When visiting the blog of Wang Boyuan yesterday, the polar guests discovered that the website jumped to the website www.cjb.net from time to time. It almost jumped to open wangbaiyuan.cn, and other websites did not encounter such strange events. .This situation first appeared only on 360 speed browsers, even if I subconsciously clear the cache, cookies, still did not work.In the end I changed other browsers and found that this was only happening on 360-speed browsers, and it happened occasionally; I had to give up trying to solve the unsuccessful method of uninstalling browser plug-ins.Perhaps 360 speed browser poisoning it, Oh, 360 also known as safe! This evening, I noticed that the annoying automatic jump to cjb.net reappeared, and this time no matter what the browser is, including Edge, IE.This led me to believe that the website was "invaded" and that the "intrusion" method was very obvious, with the js containing the jump code.Because when I examine the element "disable js" the jump will not occur.Then I took a look at Wang Baiyuan’s blog on an article page that references 30 js. As long as one of the js files is embedded with a malicious jump code, there will be automatic jumps. Since the URL jumped very quickly, I believe the js file is in the head of the html. I finally found that my head referenced a Sina CDN jquery.min.js at: http://lib.sinaapp.com/ Js/jquery/1.7.2/jquery.min.js; This is a Jquery CDN source provided by my wordpress theme. When I changed the Jquery source from CDN to use native Jquery, the problem was solved. It is undoubtedly Sina's Jquery. The source was hijacked.Open this js to see, no wonder: And lib.sinaapp.com domain name no matter what link is this content; finally found on the Internet recommended Jquery CDN, Sina Sina's CDN is still quite a lot, it is estimated that this time the recruit should be More than me.Finally, I decisively replaced Baidu's Jquery CDN: http://libs.baidu.com/jquery/1.9.1/jquery.min.js; of course, the automatic jump to cjb.net is not necessarily the same as mine. For the same reason, but you can follow my thinking to find which js file is contaminated.
This article has been printed on copyright and is protected by copyright laws. It must not be reproduced without permission.If you need to reprint, please contact the author or visit the copyright to obtain the authorization. If you feel that this article is useful to you, you can click the "Sponsoring Author" below to call the author!
Reprinted Note Source: Baiyuan's Blog>>https://wangbaiyuan.cn/en/automatically-jump-breathtaking-journey-of-cjbnet-website-2.html