Shulou(Shulou.com)06/01 Report--

How to detect the existence of hijacking?

Use IIS7 site monitoring, enter the monitoring page, enter the domain name of the site you need to test, click "submit Test", we can see "test times", "return code", "finally open site", "open time", "site IP", "test place", "site title" and other monitoring content, so that our website can always be in a safe situation.

What are the types of network hijacking?

1. Traffic hijacking

1.1 whole station jump

This kind of hijacking is more direct and easy to detect. Usually, hijackers achieve global hijacking by loading js in the page or implanting code in the web server, but generally speaking, they only hijack the traffic from the search engine to prevent the webmaster from repairing it immediately after being aware of it.

Repair & prevention:

1.1.1 it is recommended to install third-party protection software and check the source code changes regularly.

1.1.2 pay attention to the server log and check for any changes in login.

1.1.3 change to IP to search in other areas and click to view.

1.2 keyword jump

This hijacking method will be more hidden, and will only jump separately for some of the key points. This is the first upgrade type, which needs to be checked regularly by the site.

1.3 Framework hijacking

This way is more common, directly in the site loading in the source code to add js, hide the original page body, display some unknown ads or page content, most of the same restrictions on the source for the search engine to trigger.

1.4 Snapshot hijacking

The way of snapshot hijacking is that when the search engine crawls, replace your page with a page with specific keywords, and take advantage of the site itself to capture and build a database to achieve an unnoticed ranking.

Repair & prevention:

This kind of way requires the webmaster to pay more attention to your collection and presentation on the Baidu page.

1.5 DNS hijacking

DNS hijacking technology is currently the most high-end way, non-contact can be controlled at any time, operators directly hijacked your site to jump to some XXX sites, now the upgraded version can also be specific users, specific areas, etc., use user profiles to filter user hijacking methods, in addition, this kind of advertising display is more random and smaller, the general webmaster unless users complain otherwise it is difficult to detect Even if you are aware of the forensics, it is more difficult to report.

Repair & prevention:

1.5.1 Forensics is very important, such as time, place, IP, dial-up account, screenshot, url address, etc.

1.5.2 complaint feedback can be made with telecom operators in the hijacked area.

1.5.3 if the complaint feedback is invalid, go directly to the Ministry of Industry and Information Technology to complain, generally speaking, your domain name will be added.

1.6 third-party plug-in hijacking

Part of the reason for the recent beacon algorithm is that some advertising alliances hijacked Baidu search through the site js, hijacking the page address of Baidu search results. This kind of alliance is very afraid, secretly do not know how many similar things have been done, of course, some may also be done by telecom operators.

What we must pay attention to here is: advertising alliance, statistical tools.

Repair & prevention:

1.6.1 try to use regular manufacturers (of course, regular manufacturers also have the risk of being hacked)

1.6.2 since you have to use it, pay more attention to the news.

1.6.3 if there is a https version, try to use the https version.

two。 Weight hijacking

2.1 Spider hijacking

This kind of snapshot hijacking is theoretically the same, but the purpose is different. By loading some links, spiders can find more pages that the hijackers need to crawl.

2.2301 weight transfer

This kind of hijackers is relatively dark, after obtaining the shell, the weight transfer is carried out directly, but the effect of the simple 301 is slow, and it will generally be revised through the webmaster platform. So everyone must bind your mobile email and log in to the platform regularly to pay attention to the platform information. In addition, this kind of technique is normal for users to visit. 301 status will be given only when the search engine comes to grab it.

2.3 Black chain

This kind of many friends should have encountered, hang a batch of black chain in the site, it can be seen that there are invisible, but generally speaking, there are fewer and fewer people doing this, nothing to glance at their own source code.

2.4 Black pages (pan-parsing, reverse generation)

Automatic reproduction, reverse proxy, in fact, many of the above methods are the same, but there is a slight difference in form and implementation.

2.5 search cache

This kind of hijacking broke out a few years ago, and many people made use of the site's search cache mechanism to create a large number of pages to leave contact information. We will not discuss it in depth here.

3. Advertising hijacking

The purpose of this kind of hijacking is relatively simple, replace the advertising alliance of the site or the original advertising display scheme of the site, to achieve the purpose of earning his money with your traffic. The same main hijackers: operators, *.

4. Other hijacking (browser, routing).

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.