Block Reverse Proxy on LEl_FENG Bloghttps://blog.xpdbk.com/en/tags/block-reverse-proxy/Recent content in Block Reverse Proxy on LEl_FENG BlogHugo -- gohugo.ioenLEl_FENG CopyrightThu, 27 Jul 2023 10:11:14 +0700A Record of My Blog Being Reverse Proxiedhttps://blog.xpdbk.com/en/posts/web-fake-fandai/Thu, 27 Jul 2023 10:11:14 +0700https://blog.xpdbk.com/en/posts/web-fake-fandai/<img src="https://blog.xpdbk.com/en/posts/web-fake-fandai/photo_2023-07-27_21-08-20.webp" alt="Featured image of post A Record of My Blog Being Reverse Proxied" /><blockquote> <p><strong>TL;DR / Geek Summary:</strong></p> <ul> <li>Incident: Detected a domain hijacking the entire blog via Cloudflare Workers reverse proxy.</li> <li>Defensive Patch: Implemented a JavaScript domain validator in the <code>&lt;head&gt;</code> to force redirects.</li> <li>Obfuscation Hack: Used obfuscator.io to encrypt the JS logic, preventing the proxy from rewriting validation rules.</li> </ul> </blockquote> <p>Yesterday, I was checking my Google Analytics data in my free time and spotted a referral from a domain I had never seen before. Initially, I thought it was just a scraper site or someone referencing my article, so I decided to take a look. However, upon opening the page, I saw my entire blog right there (completely unmodified).</p> <p>I wouldn&rsquo;t just say the content was identical; even the page structure was exactly the same. I&rsquo;ve seen scrapers and I&rsquo;ve seen people referencing my work, but I&rsquo;ve never seen an entire site being reverse-proxied like this before&hellip;</p> <hr> <h2 id="at-first"> <a href="#at-first" class="heading-anchor" aria-label="Anchor for At First">#</a> At First </h2> <p>At first, I thought they had just scraped and downloaded the site, and I wasn&rsquo;t going to care. But later I realized they were directly reverse proxying it using Cloudflare Workers, and they had even modified the host header. Because of this, standard anti-hotlinking measures were basically useless&hellip;</p> <p>After some Googling, I found out that this kind of situation can be handled using a JavaScript script.</p> <p>In the beginning, I just used JS to verify if the window&rsquo;s domain was correct. If it wasn&rsquo;t, it would automatically redirect to the correct domain.</p> <p>The code is as follows. Please put it inside the <code>&lt;head&gt;</code> tag:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt"> 1 </span><span class="lnt"> 2 </span><span class="lnt"> 3 </span><span class="lnt"> 4 </span><span class="lnt"> 5 </span><span class="lnt"> 6 </span><span class="lnt"> 7 </span><span class="lnt"> 8 </span><span class="lnt"> 9 </span><span class="lnt">10 </span><span class="lnt">11 </span><span class="lnt">12 </span><span class="lnt">13 </span><span class="lnt">14 </span><span class="lnt">15 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-JavaScript" data-lang="JavaScript"><span class="line"><span class="cl"><span class="kr">const</span> <span class="nx">validDomains</span> <span class="o">=</span><span class="p">[</span> </span></span><span class="line"><span class="cl"> <span class="s1">&#39;blog.xpdbk.com&#39;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="s1">&#39;vlblog.xpdbk.com&#39;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="s1">&#39;lelfeng.netlify.app&#39;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="s1">&#39;cfblog.xpdbk.com&#39;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"><span class="s1">&#39;1x000.github.io&#39;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="s1">&#39;adaewfd321fg3.cachefly.net&#39;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="s1">&#39;127.0.0.1:1313&#39;</span><span class="p">,</span> </span></span><span class="line"><span class="cl"> <span class="s1">&#39;localhost:1313&#39;</span> </span></span><span class="line"><span class="cl"><span class="p">]</span> </span></span><span class="line"><span class="cl"><span class="k">try</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="k">if</span> <span class="p">(</span><span class="nx">validDomains</span><span class="p">.