Follow TinyURL Redirection

[cputerace]

If you dont know, TinyURL allows a long URL to be shortened to the form:

http://tinyurl.com/7tdqy

Spammers have started using this to mask their spammed URL.

Currently, TinyURL and its ISP get the spam reports.

How hard would it be to have the engine follow the redirect from tinyURL URL's it sees and instead report on the redirected URL?

-Mike

[Jank1887]

How hard would it be

29977[/snapback]

I didn't write the code, but I'll assume it's not overly trivial without following the actual link, which could have embedded identifiers in it, which would verify your email address to the spammer. Plus, SC would then be dependent on contacting another server before it could process the spam.

Now, it's possible that SC could somehow set up a system with TinyURL whereby it could access the database without actually activating the link (i.e., spam server never knows). But that's another whole level of complexity. And as has been mentioned previously, finding the spamvertised website source is a secondary goal. If TinyURL gets annoyed, it can request that it not receive the reports.

[Jank1887]

sorry to double post but,

from the TinyURL TOS:

Terms of use:

TinyURL was created as a free service to make posting long URLs easier. Using it for spamming or illegal purposes is forbidden and any such use will result in the TinyURL being disabled and you will be reported to all ISPs involved and to the proper governmental agencies. This service is provided without warranty of any kind.

so, they might actually be happy getting the report, and they say they'll deactivate and report appropriately. So even the spamsite has a spam friendly ISP that would leave the site up, killing the TinyURL would kill all the spammed links to the site, and be very effective in drying up the well, so to speak.

[Jeff G.]

I am still in favor of notifying redirection providers as well as actual webhosts, whether the redirection providers are yahoo, tinyurl, makeashorterlink, or anyone else.

[Jank1887]

I am still in favor of notifying redirection providers as well as actual webhosts,

30040[/snapback]

me too, but if I remember correctly, yahoo and others haven't disguised the destination. It's still embedded in the redirect link, no? So a little string manipulation code gets you the actual destination. TinyURL doesn't have that, so you'll need to interact directly with them and their servers to make that happen, which sounds like a non-trivial task on many fronts.

[qjvgpuryy]

I am still in favor of notifying redirection providers as well as actual webhosts, whether the redirection providers are yahoo, tinyurl, makeashorterlink, or anyone else.

30040[/snapback]

Like snipurl.

[kuso.cc]

me too, but if I remember correctly, yahoo and others haven't disguised the destination.  It's still embedded in the redirect link, no?  So a little string manipulation code gets you the actual destination.  TinyURL doesn't have that, so you'll need to interact directly with them and their servers to make that happen, which sounds like a non-trivial task on many fronts.

30095[/snapback]

Or http://kuso.cc/

I'm the KUSO.CC webmaster

So far I had receive two messages from SpamCop

and it is the same problem on how to detect the mail spamer

using our service to short their URL

[StevenUnderwood]

Or http://kuso.cc/

I'm the KUSO.CC webmaster 

So far I had receive two messages from SpamCop

and it is the same problem on how to detect the mail spamer

using our service to short their URL 

31988[/snapback]

Is it possible to create an interface to allow spamcop easy access to the original link or something? If possible, you may want to contact the deputies<at>spamcop.net to see if they (Julian) are interested in such an interface. I would still expect you to receive a report about the use of your link in the spam, but it would allow reports to go to the actual host of the spam as well.

[Farelf]

Haven't heard anything about the abuse of tinyurl to mask links lately but it seems still to be going on: http://www.spamcop.net/sc?id=z1166068052z5...b461c79c15cbdbz I think the incidence must be quite low?

[MightyYar]

How hard would it be to have the engine follow the redirect from tinyURL URL's it sees and instead report on the redirected URL?

I know that this topic is old, but I have been getting a lot of tinyurl spam lately. Recently (or maybe not so recently?) they added an option that allows you to to a reverse lookup rather than just blindly following the link. The url to get the reverse lookup is: http://tinyurl.com/preview.php?num=xxxxx where the xxxxx represents the tinyurl link. It would be trivial to scrape the resulting page for this address, though I doubt that spamcop wants to get into the scraping business.

For now, I resolve the url myself and manually add the host of the site to the "user" email field... is this a good idea?

[turetzsr]

<snip>

For now, I resolve the url myself and manually add the host of the site to the "user" email field... is this a good idea?

...A couple of questions:

• How do you determine the e-mail address of the host?
  
• Do you add a note somewhere so that whoever reads the complaint knows why you are reporting to her/him?
  

[MightyYar]

How do you determine the e-mail address of the host?

I run the un-obfuscated url through spamcop directly and cut-and-paste the contact email.

Do you add a note somewhere so that whoever reads the complaint knows why you are reporting to her/him?

D'oh! No, and I should have thought to do that!

[turetzsr]

<snip>

How do you determine the e-mail address of the host?

<snip>

I run the un-obfuscated url through spamcop directly and cut-and-paste the contact email.

<snip>

...Sounds like you're on the right track!

...Follow-up question: how do you get from the parser output that results from running the url through SpamCop to the parse of the original spam to add the address? Two browser windows? If so, I see no problem with what you're doing. However, I would suggest you pass it by the SpamCop Deputies (deputies[at]admin.spamcop.net) to get their okay.

[ahoier]

I've seen a couple other redirectors being used...particularly geocities, linkshield, hyperurl, and redirx...in order to "hide" the spamvertized URLs....but I think most of these URL services probably take removal requests more seriously than the spamvertized site hosts themselves; I mean how many reports have you sent to contact addresses in China/Japan/Russia/Romania...? They are still alive

From my reporting experience, GeoCities seems to take down pages within 12 hours of notice (give or take, on the weekends...)

Google is touchy, they don't take abuse reports via e-mail, but have had good success reporting and removing GooglePages spam using the form at http://www.google.com/support/pages/bin/re...pe=abuse_spam...

Who knows, maybe someone could make a java scri_pt bookmarklet that could auto-fill in the Name, Address fields, leaving us to only need to fill in the URL and paste-in of the full headers...?

Blogspot blogs also appear in spam on ocassion, for them, they want reports filed at http://help.blogger.com/?page=troubleshoot...Submit=Continue - far simpler form than the GooglePages form

If you are interested in reporting spamvertized domains - you will probably have better luck using the Complainterator program over at complainterator.com - which allows complaining directly to the registrar and name servers allowing these domains access on the Internet.

[MightyYar]

Follow-up question: how do you get from the parser output that results from running the url through SpamCop to the parse of the original spam to add the address? Two browser windows? If so, I see no problem with what you're doing. However, I would suggest you pass it by the SpamCop Deputies (deputies[at]admin.spamcop.net) to get their okay.

Somehow I missed your message, so sorry for the late reply.

Yes, I was using two tabs - one for running the "resolved" addresses through and one for the actual spam. Lots of cutting and pasting

Since that flurry that I had, I haven't had any more spams with tinyurl redirects, so I haven't emailed the deputies - but I will take your advice and do that if they start up again.

Thanks!