Case study: A Web site is hung black chain analysis process

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Received customer information said in Webmaster Tools tool.chinaz.com ' website was detected by black detection of abnormal site, according to provide clues in webmaster tools on the detection of the following findings:

is obviously hung up the black chain, because never done hanging black chain of work so on the black chain of the various skills are not very understand, the first reaction is certainly the site file was malicious tampering, so immediately check the site source files, after a comparison did not find obvious anomalies, but the black chain in the end is from where?

Look again at the test results given by Webmaster Tools, found that the following normal access to the simulation results of the page is normal, and the above abnormal results are through the simulation search engine out, carefully look at the abnormal results, directly stated the Baiduspider, to here probably meaning is clear: when Baidu crawler came, Will give the black chain, but will not affect the normal user access, in order to achieve covert purposes.

So let's simulate to see if the test results are accurate:

Curl xxx.com Get the following results, showing normal:

Let's imitate Baiduspider:

Curl-a "Baiduspider" xxx.com, which is the result of the following:

It turns out our guess was set up, but since the site source code has not been modified, where exactly is the black chain? Since the black chain is based on the reptilian type, then

We look directly at the crawler's keywords:

Grep-ri Baiduspider Web_root_master

At this time finally found the problem, In the Global.asax file hidden a large section of JS script, because the customer's Web site program is. NET development of the previous in the win environment to do the comparison, the beginning also found Global.asax file, but win under the text editing class software opened only to see a blank, in fact, the real code is hidden in hundreds of lines.

Below, just clever use of the general people are not careful and the graphical interface to open the document to show the first part of the blank weakness, this code is as follows:

. NET program if the default Web site root directory has global.asa or two global.asax files, then as a global file priority loading, and this is estimated that the vast number of black chain hanging horse-linked players favorite trick. This JS role only for Baidu Crawler, no wonder I use Baidu search technology documents have never been accurate, too targeted.

At the same time, we also note that the black chain of content from the use of a Third-party domain HTML file, this point is the wisdom of hanging black chain can be based on real-time adjustment of black chain content, and even some professional estimates have already realized the black chain content dynamic update. The websites I came across were just one of the countless victims of their actions.

We also noticed that the black chain content source site, if the energy is more vigorous point I would like to give him this point to abort, but fortunately, estimated anquan.org and 360 site Security Center for such illegal information site is interested.

Article Source: Century Orient (http://www.51web.com/), reprint please indicate the address, thank you.