</span><span class="nx">indexOf</span><span class="p">(</span><span class="nb">document</span><span class="p">.</span><span class="nx">location</span><span class="p">.</span><span class="nx">hostname</span> <span class="o">+</span><span class="s1">&#39;:&#39;</span><span class="o">+</span> <span class="nb">document</span><span class="p">.</span><span class="nx">location</span><span class="p">.</span><span class="nx">port</span><span class="p">)</span> <span class="o">===</span> <span class="o">-</span><span class="mi">1</span><span class="p">)</span> <span class="p">{</span> </span></span><span class="line"><span class="cl"> <span class="nb">window</span><span class="p">.</span><span class="nx">location</span><span class="p">.</span><span class="nx">href</span> <span class="o">=</span> <span class="s1">&#39;http://blog.xpdbk.com&#39;</span><span class="p">;</span> </span></span><span class="line"><span class="cl"> <span class="p">}</span> </span></span><span class="line"><span class="cl"><span class="p">}</span> <span class="k">catch</span><span class="p">(</span><span class="nx">e</span><span class="p">)</span> <span class="p">{}</span> </span></span></code></pre></td></tr></table> </div> </div><p>However, this guy didn&rsquo;t play by the rules. Through the reverse proxy, he replaced all the domains in the files with his own domain, which resulted in an infinite loop.</p> <p>Later, I used <a class="link" href="https://obfuscator.io/" target="_blank" rel="noopener" >https://obfuscator.io/</a> <span style="white-space: nowrap;"><svg width=".7em" height=".7em" viewBox="0 0 21 21" xmlns="http://www.w3.org/2000/svg"> <path d="m13 3l3.293 3.293l-7 7l1.414 1.414l7-7L21 11V3z" fill="currentColor" /> <path d="M19 19H5V5h7l-2-2H5c-1.103 0-2 .897-2 2v14c0 1.103.897 2 2 2h14c1.103 0 2-.897 2-2v-5l-2-2v7z" fill="currentColor"> </svg></span> to obfuscate the JS code. This successfully prevented the domains from being modified and replaced.</p> <p>The obfuscated sample code is as follows:</p> <div class="highlight"><div class="chroma"> <table class="lntable"><tr><td class="lntd"> <pre tabindex="0" class="chroma"><code><span class="lnt">1 </span></code></pre></td> <td class="lntd"> <pre tabindex="0" class="chroma"><code class="language-JavaScript" data-lang="JavaScript"><span class="line"><span class="cl"><span class="kr">const</span> <span class="nx">_0x43eb42</span><span class="o">=</span><span class="nx">_0x27a7</span><span class="p">;(</span><span class="kd">function</span><span class="p">(</span><span class="nx">_0xafca11</span><span class="p">,</span><span class="nx">_0x40b2b8</span><span class="p">){</span><span class="kr">const</span> <span class="nx">_0x35c55e</span><span class="o">=</span><span class="nx">_0x27a7</span><span class="p">,</span><span class="nx">_0x15b338</span><span class="o">=</span><span class="nx">_0xafca11</span><span class="p">();</span><span class="k">while</span><span class="p">(</span><span class="o">!!</span><span class="p">[]){</span><span class="k">try</span><span class="p">{</span><span class="kr">const</span> <span class="nx">_0x517e5b</span><span class="o">=</span><span class="nb">parseInt</span><span class="p">(</span><span class="nx">_0x35c55e</span><span class="p">(</span><span class="mh">0x188</span><span class="p">))</span><span class="o">/</span><span class="mh">0x1</span><span class="o">*</span><span class="p">(</span><span class="nb">parseInt</span><span class="p">(</span><span class="nx">_0x35c55e</span><span class="p">(</span><span class="mh">0x196</span><span class="p">))</span><span class="o">/</span><span class="mh">0x2</span><span class="p">)</span><span class="o">+-</span><span