Preface: yesterday received a friend commissioned, the task is to solve website meet English browser automatically jump to another web site problem.

Background: it is now in the age of Internet, hackers and commercial coexist era. Some people use intrusion technique to achieve interests problem, become network black in chains. Someone USES invasion hang horse, grasp chicken. Someone USES invasion of all, do SEO optimization. Ha ha, multifarious ah. Today into the problem and SEO optimization is concerned, take advantage of others' web site visit user teleport to a designated website. The principal's website is foreign trade English to a foreigner stood, mainly sell some goods. And jump website is counterparts. Hehe! Some see, this is a kind of seo means.

Events over, start into the topic playback.

From the analysis on "phenomenon encountered English browser automatically jump", it show is the site of the problem, queuing code domain names the hijacked possibilities. Zen Cart site USES is the first program, for this thing under elder brother statement is not familiar with oh! But analytical thinking is some, home to see next homepage any suspicious JS code. Very to judge the browser's code is JS code to fulfill.

Open the homepage from the browser, view - source files. First search under the URL redirect to the key words, 7louisvuitton. Com undiscovered results. The next only by watching code, strict attention js code. From start to finish see along while still not find suspicious code. This seemingly tricky. Then enter backstage, using search Zen Cart source under keyword. Performed, files are check 1 time still didn't find it.

Then took the FTP user password information, fencing the PHP webshell. Using document retrieval functions for website file to conduct a comprehensive keyword search, repeatedly find all have no result. It seems this thing is either existing database is new or the url. Baidu zen cart templates to use under several parts, the key still don't search, manual findings.

Then again go to web page of merchandise page looked at a, in the comments here <! Description - - - bof easiest > discovered a period of js code.

Feel some questions, immediately got out url decoder and see.

Find two code:

01. < script language = "javascript" SRC = "http://count40.51yes.com/click.aspx?id=401446169&logo=6" charset = "gb2312" > < / script > this is flux statistic

01. < script language = "JavaScript" >

02. <! --

03. Var navigator. BrowserLanguage la = toLowerCase ();.

04. If (la = = 'en - us') document. http://ii3v.com/b location ='; '

05. / / > -- -

06 > < / script.

07. This is the key, judge the browser version is en - us jump... Haha, very sharp!

Here jump urls and keyword is the same website.

Was discovered beneath code is to say, commodity should be template it. Immediately find template.