@TOC
What is traffic hijacking?
The specific performance of network hijacking:
1, open a normal website, the computer will pop up some small ads in the lower right corner.
There are two common types of traffic hijacking:
1. DNS hijacking
DNS hijacking is both malicious and benign.
(1) Malicious DNS hijacking DNS domain name resolution before xiao Nuo to the parents shared, this process is the parents usually input good to remember the url translated into an IP address process.
So DNS malicious hijacking, in fact, is in the process of DNS translation through all technical means to disrupt the pro’s computer, so that DNS translation into another string of numbers, so that the pro on the big bad want to pro on the web page.
For example, if the big bad hijack their online banking website, when the parents log in online banking, the result is hijacked to a fake website made by the big bad, the parents unconsciously input the account password, the password is entered into the big bad’s website, super wealth afraid ~~ (╰_╯)
(Of course, with the popularity of HTTPS and the increasing security awareness of banks, such situations will be rare.)
When it comes to goodwill DNS hijacking, we have to say the most representative technology, CDN
The CDN, or Content Delivery Network, takes over requests made by parents and distributes them to the smoothest caching servers that cache data from the websites they want to visit. Your browser will preferentially download this data from the cache server, if
At this time no dear friends in the cache server to access the site data, it will ask the parent layer, until the return to the origin server access, wait for dear friends the next time you visit this site, dear friends can directly access the data in the cache server, because the data from the source server cache server in the hands of the way to the dear friends, it can also save yourself
A.
CDN service itself does not provide DNS resolution function, but it relies on DNS resolution. Xiao Nuo here regards CDN as taking over the request of his relatives as a kind of goodwill DNS “hijacking”.
(CDN goodwill hijacking purpose: when the relatives in the Internet, due to geographical reasons or other reasons, it is inevitable to encounter some unstable, slow access to the server, CDN can let the relatives more quickly browse the content of the Internet oh)
2. Data hijacking (or HTTP hijacking)
HTTP hijacking occurs when data from a web site’s server is hijacked and tampered with halfway to its parent’s browser, typically on sites that transmit data over HTTP because it is sent in clear text.
If your computer is infected with malware (or from a bad carrier), the malware may “feed” the pages displayed on your browser by displaying pop-up ads or floating ads on the websites your partner is visiting.
So, with the rapid development of network information technology and the gradual improvement of security prevention technology, traffic hijacking will gradually disappear. For example, HTTPS can be popularized to encrypt data transmission and prevent data hijacking. The number of good public DNS servers available, for example, is growing, preventing bad carriers from hijacking your data.
How do I detect hijacking? Use IIS7 website monitoring, enter the monitoring page, input the domain name of the website you need to detect, click “Submit detection”, we can see “detection times”, “return code”, “finally opened website”, “open time”, “website IP”, “detection place”, “website title” and other monitoring content. You can keep your website safe all the time.
Supplement:
What are the types of cyber hijackings?
1. Traffic hijacking
1.1 Whole station Jump
This kind of hijacking is direct and easy to detect. Usually the hijacker will load JS into the page or embed code in the web server to achieve global hijacking, but generally they will only hijack traffic from the search engine to prevent the webmaster from noticing and immediately repair.
Repair & Prevention:
1.1.1 It is recommended to install third-party protection software and periodically check source code changes.
1.1.2 Pay attention to server logs and troubleshoot abnormal logins.
1.1.3 Changing IP Address Search in other areas click to view.
1.2 Keyword Jump
This type of hijacking is more subtle and only jumps to a few key points individually. This is the first type of upgrade and requires the site to check periodically.
1.3 Frame Hijacking
This way is more common, directly in the site load in the source code to increase JS, hide the original page body, show some unknown advertising or page content, most of the same restricted source for the search engine trigger.
1.4 Snapshot Hijacking
Snapshot hijacking is the way, search engines to capture your pages with specific keywords to replace the page, using the site itself to capture the advantages of building libraries to achieve undetected ranking.
Repair & Prevention:
This kind of way need webmaster to pay more attention to you in Baidu page included and show.
1.5 the DNS hijacking
DNS hijacking this technology is currently a way to the top, contactless control at any time, operators in hijack your site directly jump to some XXX site, now updated version can also be used in certain areas such as a particular user, the user portrait users hijack screening method, in addition this kind of advertising displays more random smaller, General stationmaster unless the user complains otherwise very difficult to detect, even if the detection of evidence to report more difficult.
Repair & Prevention:
1.5.1 Forensics is very important, time, location, IP, dial-up account, screen shot, URL address must be available.
1.5.2 Complaints and feedbacks can be made with telecom operators in the hijacking area.
1.5.3 If the complaint feedback is invalid, go directly to the Ministry of Industry and Information Technology to complain, generally speaking, your domain name will be added white.
1.6 Third-party plug-in hijacking
Recent beacon algorithm part of the reason is because some advertising alliance through the site JS hijacked Baidu search, hijacked baidu search results page address, this kind of alliance is very afraid, secretly do not know how many similar things, of course, there may be part of the telecom operators.
What we must pay attention to here is: advertising alliance, statistical tools.
Repair & Prevention:
1.6.1 Try to use regular manufacturers (of course, regular manufacturers also have the risk of being hacked)
1.6.2 Since we have to use it, we should pay more attention to the news.
1.6.3 If the HTTPS version is available, use the HTTPS version
2. Weight hijacking
2.1 Spider Hijacking
This kind of technique is more snapshot hijacking theoretically the same, the purpose is different, by loading some links, let the spider find more hijackers need to grab the page.
This kind of hijacker is dark. After obtaining the shell, the weight of 301 will be transferred directly, but the effect of 301 is slow, and the version will be revised through the webmaster platform. So you must bind your mobile phone mailbox regularly login platform to pay attention to the platform information. In addition, this kind of approach to the general user access is normal only when the search engine will come to grab the 301 status.
2.3 black chain
This many friends should have encountered, in the site hang a number of black chain, visible and invisible, but generally speaking, so do less and less people, nothing to scan a few eyes of their own source.
2.4 Black pages (general parsing, anti-generation)
Automatic reproduction, reverse proxy, in fact, many of the above methods are the same principle, but the form and implementation of a slightly different way.
2.5 Search Cache
This hijacking has exploded in the past few years, with many people taking advantage of the site’s search caching mechanism to churn out pages leaving contact information. I won’t go into that here.
3. AD hijacking
The purpose of this kind of hijacking is relatively simple, the site of the advertising alliance or the site of the original advertising show program to replace, to use your traffic to make his money. Also the main hijackers: operators, terrorists.
Step 4: Back off
The following situations occur when the user clicks the “Back” button after browsing a web page
(1) Can’t back, click “back”, the page does not respond, the content does not change
(2) Back to the fake page, the search results appear screen blocking phenomenon
(3) Backward to the user has not visited before the garbage, cheating and other low pages
5. Other hijacking (browser, route).
The above data refer to the network for reference only.