Jump to content

exposed88

Members
  • Content Count

    1
  • Joined

  • Last visited

Community Reputation

0 Neutral

About exposed88

  • Rank
    Newbie
  1. exposed88

    Block spam based on URLs they contain

    I can see it'll work with the URLs in plain text. However, I have seen two new types of spam that have evolved to outsmart this type of filtering. One is to show the URL in graphical format such at gif. This would require the recipeint to manually enter the URL to go to the support website. The second one is to use the unicode to write out the URL. Here's an example: <html><p><font face="Arial"><A hREf="https://web.da-us.citibank.com/signin/scripts/login/user_setup.jsp"><map'>https://web.da-us.citibank.com/signin/scripts/login/user_setup.jsp"><map name="FPMap0"><area coords="0, 0, 610, 395" shape="rect" href="http://%36%34%2E%31%36%32%2E%32%33%33%2E%38%31:%38%37/%63%69%74/%69%6E%64%65%78%2E%68%74%6D"></map><img SRC="cid:part1.00020306.00060307[at]supprefnum584210191[at]citibank.com" border="0" usemap="#FPMap0"></A></a></font></p><p><font color="#FFFFF5">Grinch in 1934 in 1948 The Simpsons Scooters USA Personals Black History Month don't go Get your News let me add we get on well Mariah Carey Warner Bross Majora's Mask The Beatles Zelda in 1870 Try to connect you settled How are you? Capital Punishment Ford I advise you </font></p></html> Notetice the URL "http://%36%34%2E%31%36%32%2E%32%33%33%2E%38%31:%38%37" is hidden but if you click on the legitimate "https://web.da-us.citibank.com/signin/scripts/login/user_setup.jsp" you will go to http://64.162.233.81:87. The IP is on the RBL, but is the URI filtering able to block it? Both techniques were actually used by the websites to hide their email addresses from the Spambot. How interesting!
×