Seeing a new run of spam with:
{a hrefstringhref=http://bogus.url href="http://real.url"}
I think they are hoping to fool a primitive scan for 'href=' but it
just makes for a really unambiguous spamsign. I'm scoring it high.
We'll probably see some variations on this soon, with other things in
front of href.....
rawbody LOC_HTMLBADHREF /href[a-z]*href/i
describe LOC_HTMLBADHREF href(string)href in link
score LOC_HTMLBADHREF 2.5
- Charles
{a hrefstringhref=http://bogus.url href="http://real.url"}
I think they are hoping to fool a primitive scan for 'href=' but it
just makes for a really unambiguous spamsign. I'm scoring it high.
We'll probably see some variations on this soon, with other things in
front of href.....
rawbody LOC_HTMLBADHREF /href[a-z]*href/i
describe LOC_HTMLBADHREF href(string)href in link
score LOC_HTMLBADHREF 2.5
- Charles