朋友說 (15:08):
方便的話,你訪問當(dāng)年明月的 blog
http://blog.sina.com.cn/m/dangnianmingyue
用sniffer看看是不是會去下載一個
www.jcdh.cn/1.exe
的文件。我這只要一訪問這個頁面就下載這個病毒。其他頁面沒事。
我不能確定是我的機器中毒了還是這個頁面有問題。
精于心,簡于形[鄭昀] 說 (15:15):
http://www.xfocus.net/articles/200610/888.html
,這里面談到了。
“兩年前,訪問網(wǎng)站的時候經(jīng)常被重定位到北京寬帶智能糾錯網(wǎng)站去,比較煩人。
后來一段時間好象也沒有了,也就沒有注意了。這幾天,訪問網(wǎng)站的時候又經(jīng)常出現(xiàn)
一些奇怪的現(xiàn)象。初步判斷網(wǎng)絡(luò)有點問題,當(dāng)然我能確保我的系統(tǒng)是干凈的。
”
jcdh.cn whois 信息
Domain Name???? jcdh.cn
Domain Status??? ok
Registrant Name??? 呂先生
Administrative Email???
dayu2008@163.com
Sponsoring Registrar???
北京萬網(wǎng)志成科技有限公司
Name Server??? dns11.hichina.com
Name Server??? dns12.hichina.com
Registration Date??? 2006-09-15 14:11
Expiration Date??? 2007-09-15 14:11?
朋友說:
是。我正在看xfocus那個文章,幾天前看到過。
精于心,簡于形[鄭昀] 說:
我前幾個月原來說過這個問題,典型的流氓手段。
朋友?說:
是,我看過你那個文章。就是互聯(lián)星空捆綁最熱的時候。
精于心,簡于形[鄭昀] 說:
這回可能還是他們。和你的系統(tǒng)無關(guān)。
?
技術(shù)人員請看下面的xfocus討論:
誰動了我們的DNS
創(chuàng)建時間:2006-10-15 更新時間:2006-10-15
文章屬性:轉(zhuǎn)載
文章來源:internet
文章提交:
root
(webmaster_at_xfocus.org)
誰動了我們的DNS
2006-10-16
by 81d83889fb4a54b0d5d7e07d42c51422
本文遵從GPL協(xié)議,歡迎轉(zhuǎn)載
|=------------------------------------------------------------------------=|
---------[ Table of Contents ]
??0x1?? - 前言
??0x2?? - 一些怪現(xiàn)象
????0x2.1?? --????ping一些不存在的域名
????0x2.2?? --????抓包分析
??0x3????- 瀏覽器瀏覽不存在域名被重定位
????0x3.1?? --????現(xiàn)象
????0x3.2?? --????抓包分析
??0x4????- xxxxxx.bobodogs.com的統(tǒng)計數(shù)據(jù)
??0x5????-
www.bobodogs.com
的統(tǒng)計數(shù)據(jù)
??0x6????- 一次被引導(dǎo)到3721網(wǎng)站的過程
??0x7????- 有必要看下
www.jcdh.cn
這個網(wǎng)站
??0x8????- 小結(jié)
????0x8.1?? --????影響用戶范圍
????0x8.2?? --????解決辦法
|=------------------------------------------------------------------------=|
---------[ 0x1 - 前言 ]
一兩年前,訪問網(wǎng)站的時候經(jīng)常被重定位到北京寬帶智能糾錯網(wǎng)站去,比較煩人。
后來一段時間好象也沒有了,也就沒有注意了。這幾天,訪問網(wǎng)站的時候又經(jīng)常出現(xiàn)
一些奇怪的現(xiàn)象。初步判斷網(wǎng)絡(luò)有點問題,當(dāng)然我能確保我的系統(tǒng)是干凈的。
使用環(huán)境 winxp sp2 firefox,北京網(wǎng)通ADSL撥號上網(wǎng),使用DHCP自動分配IP和獲得DNS,
不使用IE是因為IE自身也內(nèi)嵌了3721查詢,正確的說是內(nèi)嵌了auto.search.msn.com.
