On 03/10/2018 10:57 AM, Rob McEwen wrote:
On 3/10/2018 11:43 AM, Matus UHLAR - fantomas wrote:
On 3/10/2018 11:22 AM, Matus UHLAR - fantomas wrote:
this is apparently not the case of one url redirector (shortener)
points to
another shortener.
I really hope that the DecodeShortURLs only checks fopr redirection
at those
known redirectors (shorteners), not each http->https shortener and only
evaluates redirection between them, ignoring http->https redirects
On 10.03.18 11:32, Rob McEwen wrote:
But also keep in mind that it is NOT rare for the initial shortner
found in a spam... to redirect to a spammer's page (that isn't a URL
shortner), then THAT page then redirects to the spammer's OTHER page
(that isn't a URL shortner)... where the FIRST one is NOT blacklisted
very many places... but the second page (that is often the final
destination)... *is* heavily blacklisted. Often, the first page is
hosted at a legit site that was hacked into by criminal spammers -
and is HARDER for blacklists to list due to their good reputation.
isn't this thread and the plugin discussed about shorteners?
I am aware of other possibilities to do redirects and about
consequencies of
following them.
note that for following the redirect, the destination must be
configured via
url_shortener directive.
what I wonder is, if there's real value in following the redirects.
(and if the following stops when the URL is blacklisted, since we're done
here).
The URL shortner follower plugin that Steve Freegard wrote... ALREADY
follows my suggestions about following non-shortner redirects (after the
initial shortner redirect). (except I'm not sure it already does my
https suggestion?) ...and for good reason. You're tremendously
undervaluing or just not understanding my last post. I suggestion you
re-read it a couple of times. This tactic I mentioned that spammers
use... is COMMON, and not following my last suggestion opens up a big
loophole for spammers. Such spammers would be delighted by your last
comment... and Steve Freegard went a different route for good reason.
Keep in mind, I haven't veered off-topic because we're STILL talking
about a possible chain of redirects that was still STARTED by a URL
shortner.
I have Steve Freegard's DecodeShortURLs.pm installed but didn't get any
HAS_SHORT_URL hits on this one:
https://pastebin.com/t85b0Bns
I don't see much that can be done other than training Bayes which will
probably not help the next variation of this junk. I have reported to
Spamcop and Microsoft -- they MUST do a better job of outbound mail
filtering!
--
David Jones