关于联通(网通)DNS劫持广告的屏蔽办法.

关于联通(网通)DNS劫持广告的屏蔽办法.
2010年07月27日
　　最近接到投诉,说我的网站老弹出广告,而且是死对头家的广告. 经过仔细研究,终于发现了猫腻.
　　关于dns劫持我说明一下,过程是这样的, 首先用户发送请求到你的网站服务器,网站服务器响应请求,响应结果需要返回给用户,
　　在这个时候,dns服务器就开始搞鬼了,不定期植入一些你网页代码中包含的关键字的广告,这就是为什么我页面中会弹出对家的广告的原因了.
　　因为我们做的都是相同的服务产品. 
　　下面是联通植入到我网站页面内的js代码: /* $Rev: 145 $ $Date: 2010-04-29 14:20:48 -0700 (Thu, 29 Apr 2010) $ */ (function() { try { var d = document, h = window, x, z = (navigator.userAgent.indexOf("Opera") >= 0) && parseFloat(navigator.appVersion), p = ((d.all) && (!z)) && parseFloat(navigator.appVersion.split("MSIE ")[1].split(";")[0]), A = (!p ? 1024: (d.documentMode ? d.documentMode: (d.compatMode && d.compatMode === "CSS1Compat" ? p: (d.compatMode && d.compatMode !== "CSS1Compat" ? 5: p)))), t = 300, k = 2147483647, g = "", l = '', s = "html{color:#000;}body,div,h1,h2,h3,h4 ,h5,h6,p{margin:0;padding:0;}img{border:0;}em,stron g,var{font-style:normal;font-weight:normal;}h1,h2,h 3,h4,h5,h6{font-size:100%;font-weight:normal;}sup{v ertical-align:text-top;}sub{vertical-align:text-bot tom;}body{font:13px/1.231 arial,helvetica,clean,sans-serif;*font-size:small; *font:x-small;}"; if (!Array.prototype.indexOf) { Array.prototype.indexOf = function(D, C) { C = C || 0; var e = this.length, B; if (C document.domain) { D.src = E.protocol + "//" + E.host } function B() { if (B.gone) { return } B.gone = true; clearInterval(e); D.onload = null; D.onreadystatechange = null; C(D.contentWindow) } for (H in I) { if (I.hasOwnProperty(H)) { D.setAttribute(H, I[H]) } } if (A === 7 && I.height === "100%") { F.attachEvent("onresize", function() { D.style.height = F.offsetHeight + "px" }) } if (C) { D.onload = B; D.onreadystatechange = function() { if (D.readyState === "complete") { B() } }; if (!p) { e = setInterval(function() { if (D.contentWindow) { B() } }, 200) } } F.appendChild(D); return D } function r() { if (r.settings) { return r.settings } var D = "/floating-frame.", e = d.getElementsByTagName("script"), C, B; for (C = 0; C  B.fp.stopTime || !B.fp.sendAccounting) { return null } for (e = 0; e  6) { L = B.style; L.position = "relative"; L.zIndex = k - 1; while (L.zIndex != k - 1 && G > 0) { k = Math.pow(2, --G) - 1; L.zIndex = k - 1 } L.position = "static" } H = ["nw", "sw", "se", "ne"]; for (G = 0; G  6) { O.push("padding-" + D.close_align + ":" + N + "px") } else { if (D.top_align === "left") { O.push("left:" + (N + D.top_offset_left) + "px") } } } if (A = 6 ? d.documentElement: d.body, O, H, B, K, G, I = this; this.place = function() { E.style.top = J + (e ? L.clientHeight: 0) + L.scrollTop; if (P) { E.style.left = L.clientWidth / 2 + D } else { E.style.left = D + (N ? L.clientWidth: 0) + L.scrollLeft } if (F) { E.style.height = L.clientHeight + "px" } }; this.addListeners = function() { attachEvent("onscroll", this.place); attachEvent("onresize", O) }; this.removeListeners = function() { detachEvent("onscroll", this.place); detachEvent("onresize", O) }; this.init = function() { E.style.position = "absolute"; if (C.outer_width === -100) { M = M.charAt(0) + "w"; B = []; B.push(E); B.push(0); B.push(E.firstChild.contentWindow.document.getElem entsByTagName("iframe")[0]); B.push(C.border_left_width + C.border_right_width); K = E.firstChild.contentWindow.document.getElementsByT agName("div"); for (G = 0; G  K ? 