InfinityFree 是一个网站托管服务。这意味着我们提供的托管账户是用于托管网站的。网站包含通过网页浏览器访问的页面。InfinityFree 不打算用于文件共享、API 托管、数据库托管或后台任务/工具。
为了帮助执行此规则,免费托管实施了一种安全系统,以确保任何试图访问您的网站的人都在使用正常的网页浏览器。这是通过检查网页浏览器是否能够执行Javascript代码并接受cookies来实现的。
每个现代网页浏览器都支持Javascript和Cookies,并且可以用来访问您的网站而不会有任何问题。除非访客在浏览器中明确禁用了Javascript或Cookies,否则他们可以无障碍地访问您的网站。几乎所有的网站都需要Cookies和Javascript才能正常工作,因此很少有人会遇到这个问题。
这个安全系统也有助于保护你的网站免受恶意机器人攻击。然而,由于这个系统,某些应用程序的某些功能将无法正常工作。
哪些功能不支持?
由于这个安全系统,以下事情在免费主机上的网站将无法正常或完全工作。
通过安卓或iOS移动应用程序访问(移动浏览器也可以)。
对网站(如WordPress XML-RPC)的API访问。
从 cURL 或其他命令行客户端访问。
网站代码验证器和SEO检查器。
域名所有权验证检查,查看网站URL或HTML代码。一些网站管理员工具和广告网络会进行这种检查。
Let’s Encrypt 以及通过 Let’s Encrypt 提供证书的网站(如 sslforfree.com 或 zerossl.com)。
来自其他网站的AJAX请求(CORS)。AJAX请求仅能在相同的(子)域名上进行。
在其他网站上热链接和嵌入图像和其他(静态)文件。
我可能会遇到哪些错误?
当尝试使用不受支持的客户端访问您的网站时,您可能会看到以下错误之一:
403 禁止访问
此网站需要启用Javascript才能正常工作,请在浏览器中启用Javascript或使用支持Javascript的浏览器。
请求的资源上没有“Access-Control-Allow-Origin”头。
具体来说,像这样的内容会被发送到浏览器,以验证其是否支持Javascript:
<html><body><script type="text/javascript" src="/aes.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("f655ba9d09a112d4968c63579db590b4"),b=toNumbers("98344c2eee86c3994890592585b49f80"),c=toNumbers("d3c143e907c1d71f78f0018d7dbf3ac7");document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; location.href="https://hans.epizy.com/?i=2";</script><noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript></body></html>这个安全系统对我来说有什么好处?
这个安全系统的主要优势是它非常有效地阻止恶意机器人访问您的网站。互联网上有许多恶意爬虫在寻找安全问题来黑客您的网站,快速猜出登录详细信息以试图访问您网站的受保护部分,或者猛烈攻击未受保护的表单以发送垃圾邮件。这个安全系统几乎可以阻止所有这些恶意行为。
那些恶意机器人可能会消耗大量服务器资源,如果你使用过多的资源,可能会导致你的网站被暂停。因此,这个安全系统有助于确保普通合法的网站访客可以顺利访问你的网站。
搜索引擎爬虫还能访问我的网站吗?
尽管这些是自动化的脚本,搜索引擎爬虫仍然可以访问你的网站。所有流行搜索引擎的爬虫都可以执行Javascript代码并接受cookies。因此,搜索引擎不会对你网站的索引有任何问题,你的网站可以在搜索引擎结果中可见。
请注意,一些“搜索引擎验证器”脚本不支持Javascript和Cookies,这将报告您的网站无法访问。然而,这是验证工具的错误,并不会阻止搜索引擎爬虫正常工作。
如果您怀疑您的网站没有被搜索引擎正确索引,您可以注册使用像 谷歌 和 必应 这样的搜索引擎为网站管理员提供的服务。这样您就可以查看搜索引擎是否在访问您的网站时遇到任何问题。
我可以禁用这个安全系统吗?