關(guān)鍵字:DNS查詢 ,HTTP協(xié)議,WHOIS 查詢,DNS輪循
---------[ 0x2 - 一些怪現(xiàn)象 ]
這里就不重述DNS是如何工作的,以及DNS在整個互聯(lián)網(wǎng)中的重要性。
---------[ 0x2.1 - ping一些不存在的域名 ]
先來看看一些現(xiàn)象:
======================================================================
ping fuck12334566.com
Pinging fuck12334566.com [202.108.251.209] with 32 bytes of data:
Reply from 202.108.251.209: bytes=32 time=17ms TTL=247
Reply from 202.108.251.209: bytes=32 time=16ms TTL=247
Ping statistics for 202.108.251.209:
????Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
????Minimum = 16ms, Maximum = 17ms, Average = 16ms
Control-C
^C
ping fuck12334566.com
Pinging fuck12334566.com [202.108.251.209] with 32 bytes of data:
Reply from 202.108.251.209: bytes=32 time=15ms TTL=247
Ping statistics for 202.108.251.209:
????Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
????Minimum = 15ms, Maximum = 15ms, Average = 15ms
Control-C
^C
ping fuck12334567.com
Pinging fuck12334567.com [202.108.251.209] with 32 bytes of data:
Reply from 202.108.251.209: bytes=32 time=17ms TTL=247
Ping statistics for 202.108.251.209:
????Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
????Minimum = 17ms, Maximum = 17ms, Average = 17ms
Control-C
^C
ping fuck12334568.com
Pinging fuck12334568.com [202.108.251.207] with 32 bytes of data:
Reply from 202.108.251.207: bytes=32 time=18ms TTL=247
Reply from 202.108.251.207: bytes=32 time=17ms TTL=247
Ping statistics for 202.108.251.207:
????Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
????Minimum = 17ms, Maximum = 18ms, Average = 17ms
Control-C
^C
ping fuck12334569.com
Pinging fuck12334569.com [202.108.251.209] with 32 bytes of data:
Reply from 202.108.251.209: bytes=32 time=16ms TTL=247
Ping statistics for 202.108.251.209:
????Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
????Minimum = 16ms, Maximum = 16ms, Average = 16ms
Control-C
^C
ping fuck12334570.com
Pinging fuck12334570.com [202.108.251.206] with 32 bytes of data:
Reply from 202.108.251.206: bytes=32 time=16ms TTL=247
Ping statistics for 202.108.251.206:
????Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
????Minimum = 16ms, Maximum = 16ms, Average = 16ms
Control-C
^C
ping fuck12334571.com
Pinging fuck12334571.com [202.108.251.209] with 32 bytes of data:
Reply from 202.108.251.209: bytes=32 time=17ms TTL=247
Ping statistics for 202.108.251.209:
????Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
????Minimum = 17ms, Maximum = 17ms, Average = 17ms
Control-C
======================================================================
為什么會這樣,明名胡亂打的一個域名為什么會返回一系列IP地址呢,是偶然
還是巧合?
dns服務(wù)器返回的一些ip地址
202.108.251.209
202.108.251.206
202.108.251.207
202.108.251.213
===============================================================
inetnum:??????202.108.0.0 - 202.108.255.255
netname:??????CNCGROUP-BJ
descr:????????CNCGROUP Beijing province network
descr:????????China Network Communications Group Corporation
descr:????????No.156,Fu-Xing-Men-Nei Street,
descr:????????Beijing 100031
country:??????CN
admin-c:??????CH455-AP
tech-c:?????? SY21-AP
mnt-by:?????? APNIC-HM
mnt-lower:????MAINT-CNCGROUP-BJ
mnt-routes:?? MAINT-CNCGROUP-RR
changed:??????hm-changed@apnic.net 20031017
status:?????? ALLOCATED PORTABLE
changed:??????hm-changed@apnic.net 20060124
source:?????? APNIC
role:???????? CNCGroup Hostmaster
e-mail:?????? abuse@cnc-noc.net
address:??????No.156,Fu-Xing-Men-Nei Street,
address:??????Beijing,100031,P.R.China
nic-hdl:??????CH455-AP
phone:????????+86-10-82993155
fax-no:?????? +86-10-82993102
country:??????CN
admin-c:??????CH444-AP
tech-c:?????? CH444-AP
changed:??????abuse@cnc-noc.net 20041119
mnt-by:?????? MAINT-CNCGROUP
source:?????? APNIC
person:?????? sun ying
address:??????fu xing men nei da jie 97, Xicheng District
address:??????Beijing 100800
country:??????CN
phone:????????+86-10-66030657
fax-no:?????? +86-10-66078815
e-mail:?????? suny@publicf.bta.net.cn
nic-hdl:??????SY21-AP
mnt-by:?????? MAINT-CNCGROUP-BJ
changed:??????suny@publicf.bta.net.cn 19980824
changed:??????hm-changed@apnic.net 20060717
source:?????? APNIC
===============================================================
---------[ 0x2.2 - 抓包分析 ]
抓包分析下
===============================================================
Frame 3 (93 bytes on wire, 93 bytes captured)
Ethernet II, Src: Vmware_fc:4e:c4 (00:50:56:fc:4e:c4), Dst: Vmware_2b:e7:dd (00:0c:29:2b:e7:dd)
Internet Protocol, Src: 192.168.174.2 (192.168.174.2), Dst: 192.168.174.132 (192.168.174.132)
User Datagram Protocol, Src Port: domain (53), Dst Port: 1326 (1326)
Domain Name System (response)
????Transaction ID: 0xc627
????Flags: 0x8180 (Standard query response, No error)
????Questions: 1
????Answer RRs: 1
????Authority RRs: 0
????Additional RRs: 0
????Queries
????????fuck123445452.com: type A, class IN
????????????Name: fuck123445452.com
????????????Type: A (Host address)
????????????Class: IN (0x0001)
????Answers
????????fuck123445452.com: type A, class IN, addr 202.108.251.213
????????????Name: fuck123445452.com
????????????Type: A (Host address)
????????????Class: IN (0x0001)
????????????Time to live: 1 minute
????????????Data length: 4
????????????Addr: 202.108.251.213
===============================================================
很顯然dns服務(wù)器告訴我們的就是:fuck123445452.com的ip地址為202.108.251.213
---------[ 0x3 - 瀏覽器瀏覽不存在域名被重定位 ]
---------[ 0x3.1 - 現(xiàn)象 ]
??再來看看http協(xié)議上的問題,我們用firefox敲了一個網(wǎng)址進去
www.chinatesttesttest.com
(特意查了下,這個域名是還沒有被人注冊的) ,
結(jié)果返回回來的是
===============================================================
無法顯示網(wǎng)頁
您正在查找的頁當(dāng)前不可用。 網(wǎng)站可能遇到支持問題,或者您需要 調(diào)整您的瀏覽器
設(shè)置。
請嘗試以下操作:
????* ·單擊 refresh.gif (82 字節(jié)) 刷新按鈕,或稍后重試。
????* ·如果您已經(jīng)在地址欄中輸入該網(wǎng)頁的地址, 請確認其拼
==============================================================
是不是覺得奇怪呢,是的,不奇怪才怪了呢
---------[ 0x3.2 - 抓包分析 ]
抓包分析吧
firefox的動作
★ 第一步
??查詢
www.chinatesttesttest.com
的ip地址,如上一樣dns服務(wù)器返回
??202.108.251.215
★ 第二步
??2.1 向202.108.251.215發(fā)送GET / HTTP/1.1\r\n請求。
??2.2 202.108.251.215返回數(shù)據(jù)
===============================================================
Hypertext Transfer Protocol
Line-based text data: text/html
????<html>
????<head>
????<style>body{margin:0px;padding:0px;overflow:hidden;}</style>
????<!--<script language="javascript" type="text/javascript" src="
http://xxxxxx.bobodogs.com/"></script>-->
????</head>
????<body>
????????????<iframe name="iframe0" src="
http://www.jcdh.cn/1.html?url=www.chinatesttestest.com/"
WIDTH="100%" HEIGHT="100%" FRAMEBORDER="0" />
????
