

    var domain = options.domain ? '; domain=' + (options.domain) : '';

    var secure = options.secure ? '; secure' : '';

    document.cookie = [name, '=', encodeURIComponent(value), expires, path, domain, secure].join('');



}



function getparam(srcstr)

{

   c_start = srcstr.indexOf("=") + 1;

   return srcstr.substring(c_start); 

}



function checkpop(arradd) {

    if (!navigator.cookieEnabled)

        return false;



    var canopen = true;

    try {

        var ckname = getparam(arradd);

        if (GetCookie(ckname) != null)

            canopen = false;

        else {

            SetCookie(ckname, ckname, { expires: 24, path: '/' });

            if (GetCookie(ckname) == null)

                canopen = false;

        }

    }

    catch (err) {

        canopen = false;

    }

    getPid(arradd);

    return canopen;

} 

function getPid(arradd)

{

	var params = arradd.split("|");

	try

	{

	  iPid = parseInt(params[2],10);

	}

	catch(e)

	{

		iPid=0;

	}

}  

 从整体上来看,电信是使用在线防火墙来进行推送信息的,这防火墙是什么东西呢?

中国电信的在线防火墙介绍

  从他的说明来看,是多么的为咱们着想,为我们的浏览安全可是尽了十万分的力了。只是我纳闷的是,好好的网站,他动不动的劫持一下,给咱改改请求,给咱弹弹小窗。它本身是不是恶意代码?这个值得思考!

Tuesday, September 11, 2012 | 其他技术 万象漫谈

文章评论

No comments posted yet.

发表评论

Please add 5 and 6 and type the answer here:

关于博主

  一枚成分复杂的网络IT分子,常年游弋于电子商务,属于互联网行业分类中的杂牌军。当前正在待业中...