不,这个安全系统是所有网站强制性的,无法禁用。
如果这个安全系统导致您的网站或应用程序在 InfinityFree 上无法按预期工作,请考虑将您的网站迁移到 高级主机。在高级主机上,这个安全系统不存在(您的网站将以更不打扰的方式受到保护),因此您可以使用其他客户端(如移动应用、自动验证工具等)访问您的网站,而这些客户端不是浏览器。
InfinityFree is a website hosting service. That means that the hosting accounts we provided are intended for hosting websites. Websites contain pages that are accessed through web browsers. InfinityFree is not intended to be used for file sharing, API hosting, database hosting or background tasks/tools.
To help enforce this, free hosting enforces a security system that makes sure that anyone trying to access your website is using a normal web browser. This is done by checking whether the web browser can execute Javascript code and can accept cookies.
Every modern web browser supports Javascript and cookies and can be used to access your website without any problems. Unless the visitor has specifically disabled Javascript or cookies in their browser, they can access your website without any problems. Almost all websites require cookies and Javascript to work correctly, so very few people will experience problems with this.
This security system also helps to protect your website against (malicious) bots. However, some functions of some applications won’t work correctly because of this system.
Which features are not supported?
Because of this security system, the following things will not work correctly or at all on websites on free hosting.
Access through Android or iOS mobile apps (mobile browsers work fine).
API access to websites (like WordPress XML-RPC).
Access from cURL or other command-line clients.
Website code validators and SEO checkers.
Domain ownership verification checks which look at website URLs or HTML code. Some webmasters tools and ad networks do this.
Let’s Encrypt and websites providing certificates through Let’s Encrypt (like sslforfree.com or zerossl.com).
AJAX requests from other websites (CORS). AJAX requests are only possible on the same (sub)domain.
Hotlinking and embedding images and other (static) files on other websites.
Which errors can I expect?
When trying to access your website with an unsupported client, you may see one of the following errors:
403 Forbidden
This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support
No ‘Access-Control-Allow-Origin’ header is present on the requested resource
Specifically, content like this is sent to the browser to validate whether it supports Javascript:
<html><body><script type="text/javascript" src="/aes.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("f655ba9d09a112d4968c63579db590b4"),b=toNumbers("98344c2eee86c3994890592585b49f80"),c=toNumbers("d3c143e907c1d71f78f0018d7dbf3ac7");document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; location.href="https://hans.epizy.com/?i=2";</script><noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript></body></html>How does this security system benefit me?
The main advantage of this security system is that it’s very effective at blocking bad bots from accessing your website. There are many malicious crawlers on the internet who are searching for security problems to hack your website, rapidly guess login details to try and access protected sections in your website or hammer unprotected forms to send spam. This security system stops almost all of them.
Those malicious bots could also use a lot of server power, which can cause your website to be suspended if you use too much of it. So this security system helps to make sure that regular, legitimate website visitors can access your site without any problems.
Can search engine crawlers still access my website?
Despite being automated scripts, search engine crawlers can still access your website. The crawlers of all popular search engines can execute Javascript code and accept cookies. So search engines will have no problems indexing your website and your site can be visible in search engine results.
Note that some “search engine validator” scripts do not support Javascript and cookies, and will report that your website is inaccessible. However, this is an error with the validator tool, and does not prevent search engine crawlers from working correctly.
If you suspect your site is not being indexed correctly by search engines, you may wish to sign up for the Webmasters service from search engines like Google and Bing. From there you will be able to see if the search engines have any problems accessing your site.
Can I disable this security system?
No, this security system is mandatory on all websites and cannot be disabled.
If this security system means your website or application does not work as expected on InfinityFree, please consider to moving your website to premium hosting. On premium hosting, this security system is not present (your website will be protected in less obtrusive ways), so you can access your website through other clients which are not browsers (like mobile apps, automated verification tools, etc.).
推荐本站淘宝优惠价购买喜欢的宝贝:
本文链接:https://www.hqyman.cn/post/12098.html 非本站原创文章欢迎转载,原创文章需保留本站地址!
微信支付宝扫一扫,打赏作者吧~休息一下~~
萌ICP备20248119号