????<!--xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-->
????</body>
????</html>
????
===============================================================
ok這里出現(xiàn)了bobodogs.com和jcdh.cn這兩個網(wǎng)站。
看看這兩個網(wǎng)站分別是什么
jcdh.cn是北京寬帶網(wǎng)網(wǎng)站。(后補:是乍看是)
bobodogs.com是博博狗。
他們倆什么關(guān)系??
===============================================================
jcdh.cn whois 信息
Domain Name???? jcdh.cn
Domain Status????ok
Registrant Name????呂先生
Administrative Email????dayu2008@163.com
Sponsoring Registrar????北京萬網(wǎng)志成科技有限公司
Name Server????dns11.hichina.com
Name Server????dns12.hichina.com
Registration Date????2006-09-15 14:11
Expiration Date????2007-09-15 14:11
===============================================================
bobodogs whois 信息
?? Domain Name: BOBODOGS.COM
?? Registrar: HICHINA WEB SOLUTIONS (HONG KONG) LIMITED
?? Whois Server: grs.hichina.com
?? Referral URL:
http://whois.hichina.com
?? Name Server: DNS12.HICHINA.COM
?? Name Server: DNS11.HICHINA.COM
?? Status: ACTIVE
?? EPP Status: ok
?? Updated Date: 18-Jul-2006
?? Creation Date: 18-Jul-2006
?? Expiration Date: 18-Jul-2008
[grs.hichina.com]
Domain Name ..................... bobodogs.com
Name Server ..................... dns11.hichina.com
??????????????????????????????????dns12.hichina.com
Registrant ID ................... hc468722731-cn
Registrant Name ................. HAICHUAN LI
Registrant Organization ......... LI HAICHUAN
Registrant Address .............. BEIJING
Registrant City ................. BEIJING
Registrant Province/State ....... BEIJING
Registrant Postal Code .......... 100029
Registrant Country Code ......... CN
Registrant Phone Number ......... +86.01058208009 -
Registrant Fax .................. +86.01058208005 -
Registrant Email ................ ponyring@gmail.com
Administrative ID ............... hc468722731-cn
Administrative Name ............. HAICHUAN LI
Administrative Organization ..... LI HAICHUAN
Administrative Address .......... BEIJING
Administrative City ............. BEIJING
Administrative Province/State ... BEIJING
Administrative Postal Code ...... 100029
Administrative Country Code ..... CN
Administrative Phone Number ..... +86.01058208009 -
Administrative Fax .............. +86.01058208005 -
Administrative Email ............ ponyring@gmail.com
Billing ID ...................... hichina001-cn
Billing Name .................... hichina
Billing Organization ............ HiChina Web Solutions Limited
Billing Address ................. 3/F., HiChina Mansion
??????????????????????????????????No.27 Gulouwai Avenue
??????????????????????????????????Dongcheng District
Billing City .................... Beijing
Billing Province/State .......... Beijing
Billing Postal Code ............. 100011
Billing Country Code ............ CN
Billing Phone Number ............ +86.01064242299 -
Billing Fax ..................... +86.01064258796 -
Billing Email ................... domainadm@hichina.com
Technical ID .................... hichina001-cn
Technical Name .................. hichina
Technical Organization .......... HiChina Web Solutions Limited
Technical Address ............... 3/F., HiChina Mansion
??????????????????????????????????No.27 Gulouwai Avenue
??????????????????????????????????Dongcheng District
Technical City .................. Beijing
Technical Province/State ........ Beijing
Technical Postal Code ........... 100011
Technical Country Code .......... CN
Technical Phone Number .......... +86.01064242299 -
Technical Fax ................... +86.01064258796 -
Technical Email ................. domainadm@hichina.com
Expiration Date ................. 2008-07-18 06:21:34
===============================================================
??★ 第三步:
??根據(jù)返回回來的數(shù)據(jù),firefox繼續(xù)訪問
www.jcdh.cn
,GET 1.html?url=www.chinatesttestest.com
這次返回的數(shù)據(jù)如下:
===============================================================
Hypertext Transfer Protocol
Line-based text data: text/html
????<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
????<html>
????
