为什么这么多网页的标题中包含如此奇怪的代码片段?
我很长一段时间都注意到我的firefox状态栏中不时出现jsev.com、cssxx.com等奇怪的域名,我总是想知道为什么这么多网页包含这些奇怪域名的资源。 我用谷歌搜索,但什么也没找到。 我猜这是某种感染服务器并插入代码的病毒。 以下是取自 http://www.eflorenzano.com/threadexample/blog/ 的页面标题的示例:
<script language="javascript" src="http://i.jsev.com./base.2032621946.js"> </script>
<body onmousemove="return fz3824();">
<LINK REL="stylesheet" TYPE="text/css" HREF="http://i.cssxx.com./base2032621947.css">
<A HREF = "http://i.html.com./base2032621947.html"></A>
<SCRIPT LANGUAGE="JAVASCRIPT" SRC="http://i.js.com./base2032621947.js"></SCRIPT>
<SCRIPT LANGUAGE="JAVASCRIPT">
function getuseragnt()
{ var agt = navigator.userAgent.toLowerCase();
agt = agt.replace(/ /g, "");
return agt;
}
document.write("<LINK REL='stylesheet' TYPE='text/css' HREF='http://i.css2js.com./base.css" + getuseragnt() + "_2032621947'>")
</SCRIPT>
编辑:我在debian盒子上,只在firefox上看到这段代码,我刚刚尝试过opera,这段代码没有出现在opera中,真的很奇怪,从来没有听说firefox有这样的问题。
I've noticed for quite a long time that strange domains such like jsev.com, cssxx.com appered in my firefox status bar from time to time, I always wonder why so many web pages contains resources from these strange domains. I googled it, but found nothing. I guess it's some kind of virus which infect the servers and insert the code. Here is a sample taken from page header of http://www.eflorenzano.com/threadexample/blog/:
<script language="javascript" src="http://i.jsev.com./base.2032621946.js"> </script>
<body onmousemove="return fz3824();">
<LINK REL="stylesheet" TYPE="text/css" HREF="http://i.cssxx.com./base2032621947.css">
<A HREF = "http://i.html.com./base2032621947.html"></A>
<SCRIPT LANGUAGE="JAVASCRIPT" SRC="http://i.js.com./base2032621947.js"></SCRIPT>
<SCRIPT LANGUAGE="JAVASCRIPT">
function getuseragnt()
{ var agt = navigator.userAgent.toLowerCase();
agt = agt.replace(/ /g, "");
return agt;
}
document.write("<LINK REL='stylesheet' TYPE='text/css' HREF='http://i.css2js.com./base.css" + getuseragnt() + "_2032621947'>")
</SCRIPT>
edit: I am on a debian box, only on firefox I see this code, I just tried opera, this code doesn't appear in opera, really strange, never heard of firefox having such problems.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(7)
如果您使用普林斯顿大学的 CoDeeN 项目代理服务器之一,就会发生这种情况。 CoDeeN 是一个学术测试平台内容分发网络。 当您使用 CoDeeN 代理浏览网页时,它会向站点的原始 HTML 中注入一些 HTML 代码,并将发送到伪地址的请求重定向到项目的服务器。
一些伪地址是:
http://i.cssxx.com./base0877861956.css | i.cssxx.com。
http://i.jsev.com./base.0877861955.js | i.jsev.com./
http://i.html.com./base0877861956.html | i.html.com。
http://i.js.com./base0877861956.js | i.js.com./
http://i.css2js.com./base.css | i.css2js.com。
CoDeeN 的部分或全部代理服务器显示为匿名代理服务器列表。
CoDeeN 项目页面:http://codeen.cs.princeton.edu/
This happens if you are using one of Princeton university's CoDeeN project proxy servers. CoDeeN is an academic testbed content distribution network. When you browse a web page using CoDeeN proxy it injects some HTML code to the site's original HTML and redirects requests sent to pseudo adresses to the project's servers.
Some of the pseudo addresses are:
http://i.cssxx.com./base0877861956.css | i.cssxx.com.
http://i.jsev.com./base.0877861955.js | i.jsev.com./
http://i.html.com./base0877861956.html | i.html.com.
http://i.js.com./base0877861956.js | i.js.com./
http://i.css2js.com./base.css | i.css2js.com.
Some or all CoDeeN's proxy servers appear as anonymous proxy servers list.
CoDeeN project page: http://codeen.cs.princeton.edu/
它可能是您计算机上安装的浏览器蠕虫。 应该扫描整个系统。
It may be a browser worm installed on your machine. Should scan entire system.
我认为该页面没有任何异常。 检查你的系统。 这是我收到的代码:
I see nothing unusual about that page. Check your system. Here's the code I received:
DNS 中毒?
DNS poisoning?
我同意 Mediashakers 的观
点,因为你使用的是 CoDeeN 项目代理服务器
尝试不使用代理,它会看到差异
I agree with Mediashakers
That cause you're using CoDeeN project proxy servers
Try use no proxy, it will see the difference
情况很可能就是这样,因为这看起来确实有点像一些可疑的代码。 如果您使用不同的计算机,源看起来是否相同怎么办?
That could very well be the case, as this does kinda look like some shady code. What if you use a different computer, does the source look the same?
嗯...这里没有解决方案,但作为一个数据点:对我来说它看起来完全不像那样(Firefox 3.0.3,在 Gentoo Linux 中)。 我在标题中得到以下有趣的元素:
这对我来说看起来相当干净; 对同一服务器上的资源的四个引用,再加上一个来自 Yahoo! 的 CSS。 奇怪的是,我想知道为什么它对你来说看起来如此不同。 希望一些真正的网络向导能够对此有所启发。
另外,我注意到所有看起来奇怪的 URI: 都有以句点结尾的域名,我认为这甚至不合法。 我在 Google 上搜索,发现了一些旧的 Digg 线程,但无法找到提到奇怪的 URI:s 的确切评论。 奇怪的。
Hm ... No solution here, but as a datapoint: It doesn't look at all like that for me (Firefox 3.0.3, in Gentoo Linux). I get the following interesting elements in the header:
This looks fairly clean to me; four references to resources on the same server, plus one CSS from what looks like Yahoo!. Strange, I wonder why it looked so different for you. Hopefully some true web wizard can shed some light on that.
Also, I notice that all the weird-looking URI:s have domain names that end in a period, which I don't think is even legal. I Googled it, and found some old Digg thread, but was unable to locate the exact comment that mentioned the weird-looking URI:s. Strange.