![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SC-Help] Re: spamcop missing a link, sorta.
Mike Easter
MikeE at ster.invalid
Wed Sep 21 19:14:21 EDT 2005
DougW wrote:
> Thanks, I tried that with the last few spams and they parsed
> correctly. Odd. I don't like modifying the spam, but if that is what
> it takes till SC parses out the html target codes.... :/
No no no. The point of my talking about what can be done experimentally
doesn't mean you should be making material changes. You have to live
with SC's parsing of a spam; you don't get to change a spam to suit the
parser.
> Odd though, the # is used to tell the browser where to jump in the
> html page. It's not actually obfuscation unless the spammer
> wants to try example.com#joe.net in which case joe.net is the phony.
I don't like to call things 'bugs' which I don't see or understand. The
parser is a blackbox to me; all I can do is put something in one end
and get something out the other end and comment on that.
When I was messing with this earlier today, it appeared that SC was
handling urls with # 'obfuscating' badly.
Something is only a /successful/ obfuscation if it successfully
obfuscates. A ROT13 cipher is successful encoding if it baffles the
adversary. If all a spammer has to do to 'obfuscate' hir site against
SC provider notification is to put in a # jump, then it is a
'functional' obfuscation.
> This is how I use them on my pathetic excuse for a site.
> http://revbeergoggles.com/Fixes/diagnostics.html#sensors
The important thing is for it to work the way it is supposed to.
And, incidentally, SC will currently 'notify' for your site, including
the #:
Parsing input: http://revbeergoggles.com/Fixes/diagnostics.html#sensors
host revbeergoggles.com (checking ip) = 64.202.163.3
Reporting addresses:
abuse at godaddy.com
but it won't notify for the original url
Parsing input:
http://xkhimtxch.com.kwgv5jtht5bcagat65n2oq5gs5n5.pistledfcn.info#aomxjmg.com
host xkhimtxch.com.kwgv5jtht5bcagat65n2oq5gs5n5.pistledfcn.info
(checking ip) = 222.233.52.45
host 222.233.52.45 (getting name) no name
Cannot resolve
http://xkhimtxch.com.kwgv5jtht5bcagat65n2oq5gs5n5.pistledfcn.info#aomxjmg.com
No valid email addresses found, sorry!
but it will notify for the # removed url:
Parsing input:
http://xkhimtxch.com.kwgv5jtht5bcagat65n2oq5gs5n5.pistledfcn.info
host xkhimtxch.com.kwgv5jtht5bcagat65n2oq5gs5n5.pistledfcn.info
(checking ip) = 222.233.52.45
host 222.233.52.45 (getting name) no name
Routing details for 222.233.52.45
Reporting addresses:
abuse at hanaro.com
just like before.
--
Mike Easter
kibitzer, not SC admin
More information about the SpamCop-Help
mailing list