Help with a filter |
Post Reply ![]() |
Author | |
corymckee ![]() Newbie ![]() Joined: 10 June 2007 Status: Offline Points: 31 |
![]() ![]() ![]() ![]() ![]() Posted: 15 August 2007 at 11:36am |
We are getting a lot of email through the filter with similar text:
Mother(ish@jp.fid-intl.com) has created Holiday card for you at lakecards.com. To see your custom Holiday card, simply click on the following link: Send a FREE greeting card from lakecards.com whenever you want by visiting us at: This service is provided and hosted by lakecards.com. |
|
![]() |
|
Roman ![]() Newbie ![]() Joined: 04 November 2005 Location: Russian Federation Status: Offline Points: 32 |
![]() ![]() ![]() ![]() ![]() |
((?i)http://{1,3}\d\.{1,3}\d\.{1,3}\d\.{1,3}\d/) should make it
Edited by Roman - 15 August 2007 at 11:56am |
|
![]() |
|
corymckee ![]() Newbie ![]() Joined: 10 June 2007 Status: Offline Points: 31 |
![]() ![]() ![]() ![]() ![]() |
Thanks for the quick reply.
|
|
![]() |
|
Thermo ![]() Newbie ![]() Joined: 10 July 2006 Location: Canada Status: Offline Points: 25 |
![]() ![]() ![]() ![]() ![]() |
I am testing this in SFI RegEx Testing area, I removed the parenthesis as per the instructions and put in http://209.65.55.50 in the search pane I just get the result Not Found.
Am I doing something wrong in my testing. Thanks. |
|
![]() |
|
Roman ![]() Newbie ![]() Joined: 04 November 2005 Location: Russian Federation Status: Offline Points: 32 |
![]() ![]() ![]() ![]() ![]() |
Not "http://209.65.55.50" but "http://209.65.55.50/".
Or remove the last "/" in regexp. |
|
![]() |
|
Thermo ![]() Newbie ![]() Joined: 10 July 2006 Location: Canada Status: Offline Points: 25 |
![]() ![]() ![]() ![]() ![]() |
I noticed my missing "/" in my search pane just after posting so I tried it with it in but it made no difference. Any ideas?
Thanks |
|
![]() |
|
Roman ![]() Newbie ![]() Joined: 04 November 2005 Location: Russian Federation Status: Offline Points: 32 |
![]() ![]() ![]() ![]() ![]() |
my bad:
((?i)http://\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/) ![]() Edited by Roman - 15 August 2007 at 3:39pm |
|
![]() |
|
Desperado ![]() Senior Member ![]() ![]() Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
![]() ![]() ![]() ![]() ![]() |
Hmmm ... My 2 cents
((?i)http(s?)://([\d]{1,3}[\.+]){3}[\d]{1,3}/)
|
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
|
![]() |
|
Thermo ![]() Newbie ![]() Joined: 10 July 2006 Location: Canada Status: Offline Points: 25 |
![]() ![]() ![]() ![]() ![]() |
That did it, Thanks.
I have to learn RegEx. |
|
![]() |
|
Roman ![]() Newbie ![]() Joined: 04 November 2005 Location: Russian Federation Status: Offline Points: 32 |
![]() ![]() ![]() ![]() ![]() |
m-m-m, recursion :)
but why "[]" and "+", isn't ((?i)http(s?)://(\d{1,3}\.){3}\d{1,3}/) enough? |
|
![]() |
|
Desperado ![]() Senior Member ![]() ![]() Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
![]() ![]() ![]() ![]() ![]() |
Old habbits die hard! I tend to program in Perl and often to go cross-platform, I need to get VERY picky. As the horrible saying goes ... "there is more than one way to skin a cat". (I hope the ASPCA doesn't read this)
|
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
|
![]() |
|
Roman ![]() Newbie ![]() Joined: 04 November 2005 Location: Russian Federation Status: Offline Points: 32 |
![]() ![]() ![]() ![]() ![]() |
I see. I've just asked to be sure I'm not missing something.
|
|
![]() |
|
Desperado ![]() Senior Member ![]() ![]() Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
![]() ![]() ![]() ![]() ![]() |
You could also modify it as below in case the Spam Site in NOT on port 80
((?i)http(s?)://(\d{1,3}\.){3}\d{1,3}(:|/))
OR ... just leave the last part off and any http request to an IP address will also get wacked.
|
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
|
![]() |
|
IKILLSPAM1 ![]() Groupie ![]() Joined: 02 May 2007 Location: United States Status: Offline Points: 70 |
![]() ![]() ![]() ![]() ![]() |
Ive also recently put in some regex to block emails with numeric hyperlinks in them. every little bit helps i guess. its blocked about 15 emails since yesterday.
I wish I had the time and will power to learn regex as well. I was trying to find a good regex to deal with the pdf crap but wasnt able to. Im seeing people like to keep their regex's safe from spammer eyes. If anyone wants to share their regex's id be honored!
|
|
![]() |
|
Desperado ![]() Senior Member ![]() ![]() Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
![]() ![]() ![]() ![]() ![]() |
All,
One issue I have with the above RegEx's (which I use and get thousands of blocks) is that I also scan headers and Barracudas put a screwy header in which causes a block. Example:
X-Barracuda-URL: http://198.136.134.18:8000/cgi-bin/mark.cgi I have yet to understand *why* the header is even added.
|
|
The Desperado
Dan Seligmann. Work: http://www.mags.net Personal: http://www.desperado.com |
|
![]() |
|
IKILLSPAM1 ![]() Groupie ![]() Joined: 02 May 2007 Location: United States Status: Offline Points: 70 |
![]() ![]() ![]() ![]() ![]() |
Thanks for the headsup Dan. I will keep an eye out for that.
|
|
![]() |
|
sgeorge ![]() Senior Member ![]() Joined: 23 August 2005 Status: Offline Points: 178 |
![]() ![]() ![]() ![]() ![]() |
Here's one I use. If what looks like an i.p.-based url is preceded by "card" anywhere in the message (including a different line), this will match.
[code]((?is)card.*https?://\d\d)[code] On the plus side, this should hopefully reduce the likelihood of matching URLs within mail-headers. I realize spammers may possible drift in here to learn some of our techniques, but I think that this discussion still helps more than it hurts. Stephen p.s. Thanks Dan, for thinking about https too - I added that after the fact ![]() Edited by sgeorge - 17 August 2007 at 3:54pm |
|
![]() |
Post Reply ![]() |
|
Tweet
|
Forum Jump | Forum Permissions ![]() You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.215 seconds.