class="nb">parseInt</span><span class="p">(</span><span class="nx">_0x35c55e</span><span class="p">(</span><span class="mh">0x189</span><span class="p">))</span><span class="o">/</span><span class="mh">0x3</span><span class="o">+-</span><span class="nb">parseInt</span><span class="p">(</span><span class="nx">_0x35c55e</span><span class="p">(</span><span class="mh">0x18c</span><span class="p">))</span><span class="o">/</span><span class="mh">0x4</span><span class="o">+</span><span class="nb">parseInt</span><span class="p">(</span><span class="nx">_0x35c55e</span><span class="p">(</span><span class="mh">0x194</span><span class="p">))</span><span class="o">/</span><span class="mh">0x5</span><span class="o">+</span><span class="nb">parseInt</span><span class="p">(</span><span class="nx">_0x35c55e</span><span class="p">(</span><span class="mh">0x1a6</span><span class="p">))</span><span class="o">/</span><span class="mh">0x6</span><span class="o">+-</span><span class="nb">parseInt</span><span class="p">(</span><span class="nx">_0x35c55e</span><span class="p">(</span><span class="mh">0x19c</span><span class="p">))</span><span class="o">/</span><span class="mh">0x7</span><span class="o">*</span><span class="p">(</span><span class="nb">parseInt</span><span class="p">(</span><span class="nx">_0x35c55e</span><span class="p">(</span><span class="mh">0x1a3</span><span class="p">))</span><span class="o">/</span><span class="mh">0x8</span><span class="p">)</span><span class="o">+-</span><span class="nb">parseInt</span><span class="p">(</span><span class="nx">_0x35c55e</span><span class="p">(</span><span class="mh">0x19a</span><span class="p">))</span><span class="o">/</span><span class="mh">0x9</span><span class="o">*</span><span class="p">(</span><span class="o">-</span><span class="nb">parseInt</span><span class="p">(</span><span class="nx">_0x35c55e</span><span class="p">(</span><span class="mh">0x19d</span><span class="p">))</span><span class="o">/</span><span class="mh">0xa</span><span class="p">);</span><span class="k">if</span><span class="p">(</span><span class="nx">_0x517e5b</span><span class="o">===</span><span class="nx">_0x40b2b8</span><span class="p">)</span><span class="k">break</span><span class="p">;</span><span class="k">else</span> <span class="nx">_0x15b338</span><span class="p">[</span><span class="s1">&#39;push&#39;</span><span class="p">](</span><span class="nx">_0x15b338</span><span class="p">[</span><span class="s1">&#39;shift&#39;</span><span class="p">]());}</span><span class="k">catch</span><span class="p">(</span><span class="nx">_0x6c5198</span><span class="p">){</span><span class="nx">_0x15b338</span><span class="p">[</span><span class="s1">&#39;push&#39;</span><span class="p">](</span><span class="nx">_0x15b338</span><span class="p">[</span><span class="s1">&#39;shift&#39;</span><span class="p">]());}}}(</span><span class="nx">_0x17e0</span><span class="p">,</span><span class="mh">0x5e4df</span><span class="p">));</span><span class="kr">const</span> <span class="nx">_0x130d92</span><span class="o">=</span><span class="p">(</span><span class="kd">function</span><span class="p">(){</span><span class="kd">let</span> <span class="nx">_0x2e53a6</span><span class="o">=!!</span><span class="p">[];</span><span class="k">return</span> <span class="kd">function</span><span class="p">(</span><span class="nx">_0x323b74</span><span class="p">,</span><span class="nx">_0x490435</span><span class="p">){</span><span class="kr">const</span> <span class="nx">_0x1c497f</span><span class="o">=</span><span class="nx">_0x2e53a6</span><span class="o">?