cputerace Posted July 7, 2005 Share Posted July 7, 2005 If you dont know, TinyURL allows a long URL to be shortened to the form: http://tinyurl.com/7tdqy Spammers have started using this to mask their spammed URL. Currently, TinyURL and its ISP get the spam reports. How hard would it be to have the engine follow the redirect from tinyURL URL's it sees and instead report on the redirected URL? -Mike Link to comment Share on other sites More sharing options...
Jank1887 Posted July 8, 2005 Share Posted July 8, 2005 How hard would it be29977[/snapback] I didn't write the code, but I'll assume it's not overly trivial without following the actual link, which could have embedded identifiers in it, which would verify your email address to the spammer. Plus, SC would then be dependent on contacting another server before it could process the spam. Now, it's possible that SC could somehow set up a system with TinyURL whereby it could access the database without actually activating the link (i.e., spam server never knows). But that's another whole level of complexity. And as has been mentioned previously, finding the spamvertised website source is a secondary goal. If TinyURL gets annoyed, it can request that it not receive the reports. Link to comment Share on other sites More sharing options...
Jank1887 Posted July 8, 2005 Share Posted July 8, 2005 sorry to double post but, from the TinyURL TOS: Terms of use: TinyURL was created as a free service to make posting long URLs easier. Using it for spamming or illegal purposes is forbidden and any such use will result in the TinyURL being disabled and you will be reported to all ISPs involved and to the proper governmental agencies. This service is provided without warranty of any kind. so, they might actually be happy getting the report, and they say they'll deactivate and report appropriately. So even the spamsite has a spam friendly ISP that would leave the site up, killing the TinyURL would kill all the spammed links to the site, and be very effective in drying up the well, so to speak. Link to comment Share on other sites More sharing options...
Jeff G. Posted July 9, 2005 Share Posted July 9, 2005 I am still in favor of notifying redirection providers as well as actual webhosts, whether the redirection providers are yahoo, tinyurl, makeashorterlink, or anyone else. Link to comment Share on other sites More sharing options...
Jank1887 Posted July 11, 2005 Share Posted July 11, 2005 I am still in favor of notifying redirection providers as well as actual webhosts,30040[/snapback] me too, but if I remember correctly, yahoo and others haven't disguised the destination. It's still embedded in the redirect link, no? So a little string manipulation code gets you the actual destination. TinyURL doesn't have that, so you'll need to interact directly with them and their servers to make that happen, which sounds like a non-trivial task on many fronts. Link to comment Share on other sites More sharing options...
qjvgpuryy Posted July 11, 2005 Share Posted July 11, 2005 I am still in favor of notifying redirection providers as well as actual webhosts, whether the redirection providers are yahoo, tinyurl, makeashorterlink, or anyone else. 30040[/snapback] Like snipurl. Link to comment Share on other sites More sharing options...
kuso.cc Posted August 25, 2005 Share Posted August 25, 2005 me too, but if I remember correctly, yahoo and others haven't disguised the destination. It's still embedded in the redirect link, no? So a little string manipulation code gets you the actual destination. TinyURL doesn't have that, so you'll need to interact directly with them and their servers to make that happen, which sounds like a non-trivial task on many fronts. 30095[/snapback] Or http://kuso.cc/ I'm the KUSO.CC webmaster So far I had receive two messages from SpamCop and it is the same problem on how to detect the mail spamer using our service to short their URL Link to comment Share on other sites More sharing options...
StevenUnderwood Posted August 25, 2005 Share Posted August 25, 2005 Or http://kuso.cc/ I'm the KUSO.CC webmaster So far I had receive two messages from SpamCop and it is the same problem on how to detect the mail spamer using our service to short their URL 31988[/snapback] Is it possible to create an interface to allow spamcop easy access to the original link or something? If possible, you may want to contact the deputies<at>spamcop.net to see if they (Julian) are interested in such an interface. I would still expect you to receive a report about the use of your link in the spam, but it would allow reports to go to the actual host of the spam as well. Link to comment Share on other sites More sharing options...
