John D. Hardin wrote:
On Mon, 24 Jul 2006, Daryl C. W. O'Shea wrote:
I assume that means the redirector_pattern I suggested is not
necessary?
Right. Anything that would match (https?:\/\/.*) is already taken care
of by SA internally.
The problem is that SA doesn't then go on to do chec
Jeff Chan wrote:
On Monday, July 24, 2006, 1:34:35 AM, Daryl O'Shea wrote:
Being a simple visible redirector, SA actually does detect it:
[7375] dbg: uri: cleaned html uri,
http://1092229727:/https-www.paypal.com/webscrr/index.php
[7375] dbg: uri: html domain, google.com
The problem i
On Mon, 24 Jul 2006, Daryl C. W. O'Shea wrote:
> > > href="http://www.google.com/pagead/iclk?sa=l&ai=Br3ycNQz5Q-fXBJGSiQLU0eDSAueHkArnhtWZAu-FmQWgjlkQAxgFKAg4AEDKEUiFOVD-4r2f-P8BoAGyqor_A8gBAZUCCapCCqkCxU7NLQH0sz4&num=5&adurl=http://1092229727:/https-www.paypal.com/webscrr/index.php";>Cli
On Monday, July 24, 2006, 1:34:35 AM, Daryl O'Shea wrote:
> Being a simple visible redirector, SA actually does detect it:
> [7375] dbg: uri: cleaned html uri,
> http://1092229727:/https-www.paypal.com/webscrr/index.php
> [7375] dbg: uri: html domain, google.com
> The problem is that SA doe
John D. Hardin wrote:
This wasn't detected as a redirector attack by 3.1.3, running
sa-update weekly:
{snippage}
http://www.google.com/pagead/iclk?sa=l&ai=Br3ycNQz5Q-fXBJGSiQLU0eDSAueHkArnhtWZAu-FmQWgjlkQAxgFKAg4AEDKEUiFOVD-4r2f-P8BoAGyqor_A8gBAZUCCapCCqkCxU7NLQH0sz4&num=5&adurl=http://10
This wasn't detected as a redirector attack by 3.1.3, running
sa-update weekly:
-- Forwarded message --
Return-Path: <[EMAIL PROTECTED]>
X-Spam-DCC: _DCCB_: _DCCR_
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.3 (2006-06-01) on ga.impsec.org
X-Spam-Level: