-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.html
546 lines (347 loc) · 23.5 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
<!DOCTYPE html>
<html lang="">
<head><meta name="generator" content="Hexo 3.8.0">
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1.0, user-scalable=no">
<meta name="theme-color" content="#202020">
<meta http-equiv="x-ua-compatible" content="ie=edge">
<script src="//busuanzi.ibruce.info/busuanzi/2.3/busuanzi.pure.mini.js" async></script>
<meta name="keywords" content>
<meta name="description" content="Fooying's Blog">
<link rel="icon" type="image/x-icon" href="/images/footer-logo.png">
<title> [ Fooying ]我自凭栏夜听雨,欲上云端摘星辰</title>
<!-- stylesheets list from config.yml -->
<link rel="stylesheet" href="//cdn.bootcss.com/pure/1.0.0/pure-min.css">
<link rel="stylesheet" href="/css/xoxo.css">
</head>
<body>
<div class="nav-container">
<nav class="home-menu pure-menu pure-menu-horizontal">
<a class="pure-menu-heading" href="/">
<span class="title" style="text-transform:none">Fooying</span>
</a>
<ul class="pure-menu-list clearfix">
<li class="pure-menu-item actived"><a href="/" class="pure-menu-link">首页</a></li>
<li class="pure-menu-item pure-menu-has-children pure-menu-allow-hover">
<a href="#" id="post" class="pure-menu-link">文章</a>
<ul class="pure-menu-children">
<li class="pure-menu-item"><a href="/categories" style="color:#202020;" class="pure-menu-link">分类</a></li>
<li class="pure-menu-item"><a href="/archives" style="color:#202020;" class="pure-menu-link">归档</a></li>
<li class="pure-menu-item"><a href="/tags" style="color:#202020;" class="pure-menu-link">标签</a></li>
</ul>
</li>
<li class="pure-menu-item"><a href="/paper" class="pure-menu-link">Papers</a></li>
<li class="pure-menu-item"><a href="/project" class="pure-menu-link">项目</a></li>
<li class="pure-menu-item"><a href="/activity" class="pure-menu-link">动态</a></li>
<li class="pure-menu-item"><a href="/search" class="pure-menu-link">搜索</a></li>
</ul>
</nav>
</div>
<div class="container" id="content-outer">
<div class="inner" id="content-inner">
<div class="recent-posts">
<article class="recent-post-item">
<a class="title" href="/linux-watchdogs-miner-analysis/"><h2>Linux watchdogs 感染性隐藏挖矿病毒分析</h2></a>
<div class="post-meta">
<time class="time" datetime="2019-02-21T16:08:08.000Z">
2019-02-22
</time>
<span class="slash">/</span>
<ul class="index-tag-list"><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/Linux入侵/">Linux入侵</a></li><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/Miner/">Miner</a></li><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/watchdogs/">watchdogs</a></li><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/挖矿病毒/">挖矿病毒</a></li></ul>
</div>
<div class="post-excerpt">
<p>作者:笔者及多名同事</p>
<h3 id="一-背景"><a class="markdownIt-Anchor" href="#一-背景"></a> 一、 背景</h3>
<p>近日,腾讯云安全团队监测到部分云上及外部用户机器存在安全漏洞被入侵,同时植入 watchdogs 挖矿病毒,出现 crontab 任务异常、系统文件被删除、CPU 异常等情况,并且会自动感染更多机器。攻击者主要利用 Redis 未授权访问入侵服务器并通过内网扫描和 known_hosts 历史登录尝试感染更多机器。</p>
<p>相对比于过去发现的挖矿病毒,这次的挖矿病毒隐藏性更高,也更难被清理。</p>
</div>
<a class="more" href="/linux-watchdogs-miner-analysis/"> 阅读全文〉</a>
</article>
<article class="recent-post-item">
<a class="title" href="/common_vulnerability_management_and_scap/"><h2>通用漏洞管理与SCAP</h2></a>
<div class="post-meta">
<time class="time" datetime="2019-01-25T03:04:05.000Z">
2019-01-25
</time>
<span class="slash">/</span>
<ul class="index-tag-list"><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/CCE/">CCE</a></li><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/CPE/">CPE</a></li><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/CVE/">CVE</a></li><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/CVSS/">CVSS</a></li><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/OVAL/">OVAL</a></li><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/SCAP/">SCAP</a></li><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/XCCDF/">XCCDF</a></li><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/通用漏洞管理/">通用漏洞管理</a></li></ul>
</div>
<div class="post-excerpt">
<p>在日常的漏洞研究和管理中,通常会发现,不同漏洞平台、不同团队对于漏洞的编号、严重程度的定义通常会出现差异化。</p>
</div>
<a class="more" href="/common_vulnerability_management_and_scap/"> 阅读全文〉</a>
</article>
<article class="recent-post-item">
<a class="title" href="/linux-hide-process-miner-analysis/"><h2>Linux 遭入侵,挖矿进程被隐藏案例分析</h2></a>
<div class="post-meta">
<time class="time" datetime="2018-06-25T16:08:08.000Z">
2018-06-26
</time>
<span class="slash">/</span>
<ul class="index-tag-list"><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/Linux入侵/">Linux入侵</a></li><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/Miner/">Miner</a></li><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/挖矿病毒/">挖矿病毒</a></li><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/隐藏进程/">隐藏进程</a></li></ul>
</div>
<div class="post-excerpt">
<p>作者:笔者及多名同事</p>
<h3 id="一-背景"><a class="markdownIt-Anchor" href="#一-背景"></a> 一、 背景</h3>
<p>云鼎实验室曾分析不少入侵挖矿案例,研究发现入侵挖矿行为都比较粗暴简单,通过 top 等命令可以直接看到恶意进程,挖矿进程不会被刻意隐藏;而现在,我们发现黑客开始不断使用一些隐藏手段去隐藏挖矿进程而使它获得更久存活,今天分析的内容是我们过去一个月内捕获的一起入侵挖矿事件。</p>
</div>
<a class="more" href="/linux-hide-process-miner-analysis/"> 阅读全文〉</a>
</article>
<article class="recent-post-item">
<a class="title" href="/hadoop-yarn-rest-api-unauthorized-miner-analysis/"><h2>Hadoop Yarn REST API 未授权漏洞利用挖矿分析</h2></a>
<div class="post-meta">
<time class="time" datetime="2018-05-31T16:08:08.000Z">
2018-06-01
</time>
<span class="slash">/</span>
<ul class="index-tag-list"><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/Hadoop-Yarn-REST-API-未授权漏洞/">Hadoop Yarn REST API 未授权漏洞</a></li><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/Intrusion-Analysis/">Intrusion Analysis</a></li><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/Linux入侵/">Linux入侵</a></li><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/Miner/">Miner</a></li><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/挖矿病毒/">挖矿病毒</a></li></ul>
</div>
<div class="post-excerpt">
<h4 id="一-背景"><a class="markdownIt-Anchor" href="#一-背景"></a> 一、 背景</h4>
<p>5月5日腾讯云安全团队曾针对攻击者利用Hadoop Yarn资源管理系统REST API未授权漏洞对服务器进行攻击,攻击者可以在未授权的情况下远程执行代码的安全问题进行预警,在预警的前后我们曾多次捕获相关的攻击案例,其中就包含利用该问题进行挖矿,我们针对其中一个案例进行分析并提供响应的安全建议和解决方案。</p>
</div>
<a class="more" href="/hadoop-yarn-rest-api-unauthorized-miner-analysis/"> 阅读全文〉</a>
</article>
<article class="recent-post-item">
<a class="title" href="/linux-redis-miner-worm-analysis/"><h2>Linux Redis自动化挖矿感染蠕虫分析及安全建议</h2></a>