</span><span class="kd">function</span><span class="p">(){</span><span class="k">if</span><span class="p">(</span><span class="nx">_0x490435</span><span class="p">){</span><span class="kr">const</span> <span class="nx">_0x33bf80</span><span class="o">=</span><span class="nx">_0x490435</span><span class="p">[</span><span class="s1">&#39;apply&#39;</span><span class="p">](</span><span class="nx">_0x323b74</span><span class="p">,</span><span class="nx">arguments</span><span class="p">);</span><span class="k">return</span> <span class="nx">_0x490435</span><span class="o">=</span><span class="kc">null</span><span class="p">,</span><span class="nx">_0x33bf80</span><span class="p">;}}</span><span class="o">:</span><span class="kd">function</span><span class="p">(){};</span><span class="k">return</span> <span class="nx">_0x2e53a6</span><span class="o">=!</span><span class="p">[],</span><span class="nx">_0x1c497f</span><span class="p">;};}()),</span><span class="nx">_0x4b63bb</span><span class="o">=</span><span class="nx">_0x130d92</span><span class="p">(</span><span class="k">this</span><span class="p">,</span><span class="kd">function</span><span class="p">(){</span><span class="kr">const</span> <span class="nx">_0x982257</span><span class="o">=</span><span class="nx">_0x27a7</span><span class="p">;</span><span class="k">return</span> <span class="nx">_0x4b63bb</span><span class="p">[</span><span class="nx">_0x982257</span><span class="p">(</span><span class="mh">0x184</span><span class="p">)]()[</span><span class="nx">_0x982257</span><span class="p">(</span><span class="mh">0x192</span><span class="p">)](</span><span class="nx">_0x982257</span><span class="p">(</span><span class="mh">0x198</span><span class="p">))[</span><span class="nx">_0x982257</span><span class="p">(</span><span class="mh">0x184</span><span class="p">)]()[</span><span class="nx">_0x982257</span><span class="p">(</span><span class="mh">0x19f</span><span class="p">)](</span><span class="nx">_0x4b63bb</span><span class="p">)[</span><span class="nx">_0x982257</span><span class="p">(</span><span class="mh">0x192</span><span class="p">)](</span><span class="nx">_0x982257</span><span class="p">(</span><span class="mh">0x198</span><span class="p">));});</span><span class="nx">_0x4b63bb</span><span class="p">();</span><span class="kr">const</span> <span class="nx">_0x3f0a06</span><span class="o">=</span><span class="p">(</span><span class="kd">function</span><span class="p">(){</span><span class="kd">let</span> <span class="nx">_0x2f2ee3</span><span class="o">=!!</span><span class="p">[];</span><span class="k">return</span> <span class="kd">function</span><span class="p">(</span><span class="nx">_0xf1a2dc</span><span class="p">,</span><span class="nx">_0x12daa7</span><span class="p">){</span><span class="kr">const</span> <span class="nx">_0x2c78dc</span><span class="o">=</span><span class="nx">_0x2f2ee3</span><span class="o">?</span><span class="kd">function</span><span class="p">(){</span><span class="k">if</span><span class="p">(</span><span class="nx">_0x12daa7</span><span class="p">){</span><span class="kr">const</span> <span class="nx">_0x1e1bbf</span><span class="o">=</span><span class="nx">_0x12daa7</span><span class="p">[</span><span class="s1">&#39;apply&#39;</span><span class="p">](</span><span class="nx">_0xf1a2dc</span><span class="p">,</span><span class="nx">arguments</span><span class="p">);</span><span class="k">return</span> <span class="nx">_0x12daa7</span><span class="o">=</span><span class="kc">null</span><span class="p">,</span><span class="nx">_0x1e1bbf</span><span class="p">;}}</span><span class="o">:</span><span class="kd">function</span><span class="p">(){};</span><span class="k">return</span> <span class="nx">_0x2f2ee3</span><span class="o">=!