pop:之前武汉的电信也出现过类似的广告,应该是利用DNS在控制,这次又有区别。
弹出页面地址:
http://welcome.gd.vnet.cn/ztts/090715/?p=1247273785|73747868|293|696|416|0¶m=ABioyajZGekprChZeMncrHx8fPxs+/zsnM0Zib2Y+Qk5achpabwsjHzNmKjJqNkZ6Sms3ChZeMncrHx8fPxs+/zsnM0Zib2ZyWi4aWm8LP2YyQio2cmoqNk8KIiIjRh5aekJGaltGckJLQ
弹出页面源码:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script language="javascript" src="http://59.37.54.194:8080/clicktotal/ClickTotal.js" type="text/javascript"></script>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>宽带用户登录中游热血三国即送游戏点卡</title>
<style type="text/css">
<!--
body {
margin-left: 0px;
margin-top: 0px;
margin-right: 0px;
margin-bottom: 0px;
}
-->
</style>
</head>
<body style="margin:0px; padding:0px; border:0px; " scroll="no">
<SCRIPT type=text/javascript>
var gaJsHost = (("https:" == document.location.protocol) ?
"https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost +
"google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</SCRIPT>
<script type="text/javascript">
try {
var pageTracker = _gat._getTracker("UA-6372384-1");
pageTracker._trackPageview();
} catch(err) {}</script>
<div align="center"><a href="http://sg.chinagames.net/20090709/index.html" onclick="javascript:pageTracker._trackPageview('/进入游戏/');" target="_blank"><img src="game.jpg" width="350" height="250" border="0"></a></div>
</body>
</html>
分析:
简单的来说只有广告代码;应该不是利用DNS,可能是骨干路由器上面在搞鬼。
通过google-analytics.com这里可以看到用了google的分析统计
http://59.37.54.194:8080/clicktotal/ClickTotal.js 貌似也是统计点击的
http://59.37.54.194:8080/ 这个站点居然是可以列目录文件的。
ClickTotal.js 源码:
if (document.all){
window.attachEvent('onload',RegEvents)
}
else{
window.addEventListener('load',RegEvents,false);
}
function RegEvents()
{
document.onclick=function(ev)
{
ev = ev || window.event;
var target = ev.target || ev.srcElement;
if (target.tagName.toLowerCase() == "img" ){
if ( target.parentNode.tagName.toLowerCase() == "a" ){
return LinkClickEvent();
}
}
else{
if(target.tagName.toLowerCase() == "a" || target.tagName.toLowerCase() == "input" )
{
//只有超链接和按钮才激发该事件
return LinkClickEvent();
}
}
}
//注册iframe
CreatFrame();
}
function LinkClickEvent(){
var URL = "http://59.37.54.194:8080/clicktotal/PushClickSubmit.aspx";//统计点击率的页面
var iframe = window.clickiframe;
iframe.location= URL+window.location.search;
return true;
}
function CreatFrame(){
var iframe = document.createElement('iframe');
iframe.src="about:blank";
iframe.id="clickiframe";
iframe.name="clickiframe";
iframe.width = 0;
iframe.height=0;
iframe.frameBorder=0;
document.body.appendChild(iframe);
}
解决办法:
只有联系电信自己来解决了,至于换DNS什么的好像不奏效,因为的DNS是OPENDNS的208.67.222.222/208.67.220.220,是不会存在广东电信的劫持的
更多相关技术分析,请借鉴
http://inluck.net/weblog/view.aspx?filename=20090425_1718.xml