????<head>
????<style>
????a:link\t\t\t{font:9pt/12pt \313\316\314\345; color:red}
????a:visited\t\t{font:9pt/12pt \313\316\314\345; color:#4e4e4e}
????img\t\t\t\t\t{display:none;}
????img.dis\t\t\t{display:inline;}
????</style>
????<script language="javascript" type="text/javascript">window.status="\315\352\261\317";</script>
????<script language="javascript" type="text/javascript" src="
http://xxxxxx.bobodogs.com/1.shtml"></script>
????<meta HTTP-EQUIV="Content-Type" Content="text-html; charset=gb2312">
????<title>bobodogs.com \325\322\262\273\265\275\267\376\316\361\306\367</title>
????</head>
????
????<body bgcolor="white">
????<table width="400" cellpadding="3" cellspacing="5">
??????<tr>
????????<td id="tableProps" valign="top" align="left"><img class="dis" id="pagerrorImg" SRC="res://shdoclc.dll/pagerror.gif"
????????width="25" height="33"></td>
????????<td id="tableProps2" align="left" valign="middle" width="360"><h1 id="textSection1"
????????style="COLOR: black; FONT: 13pt/14pt \313\316\314\345"><span id="errorText">\316\336\267\250\317\324\312\276\315\370\322\263</span></h1>
????????</td>
??????</tr>
??????<tr>
????????<td id="tablePropsWidth" width="400" colspan="2"><font
????????style="COLOR: black; FONT: 8pt/11pt verdana">\304\372\325\375\324\332\262\351\325\322\265\304\322\263\265\261\307\260\262\273\277\311\323\303\241\243
????????\315\370\325\276\277\311\304\334\323\366\265\275\326\247\263\326\316\312\314\342\243\254\273\362\325\337\304\372\320\350\322\252
????????\265\367\325\373\304\372\265\304\344\257\300\300\306\367\311\350\326\303\241\243</font></td>
??????</tr>
??????<tr>
????????<td id="tablePropsWidth" width="400" colspan="2"><font id="LID1"
????????style="COLOR: black; FONT: 9pt/12pt \313\316\314\345"><hr color="#C0C0C0" noshade>
????????<p id="LID2">\307\353\263\242\312\324\322\324\317\302\262\331\327\367:</p><ul>
??????????<li id="instructionsText1">\265\245\273\367
??????????<a xhref="javascript:location.reload()" _fcksavedurl=""javascript:location.reload()"" target="_self">
????\t???? <img class="dis" border=0 src="res://shdoclc.dll/refresh.gif" width="13" height="16" alt="refresh.gif (82 \327\326\275\332)" align="middle"></a> <a xhref="javascript:location.reload()" target="_self">\313\242\320\302</a>\260\264\305
??????????</li>
??????????
??????????<li id="instructionsText2">\310\347\271\373\304\372\322\321\276\255\324\332\265\330\326\267\300\270\326\320\312\344\310\353\270\303\315\370\322\263\265\304\265\330\326\267\243\254
????????????\307\353\310\267\310\317\306\344\306\264\320\264\325\375\310\267\241\243<br>
??????????</li>
??????????<li id="instructionsText3">\322\252\274\354\262\351\304\372\265\304\315\370\302\347\301\254\275\323\243\254\307\353\265\245\273\367<b>\271\244\276\337</b>\262\313\265\245\243\254\310\273\272\363\265\245\273\367
????????????<b>Internet \321\241\317\356</b>\241\243\324\332<b>\301\254\275\323</b>\321\241\317\356\277\250\311\317\243\254\265\245\273\367<b>\311\350\326\303</b>\241\243
????????????\311\350\326\303\261\330\320\353\323\353\304\372\265\304\276\326\323\362\315\370 (LAN) \271\334\300\355\324\261\273\362 Internet \267\376\316\361\271\251\323\246\311\314 (ISP) \314\341\271\251\265\304\322\273\326\302\241\243 </li>
???????? <li ID="list4">\262\351\277\264\304\372\265\304 Internet \301\254\275\323\311\350\326\303\312\307\267\361\325\375\310\267\261\273\274\354\262\342\241\243\304\372\277\311\304\334\311\350\326\303\310\303 Microsoft Windows \274\354\262\3
????????????<OL>
????????????<li id="instructionText6">\265\245\273\367<b>\271\244\276\337</b>\262\313\265\245\243\254\310\273\272\363\265\245\273\367<B>Internet \321\241\317\356</b>\241\243 </li>
????????????<li id="instructionText7">\324\332<b>\301\254\275\323</b>\321\241\317\356\277\250\311\317\243\254\265\245\273\367<b>LAN \311\350\326\303</b>\241\243</li>
????????????<li id="instructionText8">\321\241\324\361<b>\327\324\266\257\274\354\262\342\311\350\326\303</b>\243\254\310\273\272\363\265\245\273\367<b>\310\267\266\250</b>\241\243</li>
????????????</OL>
??????????</li>
????????<li id="instructionsText5">