</span><span class="p">[],</span><span class="nx">_0x2c78dc</span><span class="p">;};}()),</span><span class="nx">_0x11b84d</span><span class="o">=</span><span class="nx">_0x3f0a06</span><span class="p">(</span><span class="k">this</span><span class="p">,</span><span class="kd">function</span><span class="p">(){</span><span class="kr">const</span> <span class="nx">_0x5958bf</span><span class="o">=</span><span class="nx">_0x27a7</span><span class="p">;</span><span class="kd">let</span> <span class="nx">_0x1c1520</span><span class="p">;</span><span class="k">try</span><span class="p">{</span><span class="kr">const</span> <span class="nx">_0x48284c</span><span class="o">=</span><span class="nb">Function</span><span class="p">(</span><span class="nx">_0x5958bf</span><span class="p">(</span><span class="mh">0x18d</span><span class="p">)</span><span class="o">+</span><span class="nx">_0x5958bf</span><span class="p">(</span><span class="mh">0x18a</span><span class="p">)</span><span class="o">+</span><span class="s1">&#39;);&#39;</span><span class="p">);</span><span class="nx">_0x1c1520</span><span class="o">=</span><span class="nx">_0x48284c</span><span class="p">();}</span><span class="k">catch</span><span class="p">(</span><span class="nx">_0x560e71</span><span class="p">){</span><span class="nx">_0x1c1520</span><span class="o">=</span><span class="nb">window</span><span class="p">;}</span><span class="kr">const</span> <span class="nx">_0x4777cb</span><span class="o">=</span><span class="nx">_0x1c1520</span><span class="p">[</span><span class="s1">&#39;console&#39;</span><span class="p">]</span><span class="o">=</span><span class="nx">_0x1c1520</span><span class="p">[</span><span class="nx">_0x5958bf</span><span class="p">(</span><span class="mh">0x1a5</span><span class="p">)]</span><span class="o">||</span><span class="p">{},</span><span class="nx">_0x10f092</span><span class="o">=</span><span class="p">[</span><span class="nx">_0x5958bf</span><span class="p">(</span><span class="mh">0x1a4</span><span class="p">),</span><span class="nx">_0x5958bf</span><span class="p">(</span><span class="mh">0x1a0</span><span class="p">),</span><span class="nx">_0x5958bf</span><span class="p">(</span><span class="mh">0x187</span><span class="p">),</span><span class="nx">_0x5958bf</span><span class="p">(</span><span class="mh">0x18b</span><span class="p">),</span><span class="nx">_0x5958bf</span><span class="p">(</span><span class="mh">0x19b</span><span class="p">),</span><span class="nx">_0x5958bf</span><span class="p">(</span><span class="mh">0x193</span><span class="p">),</span><span class="nx">_0x5958bf</span><span class="p">(</span><span class="mh">0x185</span><span class="p">)];</span><span class="k">for</span><span class="p">(</span><span class="kd">let</span> <span class="nx">_0x41e094</span><span class="o">=</span><span class="mh">0x0</span><span class="p">;</span><span class="nx">_0x41e094</span><span class="o">&lt;</span><span class="nx">_0x10f092</span><span class="p">[</span><span class="nx">_0x5958bf</span><span class="p">(</span><span class="mh">0x190</span><span class="p">)];</span><span class="nx">_0x41e094</span><span class="o">++</span><span class="p">){</span><span class="kr">const</span> <span class="nx">_0xa11f57</span><span class="o">=</span><span class="nx">_0x3f0a06</span><span class="p">[</span><span class="nx">_0x5958bf</span><span class="p">(</span><span class="mh">0x19f</span><span class="p">)][</span><span class="nx">_0x5958bf</span><span class="p">(</span><span class="mh">0x197</span><span class="p">)][</span><span class="s1">&#39;bind&#39;</span><span class="p">](</span><span class="nx">_0x3f0a06</span><span class="p">),</span><span class="nx">_0x5853a5</span><span class="o">=</span><span class="nx">_0x10f092</span><span class="p">[</span><span class="nx">_0x41e094</span><span class="p">],</span><span class="nx">_0x418439</span><span class="o">=</span><span class="nx">_0x4777cb</span><span class="p">[</span><span class="nx">_0x5853a5</span><span class="p">]</span><span class="o">||</span><span class="nx">_0xa11f57</span><span class="p">;</span><span class="nx">_0xa11f57</span><span class="p">[</span><span class="nx">_0x5958bf</span><span class="p">(</span><span class="mh">0x1a1</span><span class="p">)]</span><span