1: (O - B) / F, N; for (H = 0; H  K) { clearInterval(C); D() } }, 13); return C } function n() { var e = r(); if (!e || !e.sprite_img) { return } n.ran = true; n.loaded = false; n.onload = null; if (!n.sprite) { n.sprite = new Image(); n.sprite.onload = function() { n.loaded = true; if (typeof n.onload === "function") { n.onload() } }; n.sprite.src = e.sprite_img } if (!e.delay_duration || e.delay_duration  6) { M.position = "fixed"; if (G.outer_height === -100) { M.top = M.bottom = G.vertical_offset + "px" } else { if (N.charAt(0) === "c") { M.top = "50%"; M.marginTop = ( - 1 * Math.floor(G.outer_height / 2)) + "px" } else { M[N.charAt(0) === "n" ? "top": "bottom"] = G.vertical_offset + "px" } } if (G.outer_width === -100) { M.right = M.left = G.horizontal_offset + "px" } else { if (N.charAt(1) === "c") { M.left = "50%"; M.marginLeft = ( - 1 * Math.floor(G.outer_width / 2)) + "px" } else { M[N.charAt(1) === "e" ? "right": "left"] = G.horizontal_offset + "px" } } } else { G.fixIE = L = new o(I, G); L.init(); L.addListeners() } for (B in M) { if (M.hasOwnProperty(B)) { I.style[B] = M[B] } } if (L) { L.place() } if (G.visible_duration > 0) { E = function() { setTimeout(function() { u(I, G) }, G.visible_duration * 1000) } } if (G.animate_in_duration || G.animate_out_duration) { D = I.firstChild; D.style.position = "relative"; for (K = 0; K  F.fp.stopTime) { return } clearTimeout(e); if (!F.content_url && F.message_html) { H.document.write(g + l + F.message_html); H.document.close() } F.fp.accounting = F.fp.sendAccounting(1); q(B, F) } function E(K) { if (c() > F.fp.stopTime) { return } var J, N, I, M, H; try { M = K.document } catch(L) { return } M.write(g + "" + l + s + "html,body{margin:0;padding:0}"); M.close(); if (parseInt(p, 10) === 6) { try { M.execCommand("BackgroundImageCache", false, true) } catch(L) {} } N = m("div", M.body, null, { id: "fpid" }, M); H = m("div", N, null, { id: "iwrap" }, M); I = y(F, N, function() { u(B, F) }, M); j(I.join(""), M); C = { frameBorder: "0", scrolling: (F.allow_content_scroll ? "auto": "no") }; if (p && F.allow_content_transparency) { C.allowTransparency = !!F.allow_content_transparency } if (F.content_url) { C.src = F.content_url } C.height = "100%"; J = a(H, C, G, M); if (!F.allow_content_transparency) { J.style.backgroundColor = "#fff" } e = setTimeout(function() { try { J.src = "about:blank" } catch(O) {} try { H.removeChild(J) } catch(O) {} }, F.fp.stopTime - c()) } if (!n.ran) { n() } if (F === null || c() > F.fp.stopTime) { return } B = m("div", d.body, null, { style: "display:none" }); B.style.display = "none"; C = { scrolling: "no", width: F.outer_width === -100 ? "100%": F.outer_width, height: F.outer_height === -100 ? "100%": F.outer_height, frameBorder: 0, id: f() }; if (p) { C.allowTransparency = !F.opaque_outer_frame } j("@media print{#" + C.id + "{display:none}}"); D = a(B, C, E, d) }) } catch(w) {} })(); 内容是以上这些,得到的原始代码是压缩代码.现在大家看到的是解压以后的可以直观展现出来的代码.
　　其实上面这段代码不是直接植入网站页面的.
　　而是在你网页的head标签中植入一条js引用:  .js?fp681  这个就是广告了, 根据后面的fp数字不同 得到的似乎是不同的广告.
　　反正我这里几次截取的.js?后面的内容都不一样.
　　下面说一下问题的解决过程:
　　一开始 想着 干掉js生成的iframe 但是后来考虑,要从根源抓起.
　　于是 动手解决head标签中植入的js引用.
　　发现一个重复点: 广告的域名根为 clicklifter.com
　　于是写了下面的方法, 放到了页面body标签的最后.   -1) { sub = sub.substring(index + text.length, sub.length - 1); count++; index = sub.indexOf(text); } } catch (e) { } if (count > 1) window.location.reload(); // --> 经过测试 ok 轻松解决. 但是唯一的遗憾就是 偶尔访问页面的时候被植入广告了 页面会重新刷新一遍.
　　虽然能解决广告弹出 但是还是不够"优雅"
　　js代码的前2行是为了跳出iframe(防止别人使用iframe把你的页面嵌入进去)
　　剩下的就是判断页面中clicklifter.com的数量, 除了自己原始代码中有一个以外,如果dns服务器植入js的话就会超过1个.
　　所以在下面判断 如果统计超过了1个 就刷新本页面.
　　好了,说完了. 希望大家遇到同样问题了可以借鉴一下此方法. 还是比较有效的.
　　如果哪位大侠能有更好办法, 请分享一下.