<div class="post-meta">
<time class="time" datetime="2018-05-21T16:08:08.000Z">
2018-05-22
</time>
<span class="slash">/</span>
<ul class="index-tag-list"><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/Linux入侵/">Linux入侵</a></li><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/Miner-Worm/">Miner Worm</a></li><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/Redis-Miner/">Redis Miner</a></li><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/Redis未授权访问/">Redis未授权访问</a></li><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/挖矿病毒/">挖矿病毒</a></li></ul>
</div>
<div class="post-excerpt">
<h4 id="一-背景"><a class="markdownIt-Anchor" href="#一-背景"></a> 一、 背景</h4>
<p>自从Redis未授权问题获取Linux系统root权限的攻击方法的披露后,由于其易用性,利用该问题入侵Linux服务进行挖矿、扫描等的黑客行为一直层出不穷;而在众多利用该问题入侵服务器进行黑产行为的案例中,其中就存在一类利用该问题进行挖矿并且会利用pnscan自动扫描感染其他机器;该类攻击一直存在,不过在近期又呈现数量增加的趋势,在最近捕获到多次,我们针对其做下具体的分析。</p>
</div>
<a class="more" href="/linux-redis-miner-worm-analysis/"> 阅读全文〉</a>
</article>
<article class="recent-post-item">
<a class="title" href="/think-like-hacker/"><h2>【黑客解析】像黑客一样思考</h2></a>
<div class="post-meta">
<time class="time" datetime="2017-04-06T09:34:53.000Z">
2017-04-06
</time>
<span class="slash">/</span>
<ul class="index-tag-list"><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/黑客思维/">黑客思维</a></li><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/黑客解析/">黑客解析</a></li></ul>
</div>
<div class="post-excerpt">
<h3 id="导语"><a class="markdownIt-Anchor" href="#导语"></a> 导语</h3>
<p>网络安全里经常说的一句话是未知攻焉知防,基本所有的安全人员也是一名黑客,在黑客攻击愈发普遍的今天,如何更好的防御黑客攻击?用句带有点哲学的话,成为黑客,只有成为黑客,像黑客一样思考,你才能知道从哪去防御黑客;很俗的一句话,但很实在!</p>
</div>
<a class="more" href="/think-like-hacker/"> 阅读全文〉</a>
</article>
<article class="recent-post-item">
<a class="title" href="/the-art-of-xss-2-xss-fuzzing/"><h2>跨站的艺术-XSS Fuzzing 的技巧</h2></a>
<div class="post-meta">
<time class="time" datetime="2017-03-22T16:08:08.000Z">
2017-03-23
</time>
<span class="slash">/</span>
<ul class="index-tag-list"><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/XSS/">XSS</a></li><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/XSS盲打/">XSS盲打</a></li><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/mXSS/">mXSS</a></li><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/漏洞挖掘/">漏洞挖掘</a></li><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/跨站的艺术/">跨站的艺术</a></li><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/跨站脚本攻击/">跨站脚本攻击</a></li></ul>
</div>
<div class="post-excerpt">
<p>对于XSS的漏洞挖掘过程,其实就是一个使用Payload不断测试和调整再测试的过程,这个过程我们把它叫做Fuzzing;同样是Fuzzing,有些人挖洞比较高效,有些人却不那么容易挖出漏洞,除了掌握的技术之外,比如编码的绕过处理等,还包含一些技巧性的东西,掌握一些技巧和规律,可以使得挖洞会更加从容。</p>
</div>
<a class="more" href="/the-art-of-xss-2-xss-fuzzing/"> 阅读全文〉</a>
</article>
<article class="recent-post-item">
<a class="title" href="/how-hacker-data-extort/"><h2>【黑客解析】黑客是如何实现数据勒索</h2></a>
<div class="post-meta">
<time class="time" datetime="2017-03-09T16:08:08.000Z">
2017-03-10
</time>
<span class="slash">/</span>
<ul class="index-tag-list"><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/入侵分析/">入侵分析</a></li><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/数据勒索/">数据勒索</a></li><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/黑客解析/">黑客解析</a></li></ul>