class="o">=</span><span class="nx">_0x3f0a06</span><span class="p">[</span><span class="s1">&#39;bind&#39;</span><span class="p">](</span><span class="nx">_0x3f0a06</span><span class="p">),</span><span class="nx">_0xa11f57</span><span class="p">[</span><span class="nx">_0x5958bf</span><span class="p">(</span><span class="mh">0x184</span><span class="p">)]</span><span class="o">=</span><span class="nx">_0x418439</span><span class="p">[</span><span class="nx">_0x5958bf</span><span class="p">(</span><span class="mh">0x184</span><span class="p">)][</span><span class="s1">&#39;bind&#39;</span><span class="p">](</span><span class="nx">_0x418439</span><span class="p">),</span><span class="nx">_0x4777cb</span><span class="p">[</span><span class="nx">_0x5853a5</span><span class="p">]</span><span class="o">=</span><span class="nx">_0xa11f57</span><span class="p">;}});</span><span class="nx">_0x11b84d</span><span class="p">();</span><span class="kr">const</span> <span class="nx">validDomains</span><span class="o">=</span><span class="p">[</span><span class="nx">_0x43eb42</span><span class="p">(</span><span class="mh">0x191</span><span class="p">),</span><span class="nx">_0x43eb42</span><span class="p">(</span><span class="mh">0x195</span><span class="p">),</span><span class="nx">_0x43eb42</span><span class="p">(</span><span class="mh">0x18e</span><span class="p">),</span><span class="nx">_0x43eb42</span><span class="p">(</span><span class="mh">0x18f</span><span class="p">),</span><span class="nx">_0x43eb42</span><span class="p">(</span><span class="mh">0x19e</span><span class="p">),</span><span class="s1">&#39;adaewfd321fg3.cachefly.net&#39;</span><span class="p">,</span><span class="nx">_0x43eb42</span><span class="p">(</span><span class="mh">0x186</span><span class="p">),</span><span class="s1">&#39;localhost:1313&#39;</span><span class="p">];</span><span class="kd">function</span> <span class="nx">_0x27a7</span><span class="p">(</span><span class="nx">_0x30b2be</span><span class="p">,</span><span class="nx">_0x27f11a</span><span class="p">){</span><span class="kr">const</span> <span class="nx">_0x2f8ec1</span><span class="o">=</span><span class="nx">_0x17e0</span><span class="p">();</span><span class="k">return</span> <span class="nx">_0x27a7</span><span class="o">=</span><span class="kd">function</span><span class="p">(</span><span class="nx">_0x11b84d</span><span class="p">,</span><span class="nx">_0x3f0a06</span><span class="p">){</span><span class="nx">_0x11b84d</span><span class="o">=</span><span class="nx">_0x11b84d</span><span class="o">-</span><span class="mh">0x183</span><span class="p">;</span><span class="kd">let</span> <span class="nx">_0x2ded53</span><span class="o">=</span><span class="nx">_0x2f8ec1</span><span class="p">[</span><span class="nx">_0x11b84d</span><span class="p">];</span><span class="k">return</span> <span class="nx">_0x2ded53</span><span class="p">;},</span><span class="nx">_0x27a7</span><span class="p">(</span><span class="nx">_0x30b2be</span><span class="p">,</span><span class="nx">_0x27f11a</span><span class="p">);}</span><span class="kd">function</span> <span class="nx">_0x17e0</span><span class="p">(){</span><span class="kr">const</span> <span class="nx">_0x30092e</span><span class="o">=</span><span class="p">[</span><span class="s1">&#39;__proto__&#39;</span><span class="p">,</span><span class="s1">&#39;http://blog.xpdbk.com&#39;</span><span class="p">,</span><span class="s1">&#39;248mjjPBK&#39;</span><span class="p">,</span><span class="s1">&#39;log&#39;</span><span class="p">,</span><span class="s1">&#39;console&#39;</span><span class="p">,</span><span class="s1">&#39;2331390Rbmidg&#39;</span><span class="p">,</span><span class="s1">&#39;location&#39;</span><span class="p">,</span><span class="s1">&#39;toString&#39;</span><span class="p">,</span><span class="s1">&#39;trace&#39;</span><span class="p">,</span><span