On Wed, 14 Mar 2012, David B Funk wrote:
One clue: "X-Originating-IP: [41.189.207.189]"
Check the various RBL hits on that address. ;)
Are there existing plugins for this?
Is there a way to check a range to see if it's part of a known
blacklisted botnet?
The "cbl.abuseat.org" RBL explicitly
On Wed, 14 Mar 2012, Alex wrote:
I actually created a bunch of those already, and would appreciate if
someone would check my work:
uri LOC_WP
m{https?://.[^/]+/(wp-content|modules/mod_wdbanners|wp-admin|wp-includes|cruise/wp-content|includes/|web/wp-content|google_recommends|mt-static)/
On 15/03/12 00:39, Alex wrote:
One clue: "X-Originating-IP: [41.189.207.189]"
Check the various RBL hits on that address. ;)
Are there existing plugins for this?
Is there a way to check a range to see if it's part of a known
blacklisted botnet?
Or if you don't expect to receive email from
Hi,
>> Note that URL, yet another p0ned WordPress website (the
>> "/wp-content/plugins/" stuff). Now you get a hint of why I hate
>> "install-and-forget" websites.
>> When ever I run into p0ned websites their domain name goes into my
>> private URIBL list. They don't get spam past me again.
>>
>
>
Quite a bit has been said under "Better phish detection"
Just put up an autocreated little rule file based the few dozen phises
in my corpus.
http://sourceforge.net/projects/sare/
If enough ppl contribute with samples, it could be created regularly.
Anybody interested in sharing not defanged
On 14/03/12 03:09, David B Funk wrote:
On Tue, 13 Mar 2012, Alex wrote:
Hi,
http://pastebin.com/raw.php?i=iquXBnH0
While I could create a rule to block this specific domain, or submit
it to a RBL, I'd appreciate any ideas how to more generally block
them, rather than by one characteristic
On 14/03/12 03:09, David B Funk wrote:
On Tue, 13 Mar 2012, Alex wrote:
Hi,
http://pastebin.com/raw.php?i=iquXBnH0
While I could create a rule to block this specific domain, or submit
it to a RBL, I'd appreciate any ideas how to more generally block
them, rather than by one characteristic
On 14/03/12 02:36, Alex wrote:
Hi,
http://pastebin.com/raw.php?i=iquXBnH0
While I could create a rule to block this specific domain, or submit
it to a RBL, I'd appreciate any ideas how to more generally block
them, rather than by one characteristic in the message.
We need more examples.
Hi there
We have some Chinese users complaining about spam, and looking around it
seems there aren't any up-to-date Chinese-specific rules?
The ccert.edu.cn rules looked great (ie thought through - I can't tell
speak for their effectiveness), but they haven't been updated since 2006
Anyone know