?????????? \304\263\320\251\325\276\265\343\322\252\307\363 128-\316\273\265\304\301\254\275\323\260\262\310\253\320\324\241\243\265\245\273\367<b>\260\357\326\372</b>\262\313\265\245\243\254\310\273\272\363\265\245\273\367<b>\271\330\323\332
????????</li>
????????<li id="instructionsText4">
?????????? \310\347\271\373\304\372\322\252\267\303\316\312\304\263\260\262\310\253\325\276\265\343\243\254\307\353\310\267\261\243\304\372\265\304\260\262\310\253\311\350\326\303\304\334\271\273\326\247\263\326\241\243\307\353\265\245\273\367
????????</li>
???????? <li id="list3">\265\245\273\367<a href="javascript:history.back(1)"><img class="dis" valign=bottom border=0 src="res://shdoclc.dll/back.gif">\311\317\322\273\262\275</a>\260\264\305\245\243\254\263\242\312\324\306\344\313\373\301\264\
????????</ul>
????????<p><br>
????????</p>
????????<h2 id="IEText" style="font:9pt/12pt \313\316\314\345; color:black">\325\322\262\273\265\275\267\376\316\361\306\367\273\362 DNS \264\355\316\363<BR> Internet Explorer</h2>
????????</font></td>
??????</tr>
????</table>
????<script language="javascript" type="text/javascript" src="
http://js.users.51.la/549643.js"></script>
????<noscript><a href="
http://www.51.la/?549643"
target="_blank"><img alt="我要啦免费统计" src="
http://img.users.51.la/549643.asp"
style="border:none" /></a></noscript>
????</body>
????</html>
===============================================================
這個頁面就是上面我們看到了
===============================================================
無法顯示網(wǎng)頁
您正在查找的頁當(dāng)前不可用。 網(wǎng)站可能遇到支持問題,或者您需要 調(diào)整您的瀏覽器
設(shè)置。
請嘗試以下操作:
????* ·單擊 refresh.gif (82 字節(jié)) 刷新按鈕,或稍后重試。
????* ·如果您已經(jīng)在地址欄中輸入該網(wǎng)頁的地址, 請確認其拼
==============================================================
后面我們還看到有一個js腳本。
51.1a是免費統(tǒng)計流量的一個網(wǎng)站。
http://js.users.51.la/549643.js
里的內(nèi)容如下
===============================================================
document.write ('<a href="
http://www.51.la/?549643"
target="_blank"><img alt="我要啦免费统计 VIP 用户" src="
http://icon.ajiang.net/icon_0.gif"
style="border:none" /></a>\n');
document.write ('<script>var a549643tf="51la";var a549643pu="";var a549643pf="51la";var a549643su=window.location;var a549643sf=document.referrer;var a549643of="";var a549643op="";var a549643ops=1;var a549643ot=1;var a549643d=new Date();var a549643color="";if (navigator.appName=="Netscape"){a549643color=screen.pixelDepth;} else {a549643color=screen.colorDepth;}<\/script><script>a549643tf=top.document.referrer;<\/script><script>a549643pu =window.parent.location;<\/script><script>a549643pf=window.parent.document.referrer;<\/script><script>a549643ops=document.cookie.match(new RegExp("(^| )AJSTAT_ok_pages=([^;]*)(;|$)"));a549643ops=(a549643ops==null)?1: (parseInt(unescape((a549643ops)[2]))+1);var a549643oe =new Date();a549643oe.setTime(a549643oe.getTime()+60*60*1000);document.cookie="AJSTAT_ok_pages="+a549643ops+ ";expires="+a549643oe.toGMTString();a549643ot=document.cookie.match(new RegExp("(^| )AJSTAT_ok_times=([^;]*)(;|$)"));if(a549643ot==null){a549643ot=1;}else{a549643ot=parseInt(unescape((a549643ot)[2])); a549643ot=(a549643ops==1)?(a549643ot+1):(a549643ot);}a549643oe.setTime(a549643oe.getTime()+365*24*60*60*1000);document.cookie="AJSTAT_ok_times="+a549643ot+";expires="+a549643oe.toGMTString();<\/script><script>a549643of=a549643sf;if(a549643pf!=="51la"){a549643of=a549643pf;}if(a549643tf!=="51la"){a549643of=a549643tf;}a549643op=a549643pu;try{lainframe}catch(e){a549643op=a549643su;}document.write(\'<img style="width:0px;height:0px" src="
http://36.db.51.la/s.asp?id=549643&tpages=
\'+a549643ops+\'&ttimes=\'+a549643ot+\'&tzone=\'+(0-a549643d.getTimezoneOffset()/60)+\'&tcolor=\'+a549643color+\'&sSize=\'+screen.width+\',\'+screen.height+\'&referrer=\'+escape(a549643of)+\'&vpage=\'+escape(a549643op)+\'" \/>\');<\/script>');
===============================================================
這段js將產(chǎn)生一個
????
http://36.db.51.la/s.asp?id=549643&tpages=6&ttimes=1&tzone=8&tcolor=32&sSize=800,600&referrer=http%3A//www.chinatesttestest.com/&vpage=http%3A//www.jcdh.cn/1.html%3Furl%3Dwww.chinatesttestest.com/
????的請求,以增加xxx.dododogs.com的流量和PV。
??★ 第四步
????firefox的訪問那個36.db.51.la網(wǎng)站,增加其流量和PV.
