Theo Van Dinter wrote:
On Mon, Feb 05, 2007 at 02:27:18PM -0600, Doc Schneider wrote:
http://hasle.progenyid-com <http://hasle.progenyid-com/>
Are you using SA 3.1.7? If so, do an sa-update there is a new rule that
should be catching these and all mutations.
Three things.
First, the spammer has gotten smarter and is using valid hostname chars for
obfuscation now. Which makes things much harder (though I have the start of
some code which deals with this).
Second, the current extra rule will not catch these due to the aforementioned
issue.
Third, the rule is available via sa-update for 3.1.x (where x >= 1), so while
upgrading to 3.1.7 would be good (3.1.8 coming out soon, btw,) it's not
necessary.
I mis-read what the character was; thought a - was not a valid domain
name char but it is a _ that isn't valid. But I know Theo will come up
with a killer rule! 8*)) I'm having a DUH day... I should have mentioned
3.1.8 coming out soon. ::50 bashes with a wet cron job::
--
-Doc
SA/SARE -- Ninja
3:00pm up 2 days, 6:26, 17 users, load average: 1.62, 1.14, 0.93
SARE HQ http://www.rulesemporium.com/
