That didn't seem to work. I got redirected to http://images.google.com/images.
The hex encoded url is supposed to go to:
http://www.REMOVEexpage.com/manger
with REMOVE taken out.
I don't know if this means we would always be playing catch up, since I believe the number of redirectors that they can exploit will steadily decline as we plug holes.
As well, just because one new redirector is found, doesn't mean the spamming community at large knows about it or knows they need to switch. Most will continue to use rd.yahoo.com, g.msn.com, etc. not knowing they need to switch.
If the problem of open redirectors becomes endemic, we could have another RHSRBL that we could look up URLs against to determine whether they are an open redirector. This would tell us whether we should try to resolve the redirect and could change dynamically as we discovered new ones much the same way URLs are added to the standard blacklist.
--eric
On Wed, Apr 28, 2004 at 10:13:48AM +1200, Simon Byrnand wrote:
Just spotted the following redirected URL in a spam. Doesn't look like it will be getting caught yet with the current redirector rules:
http://images.google.ca/imgres?imgurl=gmib.free.fr/viagra.jpg&imgrefurl=...
Using images.google.ca as a redirector ? Thats a new one.... I'm not game to click on the link to see where it goes though... its from the same spammer that was blatently abusing the yahoo redirectors and msn ones...
Is this a sign that the current system used in SpamCopURI (checking HTTP responses of specifically mentioned redirectors) is just going to play catchup all the time ?
Regards, Simon
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss