From spam today:
a
href=http://66.196.80.202/babelfish/translate_url_content?.intl=uslp=es_entrurl=http://johnnie2006.mcafaloj%2E%63%6E;
style=text-decoration: none; color: #0099ff;click here/a
Double obfuscation-- first the indirect through 66.196.80.202 (yahoo) and
then %2E%63%6E for
On Mon, 2009-10-05 at 11:06 -0400, Joseph Brennan wrote:
Double obfuscation-- first the indirect through 66.196.80.202 (yahoo) and
then %2E%63%6E for .cn
Without checking -- I believe, all you need is a redirector_pattern for
the IP redirector, to extract the target URI. The list of URIs should
On Mon, 5 Oct 2009, Joseph Brennan wrote:
From spam today:
a
href=http://66.196.80.202/babelfish/translate_url_content?.intl=uslp=es_entrurl=http://johnnie2006.mcafaloj%2E%63%6E;
style=text-decoration: none; color: #0099ff;click here/a
Double obfuscation-- first the indirect through
On Mon, 2009-10-05 at 08:27 -0700, John Hardin wrote:
I guess that's an argument against anchoring CN_EIGHT at the beginning of
the URI...
No, it is not.
It's an argument for a new redirector_pattern. The extracted target URIs
are provided for uri rules.
Or alternatively, seriously kicking
On man 05 okt 2009 17:06:19 CEST, Joseph Brennan wrote
Double obfuscation-- first the indirect through 66.196.80.202 (yahoo) and
then %2E%63%6E for .cn
yahoo accept content to be on there ip ?
lets blcok that ip so
--
xpoint
On man 05 okt 2009 17:16:06 CEST, Karsten Bräckelmann wrote
Without checking -- I believe, all you need is a redirector_pattern for
the IP redirector, to extract the target URI. The list of URIs should
also contain a cleaned version of the extracted target URI, with the
escapes converted.
i
On 10/05/2009 11:27 AM, John Hardin wrote:
Warren:
I guess that's an argument against anchoring CN_EIGHT at the beginning
of the URI...
I wasn't the one that suggested anchoring.
Did the old rule decode %2E%63%6E as .cn though?
Warren
On Mon, 2009-10-05 at 19:56 +0200, Benny Pedersen wrote:
On man 05 okt 2009 17:16:06 CEST, Karsten Bräckelmann wrote
Without checking -- I believe, all you need is a redirector_pattern for
the IP redirector, to extract the target URI. The list of URIs should
also contain a cleaned version
On Mon, 2009-10-05 at 11:21 -0700, John Hardin wrote:
On Mon, 5 Oct 2009, Warren Togami wrote:
Did the old rule decode %2E%63%6E as .cn though?
The URI parser does that for you:
[11433] dbg: rules: ran uri rule ALL_URI == got hit:
http://fnord:b...@321%2e%63%6e;
[11433] dbg:
On Mon, 5 Oct 2009, Karsten Br�ckelmann wrote:
On Mon, 2009-10-05 at 19:56 +0200, Benny Pedersen wrote:
On man 05 okt 2009 17:16:06 CEST, Karsten Bräckelmann wrote
Without checking -- I believe, all you need is a redirector_pattern for
the IP redirector, to extract the target URI. The list
10 matches
Mail list logo
