The frequency of occurrence is about 1%.
These are not in the source code of the website. I don’t know if there is a virus on the server or if there is a problem with the imported js file.
I would like to ask you why this situation occurs and possible solutions. Thank you all.
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
If there is a problem with js, search for ads in the js source code
域名或ipThe chance of server poisoning is generally low, you can leave it until the end
DNS hijacking, this is the most disgusting and the most frequent. No solution has been found except upgrading HTTPS
Operator hijacking, common in certain country’s telecommunications, call to complain;
Router hijacking, please try again in a different network environment;
Server or DNS hijacking, agree to upgrade HTTPS upstairs;
There are two possibilities: 1. Your server’s DNS has been hijacked (including the URL of the js code you introduced may carry advertisements); 2. Your server has been poisoned.
The content has been tampered with.
Confirm whether the source code on the server has been modified, or whether it has been tampered with during network transmission.
If it was modified during transmission, then try to use detection tools (17ce, webmaster tools, etc.) to see which regions/operators requested content that has been tampered with. You can try to contact your local operator to complain.
I saw a lot of people talking about "DNS hijacking". Are DNS hijacking and HTTP session hijacking (content tampering) confused?
DNS hijacking is a problem when the DNS server resolves the domain name (DNS returns a fake IP, and then the browser sends a request to the fake IP server). DNS resolution does not distinguish between HTTP/HTTPS;
HTTP session hijacking refers to tampering with the content during the transmission process, or forging a copy of the content and returning it to the requester without waiting for the origin server to respond (it will be discarded when the real origin server response content arrives);
There is another possibility that the content on the source server has been tampered with, and it is not a problem during the transmission process.
(However, the question says that it occurs with probability, so it should be a problem during the transmission process)
You used a third-party plug-in script with ads embedded in it. Just delete it after you find it
Check if you have ever used svg? Just remove the advertising links inside.
DNS Hijacking You really have no choice, upgrade to HTTPS quickly!
Open your website and press F12 to open the developer tools.
Switch to the tab as shown below
Then refresh your page, first select the tab to all, then switch to js after loading is complete, see which js is redundant, and then remove it.
Since it is your own website, then upgrade to https, it is very simple.
Let’s Encrypt has long provided free SSL certificates for everyone to use, and the certificates it issues have been recognized by major browsers (Chrome, Firefox, Safari). The certificate it issues is valid for 90 days, and you need to renew it every 90 days. Updating is also easy, just execute a single command.
Let’s Encrypt official website: https://letsencrypt.org/
I wrote a tutorial on configuring Let’s Encrypt with Nginx on CentOS 7. The address is https://www.obneer.com/secure...
dns hijacking can basically be solved with https