class="s1">&#39;127.0.0.1:1313&#39;</span><span class="p">,</span><span class="s1">&#39;info&#39;</span><span class="p">,</span><span class="s1">&#39;1hGmVnj&#39;</span><span class="p">,</span><span class="s1">&#39;511494uNxHBt&#39;</span><span class="p">,</span><span class="s1">&#39;{}.constructor(\x22return\x20this\x22)(\x20)&#39;</span><span class="p">,</span><span class="s1">&#39;error&#39;</span><span class="p">,</span><span class="s1">&#39;1689000vVCMXN&#39;</span><span class="p">,</span><span class="s1">&#39;return\x20(function()\x20&#39;</span><span class="p">,</span><span class="s1">&#39;lelfeng.netlify.app&#39;</span><span class="p">,</span><span class="s1">&#39;cfblog.xpdbk.com&#39;</span><span class="p">,</span><span class="s1">&#39;length&#39;</span><span class="p">,</span><span class="s1">&#39;blog.xpdbk.com&#39;</span><span class="p">,</span><span class="s1">&#39;search&#39;</span><span class="p">,</span><span class="s1">&#39;table&#39;</span><span class="p">,</span><span class="s1">&#39;2697315oyIMgb&#39;</span><span class="p">,</span><span class="s1">&#39;vlblog.xpdbk.com&#39;</span><span class="p">,</span><span class="s1">&#39;405444fEnPtY&#39;</span><span class="p">,</span><span class="s1">&#39;prototype&#39;</span><span class="p">,</span><span class="s1">&#39;(((.+)+)+)+$&#39;</span><span class="p">,</span><span class="s1">&#39;hostname&#39;</span><span class="p">,</span><span class="s1">&#39;422352iCyGvT&#39;</span><span class="p">,</span><span class="s1">&#39;exception&#39;</span><span class="p">,</span><span class="s1">&#39;119035WNGFBa&#39;</span><span class="p">,</span><span class="s1">&#39;80LiPhiY&#39;</span><span class="p">,</span><span class="s1">&#39;1x000.github.io&#39;</span><span class="p">,</span><span class="s1">&#39;constructor&#39;</span><span class="p">,</span><span class="s1">&#39;warn&#39;</span><span class="p">];</span><span class="nx">_0x17e0</span><span class="o">=</span><span class="kd">function</span><span class="p">(){</span><span class="k">return</span> <span class="nx">_0x30092e</span><span class="p">;};</span><span class="k">return</span> <span class="nx">_0x17e0</span><span class="p">();}</span><span class="k">try</span><span class="p">{</span><span class="nx">validDomains</span><span class="p">[</span><span class="s1">&#39;indexOf&#39;</span><span class="p">](</span><span class="nb">document</span><span class="p">[</span><span class="nx">_0x43eb42</span><span class="p">(</span><span class="mh">0x183</span><span class="p">)][</span><span class="nx">_0x43eb42</span><span class="p">(</span><span class="mh">0x199</span><span class="p">)]</span><span class="o">+</span><span class="s1">&#39;:&#39;</span><span class="o">+</span><span class="nb">document</span><span class="p">[</span><span class="nx">_0x43eb42</span><span class="p">(</span><span class="mh">0x183</span><span class="p">)][</span><span class="s1">&#39;port&#39;</span><span class="p">])</span><span class="o">===-</span><span class="mh">0x1</span><span class="o">&amp;&amp;</span><span class="p">(</span><span class="nb">window</span><span class="p">[</span><span class="nx">_0x43eb42</span><span class="p">(</span><span class="mh">0x183</span><span class="p">)][</span><span class="s1">&#39;href&#39;</span><span class="p">]</span><span class="o">=</span><span class="nx">_0x43eb42</span><span class="p">(</span><span class="mh">0x1a2</span><span class="p">));}</span><span class="k">catch</span><span class="p">(</span><span class="nx">_0x573349</span><span class="p">){}</span> </span></span></code></pre></td></tr></table> </div> </div><p>By taking this encrypted code and randomly inserting it into one of the scripts referenced on your site, you&rsquo;ll leave the trash running those mirror sites with no way to bypass it.</p> <p><strong>With this, the problem is basically solved. Let those jerks go cry about it.</strong></p>