---------[ 0x4 - xxxxxx.bobodogs.com的統(tǒng)計數(shù)據(jù) ]
??到此,firefox的任務(wù)完成了,我們來看看這個用戶ID為549643現(xiàn)在一些統(tǒng)計數(shù)據(jù)
基本情況
網(wǎng)站名稱:????xxxxxx.bobodogs.com
( 享有我要啦 VIP 貴賓服務(wù) )
網(wǎng)站地址:????
http://xxxxxx.bobodogs.com
網(wǎng)站簡介:????-
站長:????mohome
在線人數(shù):????正在讀取 人 [查看在線用戶詳情]
開始統(tǒng)計:????2006-9-6 14:00:00
已統(tǒng)計:????37.30 天
我要啦排名:????255 [最近3個月排名回顧]
基本流量狀況
????訪問量????瀏覽量
總量:????1136044 IP????4257828 PV
今日流量:????135122 IP????558541 PV
昨日流量:????135739 IP????544212 PV
本月合計:????355116 IP????1342385 PV
今年合計:????1136044 IP????4257828 PV
平均每日:????30457 IP????114151 PV
預(yù)計今日:????155220 IP????630867 PV
訪問量排名 ( 獨立IP排名 )
????2006-10-12 ????最近七天 ????最近三個月
IP 量 ????135739 IP ????218861 IP ????1000922 IP
訪問量排名 ????第 42 名 ????第 255 名 ????第 735 名
瀏覽量排名 ( PV排名 )
????2006-10-12 ????最近七天 ????最近三個月
PV 量 ????544212 PV ????781265 PV ????3699287 PV
瀏覽量排名 ????第 83 名 ????第 429 名 ????第 970 名
xxxxxx.bobodogs.com 的流量100%的來自/1.html?url=
===============================================================
IP ( 點擊 IP 追蹤訪問者 )??????上站時間??????來路??????入口網(wǎng)址??????回頭客?????? 瀏覽器??????Alexa
61.50.170.145 ????北京市 ????21:17:09 ????mv.baidusp.co ????/1.html?url=mv.baidusp.co/ ????1 ????MSIE 6.0 ????×
219.236.152.177 ????北京市 ????21:17:13 ????newcrm.chinaren.com ????/1.html?url=newcrm.chinaren.com/club ????1 ????MSIE 6.0 ????×
221.222.150.157 ????北京市崇文區(qū) ????21:16:53 ????product1.chinadns.co ????/1.html?url=product1.chinadns.com/cg ????1 ????MSIE 6.0 ????×
221.217.168.149 ????北京市朝陽區(qū) ????21:17:14 ????cc.525354.com ????/1.html?url=cc.525354.com/push.aspx? ????1 ????MSIE 6.0 ????×
219.238.4.189 ????北京市朝陽區(qū) ????21:16:52 ????
www.zhangxlei.com
????/1.html?url=www.zhangxlei.com/ ????1 ????MSIE 6.0 ????×
221.223.171.18 ????北京市海淀區(qū) ????21:17:15 ????
www.cn.dhl.cn
????/1.html?url=www.cn.dhl.cn/ ????1 ????MSIE 6.0 ????×
61.51.129.178 ????北京市海淀區(qū) ????21:17:02 ????
www.9002
. ????/1.html?url=www.9002./ ????1 ????MSIE 6.0 ????×
221.220.130.220 ????北京市大興區(qū) ????21:17:14 ????prced.com ????/1.html?url=prced.com/ ????1 ????MSIE 6.0 ????√
221.223.182.253 ????北京市海淀區(qū) ????21:17:07 ????374.adsina.allyes.co ????/1.html?url=374.adsina.allyes.com/ma ????1 ????MSIE 6.0 ????×
221.221.223.109 ????北京市海淀區(qū) ????21:16:53 ????
www.uuubbb.com
????/1.html?url=www.uuubbb.com/ ????1 ????MSIE 6.0 ????×
221.4.236.194 ????廣東省惠州市 ????21:17:05 ????
www.163com
????/1.html?url=www.163com/ ????1 ????MSIE 6.0 ????×
60.194.223.82 ????北京市 ????21:16:48 ????minisite.qq.com ????/1.html?url=minisite.qq.com/all/alli ????1 ????MSIE 6.0 ????×
......
===============================================================
本身
http://xxxxxx.bobodogs.com/
的網(wǎng)站訪問過去的時候報了個http 404錯誤。
---------[ 0x5 -
www.bobodogs.com
的統(tǒng)計數(shù)據(jù) ]
www.bobodogs.com
本身自己定位是一個博客,美女,美圖的這么一個網(wǎng)站。
來看看
www.bobodogs.com
的統(tǒng)計情況
基本情況
網(wǎng)站名稱:????博博狗
網(wǎng)站地址:????
