On Fri, Apr 23, 2004 at 12:55:52AM -0700, Jeff Chan wrote:
On Tuesday, April 20, 2004, 10:51:55 PM, Eric Kolve wrote:
I have just released SpamCopURI version 0.11. This fixes a few bugs that had been reported and adds open redirect resolution.
This basically takes a URL from say rd.yahoo.com and attempts to resolve the Location header without ever fetching from the potential spammy site.
Only the URLs that have hosts that match an address list get redirect resolution. As well, redirect resolution is off by default, but can be enabled in the conf file. I have placed several open redirect sites in the conf file. The basic requirement is that the redirect return a 300 level HTTP response when fetching. I placed google.com in there even though they don't have their own redirect domain, but this should be fairly safe since most if not all google URLs are either redirects or searches. Give it a try and tell me what you think. This is all dependent upon LWP, but if you don't have LWP everything else will function as it did before.
Eric, you may want to share your redirection resolution strategies with the 3.0 developers. I haven't heard Justin getting beyond patterns yet. ;-)
I will mention it to SA-dev once I and a few others have run it for a little while.
I am not sure they will incorporate since I have seen discussion on their list of handling redirects and generally they are not interested in doing any kind of network lookup for fear of timeouts, slowdowns, etc. We will see...
--eric
Jeff C.
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss