new spam getting through

[Steve Freegard]

On 05/12/10 22:47, Gerard Cleary wrote:
> On Sat, 4 Dec 2010 13:15:25 Noel Butler wrote:
>> Likewise, no errors here, only running since late last night so haven't
>> checked to see how effective, but by a quick look at it, it should help
>> a lot with short urls (thanks Steve)
>>
> I want to add my hearty thanks to Steve as well. I put the files in on Friday
> afternoon (I know, you're not supposed to do silly things like that, but I
> checked it for the next hour and all was OK.)
> Over the weekend, it trapped 313 spams !!  Very effective indeed.

Excellent - I'm glad it's working well for you and to everyone else that 
replied that it's working for them.

The thing to do is check /tmp/DecodeShortURLs.txt for nasty domains that 
you can block locally as not all of the obviously bad decoded short URLs 
are finding their into the URI blacklists at the moment (credit where 
it's due to SURBL who seem better at this than URIBL currently).

I'm finding this rule is working out well on a number of FSL sites:

uri FSL_URI_REFER_CCBIL  /refer\.ccbill\.com/
describe FSL_URI_REFER_CCBIL  Links to refer.ccbill.com
score FSL_URI_REFER_CCBIL 4.0

Everyone can help improve this plug-in in the following ways:

1) Let me know if you find any new URL shorteners that are not listed in 
DecodeShortURLs.cf so I can add them to the supplied URL shortener list.

2) If you see any new shortener blocks (this is where a page is 
redirected to an abuse/blocked page for that particular shortener hash). 
  For example you can see I have definitions in the file for BITLY, 
SIMURL and MEGRE - there will surely be others that I've missed or do 
not know about; again - let me know as the more of these I can get mean 
that if a service blocks a shortened URL; you'll score it highly without 
worrying about potential FPs.

3) Report any bugs to me.

Kind regards,
Steve.