http://www.bobodogs.com
網(wǎng)站簡介:????-
站長:????bobodogs
在線人數(shù):????正在讀取 人 [查看在線用戶詳情]
開始統(tǒng)計:????2006-9-12 14:00:00
已統(tǒng)計:????31.90 天
我要啦排名:????11650 [最近3個月排名回顧]
基本流量狀況
????訪問量????瀏覽量
總量:????8059 IP????36861 PV
今日流量:????154 IP????1627 PV
昨日流量:????315 IP????2410 PV
本月合計:????3845 IP????16446 PV
今年合計:????8059 IP????36861 PV
平均每日:????253 IP????1156 PV
預(yù)計今日:????398 IP????3566 PV
訪問量排名 ( 獨立IP排名 )
????2006-10-13 ????最近七天 ????最近三個月
IP 量 ????315 IP ????1851 IP ????7905 IP
訪問量排名 ????第 10188 名 ????第 11650 名 ????第 19536 名
瀏覽量排名 ( PV排名 )
????2006-10-13 ????最近七天 ????最近三個月
PV 量 ????2410 PV ????8943 PV ????35234 PV
瀏覽量排名 ????第 7003 名 ????第 10102 名 ????第 17594 名
---------[ 0x6 - 一次被引導(dǎo)到3721網(wǎng)站的過程 ]
??按照上面的分析,現(xiàn)在只要訪問一個沒有注冊的域名的話,會經(jīng)過一系列的過程后看
到一個網(wǎng)站不可訪問的頁面。也就是下面這個
===============================================================
無法顯示網(wǎng)頁
您正在查找的頁當(dāng)前不可用。 網(wǎng)站可能遇到支持問題,或者您需要 調(diào)整您的瀏覽器
設(shè)置。
請嘗試以下操作:
????* ·單擊 refresh.gif (82 字節(jié)) 刷新按鈕,或稍后重試。
????* ·如果您已經(jīng)在地址欄中輸入該網(wǎng)頁的地址, 請確認其拼
==============================================================
但是有幾次這樣的一個過程居然被引導(dǎo)到了3721的查詢網(wǎng)站上去了。
我們再來看看這個過程的細節(jié)吧。
??★ 第一步 進行dns查詢 testtest3.localdomain
==============================================================
Domain Name System (response)
????Transaction ID: 0xccc1
????Flags: 0x8180 (Standard query response, No error)
????Questions: 1
????Answer RRs: 1
????Authority RRs: 0
????Additional RRs: 0
????Queries
????Answers
????????testtest3.localdomain: type A, class IN, addr 61.51.18.112
????????????Name: testtest3.localdomain
????????????Type: A (Host address)
????????????Class: IN (0x0001)
????????????Time to live: 1 minute
????????????Data length: 4
????????????Addr: 61.51.18.112
==============================================================
??一個還沒注冊的域名,這次返回的IP是61.51.18.112.
??經(jīng)過whois查詢,這個IP地址信息如下:
==============================================================
inetnum:??????61.51.16.0 - 61.51.31.255
netname:??????TONGKE-NET
descr:????????Beijing Tonek Information Telenology Company
country:??????CN
admin-c:??????LS39-AP
tech-c:?????? LS39-AP
mnt-by:?????? MAINT-CHINANET-BJ
mnt-lower:????MAINT-CHINANET-BJ-TK
status:?????? ASSIGNED NON-PORTABLE
changed:??????hostmast@publicf.bta.net.cn 20020221
changed:??????hm-changed@apnic.net 20040927
source:?????? APNIC
person:?????? Liu ShuAn
address:??????West ChangAn Street 11,XiCheng District
address:??????Beijing,??100031
country:??????CN
phone:????????+86-10-66054242
fax-no:?????? +86-10-66030434
nic-hdl:??????LS39-AP
mnt-by:?????? MAINT-NULL
changed:??????suny@publicf.bta.net.cn 19980827
source:?????? APNIC
==============================================================
??★ 第二步 訪問61.51.18.112這個網(wǎng)站 返回的數(shù)據(jù)為
==============================================================
Hypertext Transfer Protocol
????HTTP/1.1 200 OK\r\n
????Set-Cookie: JSESSIONID=8B31638C6757CB1337F65F6E21B6107E; Path=/\r\n
????Content-Type: text/html;charset=ISO-8859-1\r\n
????Content-Length: 652\r\n
????Date: Fri, 13 Oct 2006 09:17:26 GMT\r\n
????Server: Apache-Coyote/1.1\r\n
????\r\n
Line-based text data: text/html
????<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
????
????
????<Script language="JavaScript">
????document.write("<HTML>");
????document.write("<meta HTTP-EQUIV=\"Content-Type\" Content=\"text-html; charset=gb2312\">");
????document.write("<head>");
????document.write("<META HTTP-EQUIV=\"refresh\" content=\"0.1;URL=/URLAsk\">")
????document.write("<title>No Page Found</title></head>");
????//document.write("<FrameSet border=\"0\" cols=\"*,0\">");
????//document.write("<Frame height=\"100%\" frameborder=\"0\" width=\"100%\" src=\"/URLAsk\">");
????//document.write("<Frame src=\"\">");
????//document.write("</FrameSet>");
????document.write("<body></body></HTML>");
????</Script>
==============================================================
????直接重新導(dǎo)向本網(wǎng)站的/URLAsk
??
??★ 第三步 訪問61.51.18.112 的/URLAsk 返回的數(shù)據(jù)為
==============================================================
Hypertext Transfer Protocol
????HTTP/1.1 302 Moved Temporarily\r\n
????Location:
http://auto.search.msn.com/response.asp?MT=testtest3&rov=&utf8
\r\n
????Content-Length: 0\r\n
????Date: Fri, 13 Oct 2006 09:17:26 GMT\r\n
????Server: Apache-Coyote/1.1\r\n
????\r\n
==============================================================
????又重新導(dǎo)向auto.search.msn.com,auto.search.msn.com會使用3721的東西來搜索,返回給用戶看到的
就是yahoo的3721網(wǎng)站搜索。到此,通過dns的引導(dǎo),網(wǎng)站的配合,最終引導(dǎo)到y(tǒng)ahoo的3721搜索網(wǎng)站。
---------[ 0x7 - 有必要看下
www.jcdh.cn
這個網(wǎng)站 ]
下面是這個網(wǎng)站的首頁面內(nèi)容
==============================================================
<title>北京寬帶網(wǎng)-糾錯導(dǎo)航</title>
....
