Block potential windows scam sites
目前为
// ==UserScript== // @name Windows Scam Site Blocker // @namespace blockWinScamSites // @version 1.0 // @description Block potential windows scam sites // @author Kai Krause <[email protected]> // @include * // @exclude microsoft.com/* // @exclude *.microsoft.com // @grant GM_setValue // @grant GM_getValue // @run-at document-start // ==/UserScript== // Whether to block the page var shouldBlockPage = false; function main() { // Products and keywords that are normally used in headers var products = ["microsoft", "windows"]; var keywords = ["error", "security", "warning", "official", "support", "hotline", "virus", "infected", "infection", "blocked"]; // Get the page's title var title = document.title.toLowerCase(); // Loop whether a product and keywords exist together for (let i = 0; i < products.length; i++) { if (title.includes(products[i])) { for (let x = 0; x < keywords.length; x++) { if (title.includes(keywords[x])) { shouldBlockPage = true; } } } } // If the page hasn't been blocked, use flags until a decision is made var redFlags = 0; // If the page is related to a product, flag it for (let i = 0; i < products.length; i++) { if (title.includes(products[i])) { redFlags++; } } // Get all inline script tags, and check whether they contain obfuscated JS techniques var scripts = document.getElementsByTagName(script); for (let i = 0; i < scripts.length; i++) { var script = scripts[i].innerText; if (script.Includes("eval")) redFlags++; if (script.Includes("unescape")) redFlags++; if (script.Includes("fromCharCode")) redFlags++; if (script.Includes("charCodeAt")) redFlags++; } // Block the page if there are too many red flags if (redFlags >= 2) { shouldBlockPage = true; } // Otherwise, scan the page for commonly uses phrases var phrases = ["your computer has been blocked", "your computer has alerted us", "call microsoft toll free", "windows has detected", "your system detected", "please call microsoft", "ransomware virus has infected your system", "trying to steal financial information", "information is being stolen", "removal process over the phone", "prevent your computer from being disabled", "contact our certified", "windows technician", "pornographic spyware", "malicious virus", "malicious malware"]; // Get page content var page = document.body.innerText.toLowerCase(); // Detect phrases for (let i = 0; i < phrases.length; i++) { if (page.indexOf(phrases[i]) > -1) { shouldBlockPage = true; } } } // Block the page, by clearing it's content and replacing it var finishedBlocking = false; function blockPage() { if (shouldBlockPage && !finishedBlocking) { window.stop(); document.getElementsByTagName('head')[0].innerHTML = "<title>" + document.title + "</title>"; document.body.innerHTML = "<h1>This Page Has Been Blocked - It Appeared To Be Malicious</h1><br />" document.body.innerHTML += "<button id='ignorePage'>Ignore Warning</button>"; document.getElementById("ignorePage").addEventListener("click", ignorePage); finishedBlocking = true; } } // ignore pages by domain name, handled via GM storage function ignorePage() { if (GM_setValue) { GM_setValue(location.hostname, "ignored"); location.reload(); } } // check if page is ignored var isPageIgnored = GM_getValue(location.hostname); // run code blocks var runTime = Date.now(); if (isPageIgnored !== "ignored") { var interval = setInterval(function() { main(); blockPage(); // Remove interval if page has been blocked, or, the script has run for longer than 3 seconds if(shouldBlockPage || (Date.now() - runTime) / 1000 >= 3) { console.log("ending script") return clearInterval(interval); } }, 10); }
