This article is a mirror article of machine translation, please click here to jump to the original article.

Architect_Programmer_Code Agriculture Network»Architect Other Technologies Website building Baidu Cloud accelerates attention to email address obfuscation/WAF
View: 15096|Reply: 3

[Webmaster Communication] Baidu Cloud accelerates attention to email address obfuscation/WAF

[Copy link]
Posted on 10/10/2015 8:49:44 PM | | | |

Today, April 14, 2015, Chuangyu Cloud had a chance to draw, so I went to the lottery early in the morning, and drew a professional package of Baidu Cloud Acceleration, the URL is http://next.su.baidu.com/, why copy the address of Cloud Acceleration is because Baidu Cloud Acceleration has two, or one is su.baidu.com
So the blog Baidu Cloud Acceleration wanted to try it out, so I accessed it.
After that, I found a problem when reviewing the review, please see the picture below


There is something more after the email address of the comment, and the copied content is as follows:

  1. /* <![CDATA[ */!function(){try{var t="currentscrip{过滤}t"in document?document.currentscrip{过滤}t:function(){for(var t=document.getElementsByTagName("scrip{过滤}t"),e=t.length;e--;)if(t[e].getAttribute("cf-hash"))return t[e]}();if(t&&t.previousSibling){var e,r,n,i,c=t.previousSibling,a=c.getAttribute("data-cfemail");if(a){for(e="",r=parseInt(a.substr(0,2),16),n=2;a.length-n;n+=2)i=parseInt(a.substr(n,2),16)^r,e+=String.fromCharCode(i);e=document.createTextNode(e),c.parentNode.replaceChild(e,c)}}}catch(u){}}();/* ]]> */
Copy code


A piece of js code, could it have been hacked? Check the source code of the web page There is also the above code, as shown in the figure below

So I downloaded the entire website and checked whether the source code of the website contained the above code, but it didn't. Could it be that the code has been encrypted, so I thought about various methods and found the source code.
How did you find this problem?
After that, I had a single link to see what the content was, and generally hackers would put a piece of content

The results see Baidu's information


Baidu Cloud Acceleration, which was only turned on today, turned out to be Baidu Cloud Acceleration, so I only found the [Rule Customization] link package to add the background address [Security General Settings: Email Address Obfuscation/WAF] This item was turned off
The problem was solved

It turned out that Baidu Cloud acceleration caused a website background error
It took me an afternoon and I was depressed


Original: http://www.phpsong.com/663.html




Previous:C# writes and reads out text files
Next:C# mailbox anti-obfuscation, decrypting the email address in javascrip{filter}t

Related Posts
 Landlord| Posted on 10/10/2015 8:52:01 PM |

This code is the front-end JS code, PHP is the back-end language, and this code has nothing to do with PHP;
This code is not a virus Trojan code, and the detection tool detects red probably because it is placed in the annotation CDATA block. Annotation CDATA blocks were actually created because low-end browsers did not recognize JS code, and now there is no need to comment them anymore.
If you are still not at ease, then let me tell you, this code hides your real email address for you. Because many spammers and even search engines will use crawlers to scan the mailboxes of various websites (because the email format characteristics are obvious), and then send you spam after scanning. So this code is simply encrypted by PHP and written to a string of hexadecimal numbers on the page, and then decrypted with JS, so that the crawler can't scan your email, it's that simple.
Maybe the buddy who adopted it was not convinced, saying that such a piece of code could not see anything. Well, let me tell you what each line means.
First of all, it is a closure, which everyone who understands the front end knows.
Then try it out to be cautious and avoid errors in the IE pop-up page script.
Then get the document.currentscrip{filter}t tag. If you don't have this property, just do it in the original way, and here it is another self-executing function (closure).
Get the current scrip{filtering}t tag, the previous one happens to be the encryption tag, and the mailbox is in the data-cfemail attribute of this tag, save this tag as a variable c.
Then it's decryption.
The decryption algorithm is very simple, that is, a string of 16decimal strings, read in pairs.
The first two are read out as keys
Read every two from the back, make a difference with the key, and read the letters in ASCII
These letters are spelled out of your mailbox
After decryption, create a text node and replace the original encryption label, and you're done

This paragraph comes from Baidu Knows Answer
Posted on 10/10/2015 9:20:28 PM |
Mainly how to decrypt the original email address?
 Landlord| Posted on 10/10/2015 10:24:14 PM |
Wu Soft Inquiry Group Posted on 2015-10-10 21:20
Mainly how to decrypt the original email address?

http://www.itsvse.com/thread-2333-1-1.html

This is the .NET decryption email address
Disclaimer:
All software, programming materials or articles published by Code Farmer Network are only for learning and research purposes; The above content shall not be used for commercial or illegal purposes, otherwise, users shall bear all consequences. The information on this site comes from the Internet, and copyright disputes have nothing to do with this site. You must completely delete the above content from your computer within 24 hours of downloading. If you like the program, please support genuine software, purchase registration, and get better genuine services. If there is any infringement, please contact us by email.
Mail To:help@itsvse.com