The company's LAN accesses all pages with <script src=//script> code added to the <script src=/></script> code.
This time, all the web pages opened by the client, so it can be ruled out that the server environment was deceived by arp. Based on the opinions of all parties online, we concluded that the local gateway or DNS was hijacked, and the fault was eliminated after repairing the local connection.
The fundamental solution is to bind the gateway mac address, the method is:
Enter arp -s Gateway IP Gateway MAC on the command line
Regarding the gateway MAC, you can use the arp command to query.
If DNS is hijacked, change the DNS server.
Two articles about js encryption and decryption, friends who want to study the above virus scripts may be able to use it
/?tid=2665835&page=1#pid2702392
/?tid=2440360
This time, all the web pages opened by the client, so it can be ruled out that the server environment was deceived by arp. Based on the opinions of all parties online, we concluded that the local gateway or DNS was hijacked, and the fault was eliminated after repairing the local connection.
The fundamental solution is to bind the gateway mac address, the method is:
Enter arp -s Gateway IP Gateway MAC on the command line
Regarding the gateway MAC, you can use the arp command to query.
If DNS is hijacked, change the DNS server.
Two articles about js encryption and decryption, friends who want to study the above virus scripts may be able to use it
/?tid=2665835&page=1#pid2702392
/?tid=2440360