At 10:55 2004-04-28 +1200, Simon Byrnand wrote:
It's double-encoded. We can catch that easily. But first, my question -- does this *work* in an MUA, ie. should we? Simon, could you try it?
What you get is the image preview in google which consists of an image in the top frame, and the page that it came from in the bottom frame, and in the bottom frame was a link "click here for ......." so yes it definately does work...
I guess this is a 'framer' rather than a redirector. A url that points to a frameset that loads an external page specified in the query url in one of the frames.
For all practical purposes it's similar to a redirector, but with complications.
The http response code from a GET request using the url will not indidate that it's a redirector.
For a user loading the page in a browser, the adress of the spamvertized website will not be visible in the location bar.
For some spammers, this would probably be prefered over traditional redirectors.
Patrik
On Wed, Apr 28, 2004 at 01:26:48AM +0200, Patrik Nilsson wrote:
At 10:55 2004-04-28 +1200, Simon Byrnand wrote:
It's double-encoded. We can catch that easily. But first, my question
--
does this *work* in an MUA, ie. should we? Simon, could you try it?
What you get is the image preview in google which consists of an image in the top frame, and the page that it came from in the bottom frame, and in the bottom frame was a link "click here for ......." so yes it definately does work...
I guess this is a 'framer' rather than a redirector. A url that points to a frameset that loads an external page specified in the query url in one of the frames.
I think this is a case where we can only catch such a case by parsing the path for things that look like a url since we won't get any valuable information based on the GET itself.
--eric
For all practical purposes it's similar to a redirector, but with complications.
The http response code from a GET request using the url will not indidate that it's a redirector.
For a user loading the page in a browser, the adress of the spamvertized website will not be visible in the location bar.
For some spammers, this would probably be prefered over traditional redirectors.
Patrik
Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
-
Eric Kolve -
Patrik Nilsson