<td height="110" colspan="2"><table width="100%" height="110" border="0" cellpadding="0" cellspacing="0">
??<tr>
????<td width="140" height="90" valign="bottom"><img src="pop/bbn_logo.jpg" width="130" height="75" border="0"/><span class="STYLE2"> </span></td>
????<td width="209" valign="bottom"><span class="STYLE2"><span class="STYLE4">溫馨提示</span><span class="STYLE5">:</span><br />
??????<br />
??????您輸入的域名或網(wǎng)址無法訪問!<br />
??????可能是輸入錯誤,或是網(wǎng)站訪問超時!</span></td>
????<td width="450" align="right" valign="bottom"><div style="padding-bottom:10px"><img src="pop/g5.jpg" width="430" height="60" /></div></td>
??</tr>
??<tr>
????<td colspan="2" align="right" class="STYLE2"> </td>
????<td><span class="STYLE3"> 我們?yōu)槟嬲\推薦以下精彩內(nèi)容</span></td>
??</tr>
</table></td>
</tr>
??<tr>
????<td width="350"><table width="100%" height="500" border="0" cellpadding="0" cellspacing="0">
??????
??????<tr>
????????<td valign="top"><table width="345" height="400" border="0" cellpadding="0" cellspacing="0">
??????????<tr>
????????????<td><iframe src="error.html" width="345" height="500" marginheight="0" marginwidth="0" frameborder="0" style="border:1px #D6E9F7 solid;"></iframe></td>
??????????</tr>
????????</table></td>
??????</tr>
???? </table></td>
????<td><table width="100%" height="500" border="0" cellpadding="0" cellspacing="0">
??????<tr>
????????<td height="218" align="right" valign="top"><table width="430" border="0" cellpadding="0" cellspacing="0">
??????????<tr>
????????????<td valign="top"><table width="100%" border="0" cellspacing="0" cellpadding="0">
??????????????<tr>
????????????????<td width="430" height="34" background="pop/430-34.jpg"><table width="100%" height="34" border="0" cellpadding="0" cellspacing="0">
??????????????????<tr>
????????????????????<td width="20"> </td>
????????????????????<td width="73" align="center" class="STYLE6">焦點</td>
????????????????????<td width="71" align="center"><div class="div_sub"><a href="
http://www.bobodogs.com/sh/jujiaoshehui/"
target="_blank">社會</a></div></td>
????????????????????<td width="71" align="center"><div class="div_sub"><a href="
http://www.bobodogs.com/lx/xingshizhenxinhua"
target="_blank">兩性</a></div></td>
????????????????????<td width="71" align="center"><div class="div_sub"><a href="
http://www.bobodogs.com/sp/"
target="_blank">視頻</a></div></td>
????????????????????<td width="76" align="center"><div class="div_sub"><a href="
http://www.bobodogs.com/tp"
target="_blank">美圖</a></div></td>
????????????????????<td> </td>
??????????????????</tr>
??????????????????
????????????????</table></td>
...
==============================================================
我們看到
??最上面的title是顯示的北京寬帶網(wǎng)-糾錯導(dǎo)航,
??左上角使用的北京-寬帶網(wǎng)-BNN的logo,還有“溫馨提示:您輸入的域名或網(wǎng)址無法訪問!
??????可能是輸入錯誤,或是網(wǎng)站訪問超時”,
??左下角是一個error.html頁面 ,
http://www.jcdh.cn/error.html
,顯示
??????無法顯示網(wǎng)頁,模擬的是 Internet Explorer 找不到服務(wù)器或 DNS 錯誤 的錯誤。
??????(我可是用的是firefox啊)
??右邊是連接到
www.bobodogs.com
的內(nèi)容。
---------[ 0x8 - 小結(jié) ]
??
??本文是一篇技術(shù)文章,不想多說什么了......
??
??
??網(wǎng)上類試的文章
??是誰控制了我們的瀏覽器?
??
http://news.newhua.com/html/Skill_NetSoft/2006-8/21/0682112053342225_79.shtml
---------[ 0x8.1 - 影響用戶范圍 ]
??
??從51.la的統(tǒng)計上來看,影響的是北京網(wǎng)通的ADSL撥號用戶
---------[ 0x8.2 - 解決辦法 ]
??假如你比較厭煩這個東西的話,不要設(shè)置自動獲得DNS服務(wù)器地址,自己手動添寫非網(wǎng)通的DNS服務(wù)器。
??比如北京電信的 202.96.199.133??202.96.0.133??202.106.0.20??202.106.148.1??202.97.16.195????
---------EOF
Trackback: http://tb.blog.csdn.net/TrackBack.aspx?PostId=1336796
更多文章、技術(shù)交流、商務(wù)合作、聯(lián)系博主
微信掃碼或搜索:z360901061
微信掃一掃加我為好友
QQ號聯(lián)系: 360901061
您的支持是博主寫作最大的動力,如果您喜歡我的文章,感覺我的文章對您有幫助,請用微信掃描下面二維碼支持博主2元、5元、10元、20元等您想捐的金額吧,狠狠點擊下面給點支持吧,站長非常感激您!手機微信長按不能支付解決辦法:請將微信支付二維碼保存到相冊,切換到微信,然后點擊微信右上角掃一掃功能,選擇支付二維碼完成支付。
【本文對您有幫助就好】元
