javascript 网站中的 RUM(真实用户监控)JS 代码
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/15657274/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
RUM (Real User Monitoring) JS code in website
提问by randomizer
I suddenly discovered some weird code in my websites:
我突然在我的网站上发现了一些奇怪的代码:
<script type="text/javascript">var NREUMQ=NREUMQ||[];NREUMQ.push(["mark","firstbyte",new Date().getTime()]);</script>
But I never implemented this in my code and suddenly it's there.
但是我从来没有在我的代码中实现过这个,突然之间它就在那里。
Is there any way this has been hacked some way into my website? Or what can cause this weird code?
有没有办法以某种方式入侵我的网站?或者什么会导致这个奇怪的代码?
UPDATE:
更新:
I just deleted all my code and added an index.php file with these contents:
我刚刚删除了所有代码并添加了一个包含以下内容的 index.php 文件:
<html>
<head>
</head>
<body>
test
</body>
</html>
When I look in the source, the following code is shown:
当我查看源代码时,显示了以下代码:
<html>
<head>
<script type="text/javascript">var NREUMQ=NREUMQ||[];NREUMQ.push(["mark","firstbyte",new Date().getTime()]);</script>
</head>
<body>
test
<script type="text/javascript">if(!NREUMQ.f){NREUMQ.f=function(){NREUMQ.push(["load",new Date().getTime()]);var e=document.createElement("script");e.type="text/javascript";e.src=(("http:"===document.location.protocol)?"http:":"https:")+"//"+"d1ros97qkrwjf5.cloudfront.net/42/eum/rum.js";document.body.appendChild(e);if(NREUMQ.a)NREUMQ.a();};NREUMQ.a=window.onload;window.onload=NREUMQ.f;};NREUMQ.push(["nrfj","beacon-3.newrelic.com","0320653fc3","2194086","YAFRYxcHXUYCBUdQWVlLZkUMSVpbBwNLF0ZfFA==",0,1,new Date().getTime(),"","","","",""]);</script>
</body>
</html>
UPDATE 2:
更新 2:
What I have tried so far:
到目前为止我尝试过的:
- deleted all my files and just added a php file with a simple html layout
- copied all my webspace files to my local dir: THE SCRIPT IS GONE!
- disabled all kind of services in the control panel of my host
- My webhost says they don't put code in webfiles, but it seems they do because I can not think of any other scenario to try. I also tracked other websites hosted via this company and a lot of websites have the code in their source too!
- 删除了我所有的文件,并添加了一个带有简单 html 布局的 php 文件
- 将我所有的网站空间文件复制到我的本地目录:脚本消失了!
- 在我的主机的控制面板中禁用所有类型的服务
- 我的网络主机说他们不把代码放在网络文件中,但似乎他们这样做了,因为我想不出任何其他场景可以尝试。我还跟踪了通过这家公司托管的其他网站,许多网站的源代码中也有代码!
采纳答案by randomizer
It looks like my webhost was adding the code. They only admitted it after I had spoken to three people. The first one denied everything and was blaming me for "bad code or bad scripts". Finally, a senior manager told me it was for benchmarking purposes they had added the script to my website.
看起来我的虚拟主机正在添加代码。在我和三个人谈过之后,他们才承认。第一个否认一切,并指责我“糟糕的代码或糟糕的脚本”。最后,一位高级经理告诉我,他们将脚本添加到我的网站是为了进行基准测试。
I really don't like this, I'm very sure they can't do that without letting me know, so I'm looking into taking further steps.
我真的不喜欢这个,我很确定他们不能不让我知道就这样做,所以我正在考虑采取进一步的措施。
回答by Adrian Macneil
It's part of New Relic's Real User Monitoring feature (either you or your host have installed New Relic on your server).
它是 New Relic 的真实用户监控功能的一部分(您或您的主机已经在您的服务器上安装了 New Relic)。
The JavaScript injected for Real User Monitoring collects timing information in the browser that contains details to identify the specific app and the web transaction processed on the backend, as well as how time was spent in the app for each request. When a page completes loading in an end user's browser, RUM sends the information back to New Relic asynchronously, so it doesn't affect page load time. RUM uses the IP address to resolve the geographic location of each request.
为 Real User Monitoring 注入的 JavaScript 会在浏览器中收集时间信息,其中包含识别特定应用程序和后端处理的 Web 事务的详细信息,以及每个请求在应用程序中花费的时间。当页面在最终用户的浏览器中完成加载时,RUM 将信息异步发送回 New Relic,因此它不会影响页面加载时间。RUM 使用 IP 地址来解析每个请求的地理位置。
https://newrelic.com/docs/features/how-does-real-user-monitoring-work
https://newrelic.com/docs/features/how-does-real-user-monitoring-work
