Help - Search - Members - Calendar
Full Version: HOWTO: Block Geocities and Tripod spam
The Planet Forums > Control Panels > cPanel/WHM > Cpanel/WHM HOWTOs
aussie
Nov 18 2005, 12:53 PM
Spammers are trying every conceivable way to trick SURBL blocks by leaving ??.Geocities and ??.Tripod links in their spam which then redirects you to the actual website. Statistics also show that they are buying up the .info .tld’s like its going out of style. Have you noticed?

Unfortunately, SURBL will not list these types of URLS so if you getting lots of Pharmacy spam with links to geocities and tripod you can stop these people in a number of ways.

I have spent hundreds, no thousands of hours reviewing message logs, spam and noticed a HUGE increase in .geocities spam lately. Tripod has emerged as being a choice for spammers to host redirects as well. I have received a very good response from the tripod abuse team reporting at least 8 such links to them in the past week which has resulted in those sites being shut down.

MailScanner: If you are using MailScanner with the option set to check for spam , you can add these rules to your /path_to_your/spam.assassin.prefs.conf

# Geocities Spam
uri PROLO_PUBWEB_UKGEO_CHECK1 /^http:\/\/.*\.geocities\.com\//
score PROLO_PUBWEB_UKGEO_CHECK1 5.0
describe PROLO_PUBWEB_UKGEO_CHECK1 PROLO_PUBWEB_UKGEO_CHECK1, Body

Adjust the highlighted score above to the value you want to assign. I have increased this score to the value of the highest scoring spam number in my MailScanner.conf.

For Tripod, simply modify the above including the .tripod url. Make sure you give the URI, SCORE and DESCRIBE line a different name.

Here is a good rule set I found for Geocities spam. You can use this as well.
http://antispam.imp.ch/rules/asciispam.cf. Note, the other rules from this website don’t work and this is about the only one that comes up error free so if your thinking of implementing the other rule sets from this website, don’t bother. I have tested them all and this is about the only one that comes up error free.

If you’re not using MailScanner + SURBL then you should at least implement the SURBL lookup at SMTP time, the post i made here, http://forums.ev1servers.net/showthread.php?t=57896. This will stop tons of spam but since SURBL does not list Geocities and Tripod links, you will have a tough time stopping spam from these two sites unless you have implemented a method of being able to check a rule set.

Good luck
REBIS
Nov 18 2005, 01:37 PM
Thanks, Aussie! This will definitely come in handy.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.