Farelf Posted December 14, 2006 Share Posted December 14, 2006 Haven't heard anything about the abuse of tinyurl to mask links lately but it seems still to be going on: http://www.spamcop.net/sc?id=z1166068052z5...b461c79c15cbdbz I think the incidence must be quite low? Link to comment Share on other sites More sharing options...
MightyYar Posted October 25, 2007 Share Posted October 25, 2007 How hard would it be to have the engine follow the redirect from tinyURL URL's it sees and instead report on the redirected URL? I know that this topic is old, but I have been getting a lot of tinyurl spam lately. Recently (or maybe not so recently?) they added an option that allows you to to a reverse lookup rather than just blindly following the link. The url to get the reverse lookup is: http://tinyurl.com/preview.php?num=xxxxx where the xxxxx represents the tinyurl link. It would be trivial to scrape the resulting page for this address, though I doubt that spamcop wants to get into the scraping business. For now, I resolve the url myself and manually add the host of the site to the "user" email field... is this a good idea? Link to comment Share on other sites More sharing options...
turetzsr Posted October 26, 2007 Share Posted October 26, 2007 <snip> For now, I resolve the url myself and manually add the host of the site to the "user" email field... is this a good idea? ...A couple of questions: How do you determine the e-mail address of the host? Do you add a note somewhere so that whoever reads the complaint knows why you are reporting to her/him? Link to comment Share on other sites More sharing options...
MightyYar Posted October 26, 2007 Share Posted October 26, 2007 How do you determine the e-mail address of the host? I run the un-obfuscated url through spamcop directly and cut-and-paste the contact email. Do you add a note somewhere so that whoever reads the complaint knows why you are reporting to her/him? D'oh! No, and I should have thought to do that! Link to comment Share on other sites More sharing options...
turetzsr Posted October 29, 2007 Share Posted October 29, 2007 <snip> How do you determine the e-mail address of the host? <snip> I run the un-obfuscated url through spamcop directly and cut-and-paste the contact email. <snip> ...Sounds like you're on the right track! ...Follow-up question: how do you get from the parser output that results from running the url through SpamCop to the parse of the original spam to add the address? Two browser windows? If so, I see no problem with what you're doing. However, I would suggest you pass it by the SpamCop Deputies (deputies[at]admin.spamcop.net) to get their okay. Link to comment Share on other sites More sharing options...
ahoier Posted November 10, 2007 Share Posted November 10, 2007 I've seen a couple other redirectors being used...particularly geocities, linkshield, hyperurl, and redirx...in order to "hide" the spamvertized URLs....but I think most of these URL services probably take removal requests more seriously than the spamvertized site hosts themselves; I mean how many reports have you sent to contact addresses in China/Japan/Russia/Romania...? They are still alive From my reporting experience, GeoCities seems to take down pages within 12 hours of notice (give or take, on the weekends...) Google is touchy, they don't take abuse reports via e-mail, but have had good success reporting and removing GooglePages spam using the form at http://www.google.com/support/pages/bin/re...pe=abuse_spam... Who knows, maybe someone could make a java scri_pt bookmarklet that could auto-fill in the Name, Address fields, leaving us to only need to fill in the URL and paste-in of the full headers...? Blogspot blogs also appear in spam on ocassion, for them, they want reports filed at http://help.blogger.com/?page=troubleshoot...Submit=Continue - far simpler form than the GooglePages form If you are interested in reporting spamvertized domains - you will probably have better luck using the Complainterator program over at complainterator.com - which allows complaining directly to the registrar and name servers allowing these domains access on the Internet. Link to comment Share on other sites More sharing options...
MightyYar Posted November 12, 2007 Share Posted November 12, 2007 Follow-up question: how do you get from the parser output that results from running the url through SpamCop to the parse of the original spam to add the address? Two browser windows? If so, I see no problem with what you're doing. However, I would suggest you pass it by the SpamCop Deputies (deputies[at]admin.spamcop.net) to get their okay. Somehow I missed your message, so sorry for the late reply. Yes, I was using two tabs - one for running the "resolved" addresses through and one for the actual spam. Lots of cutting and pasting Since that flurry that I had, I haven't had any more spams with tinyurl redirects, so I haven't emailed the deputies - but I will take your advice and do that if they start up again. Thanks! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.