[SURBL-Discuss] Re: Heads up: new open redirecters and new spammer trick for urls

John Hardin johnh at aproposretail.com
Mon May 17 11:50:26 CEST 2004


On Sun, 2004-05-16 at 01:46, John Fawcett wrote:


> In order to obtain the 302 code the browser sees
> 2 things are necessary:
> 1. Add a / before the * (That is the correct format for
> yahoo redirection)
> 2. Change the hTtP:\\ to hTtP:// (The mixed case is not a problem)

I think fixing all backslashes to forward slashes in the URL before
processing by SURBL would deal with both cases.

Are (unescaped or unencoded) backslashes even *valid* in URLs?

> Here's the URL. I didn't even munge it, since it should get
> past the filters.
> 
> <a
> href="http://eur.rd.yahoo.com/electric\croydon\laity\otherworldly\phonetic\e
> xplicit\mountaineer\integrable\isadore\wangle\zounds\contumacy\embedded\sang
> uine\arrangeable\duane\malarial\bremsstrahlung\freshmen\windup\spoon\accompa
> ny\soldier\throb\boil\harrisburg\quartz\throne\giddap\waistcoat\guzzle\whoop
> \abreast\corral\latrobe\ct\castor\gallup\click\cretinous\alcoa\lysine\wheelc
> hair\levy\embedded\faint\floodlight\elmer\fiesta\pistachio\pulp\suppress\fle
> awort\flick\topcoat\brain\prom\bill\knife\serene\*hTtP:\\7Wv2eg82o19X.zbxra1
> .com/gp/iNdeX.ASP?id=BW"
> target="_blank"><b>hit this</b></a>

--
John Hardin  KA7OHZ                           
Internal Systems Administrator                    voice: (425) 672-1304
Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
-----------------------------------------------------------------------
  ...the Fates notice those who buy chainsaws...
                                             -- www.darwinawards.com
-----------------------------------------------------------------------
 58 days until Apropos Forum 2004



More information about the Discuss mailing list