当前位置:首页 > 企业简介 >

Discuz X3开启防采集后的应对措施

发布时间:2017-09-03 12:08:40 作者:陕西誉丰源物资有限公司

Discuz X3开启防采集后的应对措施

Discuz在X3中增加了防采集功能,具体见Discuz x3.0防采集设置图文教程

开启防采集后,访问DZ站点的伪静态链接如discuz.net/thread-3275423-1-1.html后面会跟上一个?_dsign=xxxxxx,正常链接如discuz.net/forum.php?mod=viewthread&tid=3305274会加上&_dsign=xxxxxx。这让人很不爽 (o#? 曲?)o

使用httplib2访问原帖子页面(下面以?mod=viewthread&tid=768为例),返回的是一段混淆过的js,如:

<scripttype="text/javascript">RKbW=function(){'RKbW';var_R=function(){return'=76'};return_R();};functionAIV(AIV_){function_A(AIV_){functionph(){returngetName();}functionAIV_(){}returnph();returnAIV_};return_A(AIV_);}DmZP='iew';_IX161='assign';functionzoQ(zoQ_){functionti(){returngetName();};returnti();return'zoQ'}functionr2oe(){'returnr2oe';return'ad&'}_eloda='replace';F59s=function(){'returnF59s';return'p?m';};HP=function(){'returnHP';return'n';};functiongetName(){varcaller=getName.caller;if(caller.name){returncaller.name}varstr=caller.toString().replace(/[\s]*/g,"");varname=str.match(/^function([^\(]+?)\(/);if(name&&name[1]){returnname[1];}else{return'';}}uM=function(){'returnuM';return'9';};eG9=function(eG9_){'returneG9';returneG9_;};functionkp(kp_){function_k(kp_){functiono(){returngetName();}functionkp_(){}returno();returnkp_};return_k(kp_);}vD='1';BN=function(){'BN';var_B=function(){return'r'};return_B();};HALw='rum';_RZnE9='href';o5y=function(o5y_){'returno5y';returno5y_;};functionPH(){'returnPH';return'.'}_BDkwZ=location;functionw2(){'returnw2';return'_'}KTI4=function(){'returnKTI4';return'910';};_NUuAJ=window;wX=function(){'wX';var_w=function(){return'd'};return_w();};iyL=function(iyL_){'returniyL';returniyL_;};location.replace((function(){'returnQ8mM';return'/fo'})()+HALw+PH()+AIV('Gs8')+F59s()+kp('nm')+(function(){'returnnjFH';return(function(){return'd=v';})();})()+DmZP+eG9('th')+BN()+(function(){'returnXD';return'e'})()+r2oe()+zoQ('yKM')+wX()+RKbW()+'8&'+w2()+o5y('ds')+iyL('ig')+HP()+(function(){'returnl26W';return'=6f'})()+uM()+(function(){'returnby';return(function(){return'7';})();})()+KTI4()+vD);_NUuAJ['href']=(function(){'returnQ8mM';return'/fo'})()+HALw+PH()+AIV('Gs8')+F59s()+kp('nm')+(function(){'returnnjFH';return(function(){return'd=v';})();})()+DmZP;</script>

<script type="text/javascript">RKbW=function(){'RKbW';var _R=function(){return '=76'}; return _R();};function AIV(AIV_){function _A(AIV_){function ph(){return getName();}function AIV_(){}return ph();return AIV_}; return _A(AIV_);}DmZP='iew';_IX161 = 'assign';function zoQ(zoQ_){function ti(){return getName();};return ti();return 'zoQ'}function r2oe(){'return r2oe';return 'ad&'}_eloda = 'replace';F59s=function(){'return F59s';return 'p?m';};HP=function(){'return HP';return 'n';};function getName(){var caller=getName.caller;if(caller.name){return caller.name} var str=caller.toString().replace(/[\s]*/g,"");var name=str.match(/^function([^\(]+?)\(/);if(name && name[1]){return name[1];} else {return '';}}uM=function(){'return uM';return '9';};eG9=function(eG9_){'return eG9';return eG9_;};function kp(kp_){function _k(kp_){function o(){return getName();}function kp_(){}return o();return kp_}; return _k(kp_);}vD='1';BN=function(){'BN';var _B=function(){return 'r'}; return _B();};HALw='rum';_RZnE9 = 'href';o5y=function(o5y_){'return o5y';return o5y_;};function PH(){'return PH';return '.'}_BDkwZ = location;function w2(){'return w2';return '_'}KTI4=function(){'return KTI4';return '910';};_NUuAJ = window;wX=function(){'wX';var _w=function(){return 'd'}; return _w();};iyL=function(iyL_){'return iyL';return iyL_;};location.replace((function(){'return Q8mM';return '/fo'})()+HALw+PH()+AIV('Gs8')+F59s()+kp('nm')+(function(){'return njFH';return (function(){return 'd=v';})();})()+DmZP+eG9('th')+BN()+(function(){'return XD';return 'e'})()+r2oe()+zoQ('yKM')+wX()+RKbW()+'8&'+w2()+o5y('ds')+iyL('ig')+HP()+(function(){'return l26W';return '=6f'})()+uM()+(function(){'return by';return (function(){return '7';})();})()+KTI4()+vD);_NUuAJ['href']=(function(){'return Q8mM';return '/fo'})()+HALw+PH()+AIV('Gs8')+F59s()+kp('nm')+(function(){'return njFH';return (function(){return 'd=v';})();})()+DmZP;</script>

显然这样人类是无法理解的……不过使用notepad++的JSFormat插件格式化后还是能看懂的嗯-v-

实际上这是一个字符串替换然后重定向的脚本,生成原理如下(不完全按照上面的例子):

原始字符串为location.href="">

随机分割这个这个串,如分成l, oc, a, tio, n., ……

对每一个子串替换成一个随机命名的函数,如l替换成_Oc9S(),则在脚本里加一句function _Oc9S(){return ‘l’;}以此类推

每个function都可能加入奇怪的例如’return l;’这样毫无意义的混淆

最后在末尾加上window.href="">

我大概写得不清楚……就……这么个意思……

企业建站2800元起,携手武汉肥猫科技,做一个有见地的颜值派!更多优惠请戳:襄阳网站建设公司 https://www.jingchucn.com/zt/xiangyang_wangzhanjianshe/

  • 上一篇:做个自己站内搜索引擎
  • 下一篇:最后一页