从网络日志中提取的字符串解码
String decode extracted from web log
在做日志分析时,通过解析web日志的page字段(webshell?),发现了一个语法和内容都奇怪的字符串:
/campaign/(f(2ewt_ygmarlagti7sw4tvhj0zk17klgxnhnk1aawgtixm5x-2qmvsvouolvaffrhitumf4wnk496p2dbzmkc3ywfloksiixdtrlawmt78f_mg-45kdzzpdlnogeishkcgtohttp://www.facebook.com/externalhit_uatext.phptelf6gqmu2ia0i1j5lfgmcvw1))/home/index
有人可以指导我如何解码这个字符串并找到线索吗?还有为什么是下面的:
http://www.facebook.com/externalhit_uatext.php
包含在字符串中?
我在引用https://www.facebook.com/externalhit_uatext.php
Facebook allows its users to send links to interesting web content to other Facebook users. Part of how this works on the Facebook system involves the temporary display of certain images or details related to the web content, such as the title of the web page or the embed tag of a video. Our system retrieves this information only after a user provides us with a link. You may have found this page because a Facebook user sent a link from your website to other Facebook users. If you have any questions or concerns about any links or content sent by one of our users, please contact us at legal@facebook.com.
我的猜测是有人 post 将 link 发送到您的网站到 Facebook,然后有人点击了那个 link(通过 link 访问了您的网站)。虽然(可能)编码的东西看起来有点随机。如果我是你,我会从我的 Facebook 网站上 post a link,点击它,看看我是否得到类似的东西。如果它看起来不像那样,我会联系 legal@facebook.com 以澄清它是否 linked 给他们。
在做日志分析时,通过解析web日志的page字段(webshell?),发现了一个语法和内容都奇怪的字符串:
/campaign/(f(2ewt_ygmarlagti7sw4tvhj0zk17klgxnhnk1aawgtixm5x-2qmvsvouolvaffrhitumf4wnk496p2dbzmkc3ywfloksiixdtrlawmt78f_mg-45kdzzpdlnogeishkcgtohttp://www.facebook.com/externalhit_uatext.phptelf6gqmu2ia0i1j5lfgmcvw1))/home/index
有人可以指导我如何解码这个字符串并找到线索吗?还有为什么是下面的:
http://www.facebook.com/externalhit_uatext.php
包含在字符串中?
我在引用https://www.facebook.com/externalhit_uatext.php
Facebook allows its users to send links to interesting web content to other Facebook users. Part of how this works on the Facebook system involves the temporary display of certain images or details related to the web content, such as the title of the web page or the embed tag of a video. Our system retrieves this information only after a user provides us with a link. You may have found this page because a Facebook user sent a link from your website to other Facebook users. If you have any questions or concerns about any links or content sent by one of our users, please contact us at legal@facebook.com.
我的猜测是有人 post 将 link 发送到您的网站到 Facebook,然后有人点击了那个 link(通过 link 访问了您的网站)。虽然(可能)编码的东西看起来有点随机。如果我是你,我会从我的 Facebook 网站上 post a link,点击它,看看我是否得到类似的东西。如果它看起来不像那样,我会联系 legal@facebook.com 以澄清它是否 linked 给他们。