</div>
<div class="post-excerpt">
<h3 id="导语"><a class="markdownIt-Anchor" href="#导语"></a> 导语</h3>
<p>从MongoDB开始到MySQL,黑客瞄准了数据库服务,通过黑客手段获取数据库服务的权限,然后删除数据,在数据库中插入勒索信息,要求支付比特币以赎回数据(可见扩展阅读)。那么黑客是如何实现这整个过程?</p>
</div>
<a class="more" href="/how-hacker-data-extort/"> 阅读全文〉</a>
</article>
<article class="recent-post-item">
<a class="title" href="/the-art-of-xss-1-introduction/"><h2>跨站的艺术-XSS入门与介绍</h2></a>
<div class="post-meta">
<time class="time" datetime="2017-02-13T16:08:08.000Z">
2017-02-14
</time>
<span class="slash">/</span>
<ul class="index-tag-list"><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/XSS/">XSS</a></li><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/跨站的艺术/">跨站的艺术</a></li></ul>
</div>
<div class="post-excerpt">
<h3 id="什么是xss"><a class="markdownIt-Anchor" href="#什么是xss"></a> 什么是XSS?</h3>
<p>XSS全称跨站脚本(Cross Site Scripting),为不和层叠样式表(Cascading Style Sheets, CSS)的缩写混淆,故缩写为XSS,比较合适的方式应该叫做跨站脚本攻击。</p>
<p>跨站脚本攻击是一种常见的web安全漏洞,它主要是指攻击者可以在页面中插入恶意脚本代码,当受害者访问这些页面时,浏览器会解析并执行这些恶意代码,从而达到窃取用户身份/钓鱼/传播恶意代码等行为。</p>
</div>
<a class="more" href="/the-art-of-xss-1-introduction/"> 阅读全文〉</a>
</article>
<article class="recent-post-item">
<a class="title" href="/point_to_face_vulnerability_research/"><h2>点到面的漏洞研究与利用--从黑产的角度思考利用漏洞</h2></a>
<div class="post-meta">
<time class="time" datetime="2017-01-08T03:04:05.000Z">
2017-01-08
</time>
<span class="slash">/</span>
<ul class="index-tag-list"><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/撒网式漏洞攻击/">撒网式漏洞攻击</a></li><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/漏洞利用/">漏洞利用</a></li><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/漏洞响应/">漏洞响应</a></li><li class="index-tag-list-item"><a class="index-tag-list-link" href="/tags/漏洞研究/">漏洞研究</a></li></ul>
</div>
<div class="post-excerpt">
<p>在常规的漏洞响应中,我们更多的关注漏洞自身的危害、影响结果,这个是点的研发,而往往在利用过程,会有一种面的利用。</p>
<p>这个内容在以前在北航、QCon做分享的时候讲过相关的内容,做了下整理,部分内容是来自COS之前的PPT。</p>
<p>注:文章内容仅限于研究!</p>
</div>
<a class="more" href="/point_to_face_vulnerability_research/"> 阅读全文〉</a>
</article>
</div>
</div>
<nav class="page-nav text-center">
<span class="page-number current">1</span><a class="page-number" href="/page/2/">2</a><span class="space">…</span><a class="page-number" href="/page/5/">5</a><a class="extend next" rel="next" href="/page/2/">〉</a>
</nav>
</div>
<footer class="footer text-center">
<div id="bottom-inner">
<a class="bottom-item" href="https://github.com/fooying" target="_blank">GitHub</a> |
<a class="bottom-item" href="/links">友情链接</a> |
<a class="bottom-item" href="https://hexo.io" target="_blank">Powered by hexo</a> |
<a class="bottom-item" href="https://github.com/fooying/hexo-theme-xoxo-plus" target="_blank">Theme xoxo-plus</a> |
<a class="bottom-item" href="/atom.xml">订阅</a>
</div>
</footer>
<script>
(function(window, document, undefined) {
var timer = null;
function returnTop() {
cancelAnimationFrame(timer);
timer = requestAnimationFrame(function fn() {
var oTop = document.body.scrollTop || document.documentElement.scrollTop;
if (oTop > 0) {
document.body.scrollTop = document.documentElement.scrollTop = oTop - 50;
timer = requestAnimationFrame(fn);
} else {
cancelAnimationFrame(timer);
}
});
}
var hearts = [];
