作者huangsw (Orz)
看板HOT_Game
標題Re: [兵器] orz 想當炮灰的可以試試
時間Sun Jun 24 13:00:36 2007
43
事實上我發現他不只對C^3做動
針對其他IE開啟的畫面也有可能會做GET
例如 阿髮妻努力吃碗糕的同時
想看點有名大站的相簿 或是啞虎智障家
這樣對這隻程式來說 他也會去抓網頁的東西
至少我的LOG檔有看到除了C^3網站外的LOG
我的狀況是 只有開啟 並不是正在觀看
但是卻出現LOG檔 所以做了以上推論
------------------------------------------
log檔有4-17.txt 其中1-3蒸發 或是根本沒出現
4-10是我剛剛上面說的 11開始就是C^3網站的Click
以下是log 11.txt 開始
------------------------------------------
GET
http://www.clickclickclick.com/clickinfo.asp?j=405668&s=&n=866 HTTP/1.0
這行是去跟C^3的資料庫要資料 準備出認證圖
Accept: */*
Accept-Language: zh-tw
Referer:
http://www.clickclickclick.com/default.asp?v=zofe
最後四個字是會改變的 應該是每次改變
Proxy-Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR
1.1.4322; .NET CLR 1.0.3705; .NET CLR 2.0.50727)
Host: www.clickclickclick.com
Cookie:
dta=gm%3D6%2Cmcg%3D119263%2Cmc3%3D120328%2Cntd%3D43200%2Ctdy%3D2007_5_24%2Cid%3D405668%2Ccs%3DTaiwan%2Ccl%3D*%2Cnbst%3D43200%2Cdbst%3D2007_5_24%2Ccc%3Dtw;
ASPSESSIONIDSADBCSCR=HGHIJDOCKEGLFCJGEGJIGLEG;
ASPSESSIONIDQABDCTDQ=EOMLKBPCJBIGAHJKPIPNFIPK
到這邊都算正常 可是以下.....
= = = = = = = = = = = = = = = = = = = =
HTTP/1.1 302 Object moved
似乎被發現了 所以被終止 不確定是否為標頭不合法?
Connection: close
結束連線
Date: Sun, 24 Jun 2007 03:49:43 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location:
http://www.clickclickclick3.com
被BAN了 已經被導往C^33網站
Content-Length: 152
Content-Type: text/html
Expires: Sun, 17 Jun 2007 05:09:43 GMT
Cache-control: private
<head><title>Object moved</title></head><body><h1>Object Moved</h1>This
object may be found <a
HREF="
http://www.clickclickclick3.com">here</a>.</body>
以上是log 11.txt
================================================================
以下是log 12.txt
GET
http://www.clickclickclick3.com/ HTTP/1.0
Accept: */*
Accept-Language: zh-tw
Referer:
http://www.clickclickclick.com/default.asp?v=zofe
Proxy-Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR
1.1.4322; .NET CLR 1.0.3705; .NET CLR 2.0.50727)
Host: www.clickclickclick3.com
= = = = = = = = = = = = = = = = = = = =
HTTP/1.1 503 Service Unavailable
Content-Type: text/html
Date: Sun, 24 Jun 2007 03:51:51 GMT
Connection: close
Content-Length: 28
<h1>Service Unavailable</h1>
===============================================================
所以log 11.txt的動作中 不知道包含了什麼樣的資訊
馬上被機器ban掉 所以當瀏覽器再度造訪C^3
會直接被導往C^33 出現令人熟悉的Service Unavailable
--
以上是小弟不專業分析.....我不是念資訊的 囧
--
;
※D 發信站: 批踢踢實業坊(ptt.cc)
◆ From: 203.73.207.93
1F:推 wahaha99:你的clkcnt數值多少?(預設?) 還有不要按送出喔 orz 06/24 13:05
2F:推 huangsw:W大 我是剛剛被BAN的LOG拿出來解析 所以是CPS=15的時候 06/24 13:06
3F:→ huangsw:第一篇我有推馬上被ban 後來還是想想把log貼出來給您看 06/24 13:07
4F:推 LPH66:被ban的幾乎都是這樣吧...不給過的就丟個302轉過去 06/24 13:07
5F:推 huangsw:可是我是掛proxy第一次造訪 馬上被ban 06/24 13:12
6F:→ huangsw:我自己的推測是 應該少送了某些封包 所以伺服器判定BAN 06/24 13:12
7F:→ sadle:v=zofe 是你輸入的驗證碼 06/24 13:13
8F:→ wahaha99:我研究的結果是只有Click send out時會ban 06/24 13:17
9F:→ wahaha99:所以坦白說我不知道你發生了什麼事 囧 06/24 13:18
10F:推 huangsw:其實我沒打字耶 還是抓到了阿髮妻或是碗糕的資料? 06/24 13:21
11F:→ wahaha99:那能夠把log10貼上來嘛? 06/24 13:24
==========================================================
補上Log10.txt 可是對象是雅虎 提供參考
GET
http://row.bc.yahoo.com/b?P=A7YLYcorwzSD0XVtRjEymRtZy0nPrkZ96Y8ACzMv&T=13v1tpmu5%2fX%3d1182656911%2fE%3d152963594%2fR%3dtw_khomep%2fK%3d5%2fV%3d1.1%2fW%3dJR%2fY%3dKIMO%2fF%3d1650237640%2fS%3d1%2fJ%3d68C32BCA&U=139sfo8uc%2fN%3dy6HVF8orxIE-%2fC%3d584217.10445487.11468893.8436669%2fD%3dWT%2fB%3d4659225&U=1393a6a48%2fN%3dqqHVF8orxIE-%2fC%3d583713.10883120.11474091.8434401%2fD%3dEU%2fB%3d4653449&U=128olea4k%2fN%3dvqHVF8orxIE-%2fC%3d-1%2fD%3dCRZY%2fB%3d-1&U=127cjv3ob%2fN%3dvaHVF8orxIE-%2fC%3d-1%2fD%3dKFE%2fB%3d
-1&Q=3&O=0.7823013664976592
HTTP/1.0
Accept: */*
Referer:
http://tw.yahoo.com/
Accept-Language: zh-tw
Proxy-Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR
1.1.4322; .NET CLR 1.0.3705; .NET CLR 2.0.50727)
Host: row.bc.yahoo.com
Cookie: B=87kbldl332ckp&b=3&s=8t; Q=q1=AACAAAAAAAAAAA--&q2=RnpWOg--;
_KS_B_T_=d=Rn_EY6PYOj.2KhSCOvlkjF8nIWOzhfNYW74VDuNXhPXujCWWBvZk3x9Mg6hqm___AQliQoRXc5DDQeRCIlDZxXdio5ks6P_6sWcw2fuqPrJwhayUdesxfoZXy7BXGF5AIet8_H32u_80w80gH7hmaIMGyYl6RFEwwoIBaZDNirUgFjeO6UaD6mu6QowwGPG1aCIUZsf0txSf7aoejzFb1jVZQVJ1vH8KpsAoYbobK6HxJPgcKyw.za78D2DKhODeK6izIFhqr2HH.k93.nW_ddY3I8KjizxLou.mgc1752Ed6RRPC8h2LvHdlR1xFrnNwehV6plM90bDrzxhu4utMwQxOPpsKaJIPBqKg.hi50LhaISadJ_iRBrEAIcDSOyFFDE281xao4Etk4Iue8mBnucHIzhJ&v=1;
_KS_D_T_=d=5Z7AeVPYOj937mxKLZGO7GmIIsaw6U6PBesA.no6o98_gATqFc4FLLw.s9Rr.Y.EvDiM0R07kMsCc7w1VSlwItadsg--&v=1;
F=a=rXql0QIMvT4f892KGq0sFMxuRdKO5WMoVcYNMM7lzXO7pi1w5_Dpcz72N5byDy4goB4cnZbYTUJIjDeTiyZKi6EYew--&b=M4GD;
I=ir=hs&in=148e2e24&i1=AAAjAAAEAQBEBODdDfDhDkDqDsDtDxJdKNMiMwP8QAQBRdnSnfoypEpMpiplpvpwpxp1rB2W3TCqAC5t7v;
C=mg=1;
PA=p0=B5VBlY6Vl5UWlHeXdpcGkQ--&p1=8JCAyw--&e=.IqfGB&p3=AGTnLtLat1OUZeMu0mXnAADat1OUdeYu0mbnAAAaCFKUFeUu0mfnAAAaCFKUIucu0mDnAAAZCFKU7ecu0mXnAAAZCFKU9Ocu0mbnAABoM1KUFOUu0mDnAABEHFSUmOQu0mfnAADFYVSUNe0u0mXnAADFYVSU_eUu0mXnAADFYVSUD.Uu0mXnAADFYVSUnuYu0mXnAADFYVSUUOYu0mXnAADFYVSUOeUu0mXnAAA-
= = = = = = = = = = = = = = = = = = = =
HTTP/1.0 200 OK
Date: Sun, 24 Jun 2007 03:48:57 GMT
P3P: policyref="
http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM
DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY
ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Cache-Control: no-cache
Connection: close
Content-Type: image/gif
, ? ??? !?GIF89a
※ 編輯: huangsw 來自: 203.73.207.93 (06/24 13:42)