On 06/07/2014 02:02 AM, Karsten Bräckelmann wrote:
On Fri, 2014-06-06 at 23:50 +0200, Axb wrote:
[...] Anyone have some working rules they could share?
Pls note than any rule shared via lists usually looses its teeth within
a few hours .-)
Sorry, that's incorrect. The SA commits mailing list is not code only,
but includes rules/ and sandbox/ commits.
and how many 'public" static rules detect snowshoe spam? it's closer to
zero than anything else.
Pillz/replica/etc (the usual bot stuff) holds better against static
pattern rules.
Moreover, even by a very long stretch of "few hours", no regex or
general pattern based rule older than a year could possibly match
today's spam. That species exists, though.
That we know.. which is why autogenerated SOUGHT_ like rules are so useful.
With the lates waves of hacked site spam, there's hardly any static
patterns . Thanks to a nicely fed Bayes DB and fast acting IP/URI lists
the stuff stays under control.
