What is traffic hijacking in paid promotion? Why are landing pages hacked?

My friend Lao Wang complained to me this morning, saying that he spent tens of thousands of dollars on promotion yesterday, but didn’t get a single consultation. After checking, he was shocked to find that his website had been hijacked! When I clicked on the promotion link, I saw the page of another company...

In fact, I have encountered this problem before, but I solved it because I have good skills.

Why was I kidnapped?

Why was my service hijacked?

Why was my server hacked?

Why was it my webpage that was hijacked instead of me?

…………………………………………

The reason is simple! Safety is not in place!

Let’s first popularize what traffic hijacking is?

Check if your computer's DNS has been tampered with

In fact, many people open web page A and suddenly find that they are redirected to page B. Maybe you think that the website has been hijacked, but in many cases, it is your computer software that has been hijacked!

It is possible that when you clicked the browser, some pop-up functions of the software jumped to other pages!

At this time, you need to check your computer. The specific steps are as follows:

1. Antivirus software

2. Check if DNS has been tampered with

These two simple steps can basically help solve the problem of being hijacked (except for the problem of being hacked)

Let’s talk about Lao Wang’s information flow ads again:

Company A uses a website built by itself to deliver information flow. The advantage of this is that it can more conveniently collect visitor data from the information flow and generate statistics in more dimensions!

However, when using self-built web services, server security issues are likely to occur!

Generally, when information flow ads are hijacked, the following situations may occur:

Open the page and jump directly to someone else's website without any pause!

Open the page, pause, and then jump to someone else's website!

You can see the bold font, the difference is here, we can basically judge where the problem lies from this difference, let's see the analysis below:

1. No Pause

There is no pause. Usually, the page is not loaded at all when it is opened, and it jumps directly from the advertising link to someone else's page!

There are two solutions to this problem:

1. Check the server's domain name resolution address and whether the current server has set a jump;

1) First, check whether the IP bound to the domain name is correct, and then check whether the following suffix files appear in the server root directory;

Three server configuration files (.htaccess / Web.config / .conf)

2) Open the text editor and check whether the domain name in it is consistent with the current domain name

2. Go to the domain name service provider and check whether the domain name resolution is correct.

The domain name service provider manages the DNS configuration of the domain name, as well as the resolution address (usually the server address). If CDN is used, CDN hijacking may occur (which will be discussed in a later article).

2. Pause

This shows that clicking on the information flow advertisement passes through the server and parses the content of the page before jumping out. So the problem lies on the web page!

The solution to this problem is very direct. Find the page corresponding to the link and check the code:

Find the corresponding page where the advertising link is placed, log in to the FTP/server, and check the source code of the current page.

The jump code is shown below:

Or the following picture:

If you see similar code or code that you have never seen before, it is recommended to back it up and then delete it.

Is the problem solved? (It’s ok, it’s not solved, I have a backup anyway, try again!)

Before modifying, remember to back up

Some people may say that my page is dynamic, a pseudo-static page generated by the server, and I cannot find the existence of this file (.php / .asp /.aspx / .jsp)

Don't panic when you encounter a dynamic page. We can modify the page generated by the dynamic program directly in the program. For example:

Dark circles program, standard program generation page, program page file is (demo_index.asp)

We need to find this file in the root directory, then right-click to edit, check the code in the same way, whether we have found several jump codes in the above files, and then clear them!

Finally, to solve the problem of page injection code, we should do the following:

1. Change FTP password;

2. Modify the server password account/login port;

3. Check for program vulnerabilities (you can ask for technical support for purchased software, but you need to solve them yourself if you develop your own software!);

4. Modify the website's backend account password;

5. When delivering information flow, remember to use static pages! Once again, we need a pseudo-static page! Never use dynamic pages directly as landing pages . If you encounter large traffic, the dynamic page may crash directly.

My friend A's company has solved the problem of his information flow being hijacked, and the flow has returned to normal. I hope this article can popularize this information to Aidou, so that when encountering such a situation in the future, he can follow our method and avoid blind adjustments.

This article was compiled and published by @信息流操作(Qinggua Media). Please indicate the author information and source when reprinting!

Product promotion services: APP promotion services, information flow advertising, advertising platform