On Fri, 27 Feb 2004 21:14:21 -0500 (EST), Carl R. Friend wrote:
> On Fri, 27 Feb 2004, Alton Danks wrote:
>
>> I'm seeing some SPAM that has odd href tags like the following:
>>
>> align="center"><a hrefShanghaishref=http://cowerers.com href=
>>
>> "http://www.nungim.com/?ai=7030 ">
>
> [...]
>
>> I've tried:
>>
>> rawbody CTS_HREF /\bhref[a-z]\b/i
>
> Give /<a .{0,32}href[^=]/i a go. That's what I use here.
> The general idea is to scan for the <A anchor and look for an
> href that's followed by anything *other* than an equals sign
> within zero to 32 characters. That should bag your spammer.
>
Hi,
This gives several FP's here so maybe /<a .{0,32}href[^ =]/i would be
better?
Kind regards,
Mat
