Valid HTML Tag |
Post Reply 
|
| Author | |
regex 
Guest Group 
|
 Post Options
 Thanks(0)
 Quote Reply
 Topic: Valid HTML TagPosted: 22 July 2003 at 6:19pm |
|
I've found a few slipped in spams with the keywords "viagra". After looking at the source, the following line: VIA<!-- whcemhsbjg -->GRA This html line displays VIAGRA in the message body. I have the RegEx line in blocked keywords list which is (<[!--]+[a-zA-Z0-9]{11,}) What should I do to block the future spam containing the such html lines? Thanks |
|
 |
|
|
Desperado
Senior Member 
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
Quote Reply
Posted: 23 July 2003 at 1:31am |
|
(<[!--]+[\x20]{0,1}[a-zA-Z0-9]{10,}[\x20]{0,1}[!--]) Blocks that one. I use the following conbination to try to "nail" most of that type of garbage: ((http|3dhttp)://.{0,15}(%|@|:)[(\d|\w)]) WARNING! Watch for a future post. I created a SERIOUS problem with a variation of the ((<font color="(#ffffff|ffffff)".*){3,20}) expression. LogSat Support is working on trying to figure out what I did wrong. However, I am using the above expressions without any issues (after removing my "improvement"!). Regards, Dan S. |
|
|
|
|
Danny
Guest Group
|
Post Options
Thanks(0)
Quote Reply
Posted: 23 July 2003 at 11:09am |
|
Hi, thank you so much for your reply. Used your code and so far worked great. I'm now looking back at your code trying to figure out what exactly they mean (learned Perl from at my school). By the way, I just found a slipped in spam containing source similar to the following: <!w>VI<!e><!r>A<!c>G<!d>RA<!r> So I appended one more entry to your list which is: ((<![a-zA-Z0-9]{1}>)+) Any comments? Thanks again, Danny |
|
|
|
|
Desperado
Senior Member
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
Quote Reply
Posted: 23 July 2003 at 11:35am |
|
Danny, I will evaluate it after I fully wake up. Are you seeing any false positives? Dan S. |
|
|
|
|
Danny
Guest Group
|
Post Options
Thanks(0)
Quote Reply
Posted: 23 July 2003 at 1:42pm |
|
Hi Dan, not so far yet, everything seems working fine. Here is another challenge, just found another slipped in spam: <a href="http://GDJQPHHXHBBDMJBWHYETHJERE@www.anwcream.com/unsubscribe.html"> What I did is changed a little to the following expression: ((http|3dhttp)://.{0,26}(%|@|:)[(\d|\w)]) Please note I used 26 instead of 15. Hope this won't generate tons of complaint from my users :) Danny |
|
|
|
|
Desperado
Senior Member
Joined: 27 January 2005 Location: United States Status: Offline Points: 1143 |
Post Options
Thanks(0)
Quote Reply
Posted: 24 July 2003 at 12:22am |
|
Danny, I have change to 26 in one of my servers and left the 15 in another server. I will grab the stats after 24 hours and try to check for false positives. I have to make a judgement call on what is false ... One persons Spam is another persons reading material! Dan
|
|
|
|
Topic Options|
Post Reply
|
|
Tweet
|
| Forum Jump | Forum Permissions You cannot post new topics in this forum You cannot reply to topics in this forum You cannot delete your posts in this forum You cannot edit your posts in this forum You cannot create polls in this forum You cannot vote in polls in this forum |
This page was generated in 0.160 seconds.