window.requestAnimationFrame = (function() {
return window.requestAnimationFrame ||
window.webkitRequestAnimationFrame ||
window.mozRequestAnimationFrame ||
window.oRequestAnimationFrame ||
window.msRequestAnimationFrame ||
function(callback) {
setTimeout(callback, 1000 / 60);
}
})();
init();
function init() {
css(".heart{z-index:9999;width: 10px;height: 10px;position: fixed;background: #f00;transform: rotate(45deg);-webkit-transform: rotate(45deg);-moz-transform: rotate(45deg);}.heart:after,.heart:before{content: '';width: inherit;height: inherit;background: inherit;border-radius: 50%;-webkit-border-radius: 50%;-moz-border-radius: 50%;position: absolute;}.heart:after{top: -5px;}.heart:before{left: -5px;}");
attachEvent();
gameloop();
addMenuEvent();
}
function gameloop() {
for (var i = 0; i < hearts.length; i++) {
if (hearts[i].alpha <= 0) {
document.body.removeChild(hearts[i].el);
hearts.splice(i, 1);
continue;
}
hearts[i].y--;
hearts[i].scale += 0.004;
hearts[i].alpha -= 0.013;
hearts[i].el.style.cssText = "left:" + hearts[i].x + "px;top:" + hearts[i].y + "px;opacity:" + hearts[i].alpha + ";transform:scale(" + hearts[i].scale + "," + hearts[i].scale + ") rotate(45deg);background:" + hearts[i].color;
}
requestAnimationFrame(gameloop);
}
/**
* 给logo设置点击事件
*
* - 回到顶部
* - 出现爱心
*/
function attachEvent() {
var old = typeof window.onclick === "function" && window.onclick;
var logo = document.getElementById("logo");
if (logo) {
logo.onclick = function(event) {
returnTop();
old && old();
createHeart(event);
}
}
}
function createHeart(event) {
var d = document.createElement("div");
d.className = "heart";
hearts.push({
el: d,
x: event.clientX - 5,
y: event.clientY - 5,
scale: 1,
alpha: 1,
color: randomColor()
});
document.body.appendChild(d);
}
function css(css) {
var style = document.createElement("style");
style.type = "text/css";
try {
style.appendChild(document.createTextNode(css));
} catch (ex) {
style.styleSheet.cssText = css;
}
document.getElementsByTagName('head')[0].appendChild(style);
}
function randomColor() {
// return "rgb(" + (~~(Math.random() * 255)) + "," + (~~(Math.random() * 255)) + "," + (~~(Math.random() * 255)) + ")";
return "#F44336";
}
function addMenuEvent() {
var menu = document.getElementById('menu-main-post');
if (menu) {
var toc = document.getElementById('toc');
if (toc) {
menu.onclick = function() {
if (toc) {
if (toc.style.display == 'block') {
toc.style.display = 'none';
} else {
toc.style.display = 'block';
}
}
};
} else {
menu.style.display = 'none';
}
}
}
})(window, document);
</script>
<script>
var _hmt = _hmt || [];
(function () {
var hm = document.createElement("script");
hm.src = "//hm.baidu.com/hm.js?f290e5fbd596aedbb751f38a7d377f48";
var s = document.getElementsByTagName("script")[0];
s.parentNode.insertBefore(hm, s);
})();
</script>
<script>
(function(){
var bp = document.createElement('script');
var curProtocol = window.location.protocol.split(':')[0];
if (curProtocol === 'https') {
bp.src = 'https://zz.bdstatic.com/linksubmit/push.js';
}
else {
bp.src = 'http://push.zhanzhang.baidu.com/push.js';
}
var s = document.getElementsByTagName("script")[0];
s.parentNode.insertBefore(bp, s);
})();
</script>
</body>
</html>