Web hijacking is currently a favorite method of blackboard SEO or black production. This method often uses the website of the government and educational institutions (high weight) to modify the source code of the website, put the parasite program, and set the secondary directory. Implemented to agents, etc. Web hijacking can be divided into server hijacking, client hijacking, Baidu snapshot hijacking, Baidu search hijacking, etc.; the form of expression can be hijacking jump, or it can be hijacked web content, which is widely used in private service, gaming and other profit-making. industry.
Server-side hijacking is also called global hijacking. The method is to modify the dynamic language text of the website, determine the source of the access control and return the content, and never achieve the purpose of website hijacking.
Files such as Global.asa, Global.asax, conn.asp, and conn.php are special. The function is to load the script each time a dynamic script is executed, and then execute the target script. So just write the code that determines the user’s system information in Global.asa (access source, etc.), if it is a spider access, return the keyword page (the website you want to promote), if it is a user visit, return to the normal page.
There are many ways to hijack clients, but there are two main types: js hijacking and Header hijacking.
Js hijacking purpose: Control the website jump, hide page content, window hijacking, etc. by implanting malicious js code into the target webpage.
Js implantation method: can be directly written into the source code through the intrusion server; it can also be written in the database, because some pages will present the database content.
Effect: Search the click page (execute a js) through the search engine to jump to the betting page; directly enter the URL to access the web page, and jump to the 404 page.
Analysis: The referer judges the way, if the referer is empty, it will jump to the 404 page. If it is the referer from the search engine, there will be a display, and then the code control jumps. If you just control the implementation to display different content, you can modify the php, asp code; if you need to hijack the search engine search box, you can write JS code to do the browser local jump. Of course, the js function can be extended indefinitely. For example, you can control the first access of a ip within one day, the rest of the access jumps, and so on.
Write the following code in the source code:
The Meta Refresh Tag is used to take traffic away.
Client hijacking: The webpage code obtained from the server every time the webpage is accessed is the same, only controls the effect of the webpage code in the browser (such as whether to jump, etc.).
Server-side hijacking: Changed the webpage code obtained from the server every time you visit a webpage.
The method of judging client hijacking: just observe the front-end code of the web page rendered by the browser to see if it references inappropriate js or other sensitive content.
Judgment method of server-side hijacking: You can observe whether the source code is different by observing the back-end code of the website, or by changing the ip, header, etc.
Conclusion: There are still many ways to hijack webpages. I know only about fur. The black hat SEO technology is very deep and the road ahead is long.
[Black Hat SEO Series] Basics
[[Black Hat SEO Series] Dark Chain] (http://thief.one/2016/10/12/%E9%BB%91%E5%B8%BDSEO%E4%B9%8B%E6%9A%97% E9%93%BE/)
[[Black Hat SEO Series] Web Hijack] (http://thief.one/2016/10/12/%E9%BB%91%E5%B8%BDSEO%E4%B9%8B%E7%BD%91% E9%A1%B5%E5%8A%AB%E6%8C%81/)
[[Black Hat SEO Series] page jump] (http://thief.one/2016/10/10/%E9%BB%91%E5%B8%BDSEO%E4%B9%8B%E9%A1%B5 %E9%9D%A2%E8%B7%B3%E8%BD%AC/)