October 26, 2008 at 17:07Spam and Miranda
Recently, icq spam has turned into a constant headache - spammers have become more dodgy and cunning, and AOL has helped them. Established, slightly outdated funds ceased to cope, and 20-30 offers to buy or download something began to skip a day. An obsession arose to stop this.
First, I’ll talk about how spam in Miranda can be filtered in general.
The first level of spam cut-off is the protocol module. I'm talking about the modification of ICQ +, but in the official ICQj everything will work in much the same way. Here, filtering is quite simple - when an event is received from an unidentified contact (ie does not exist in the local contact list) it Capps (list of supported features Protocol) are checked for compliance icqlib from fellow mluwhich is used by the vast majority of spammers, as well as a couple of its modifications. Since their caps are quite unique, it is guaranteed to be a spambot.
The second level is filtering modules. They hook after cryptographic modules in the chain of processing new events. I have StopSpam, the principle of which is old as spam - the new contacts are asked a security question, and until the correct answer is received, the contact is hidden and all its events are ignored. In my question, I need to calculate a certain integral, therefore, together with spammers, 100% of those who wanted to get to know it flew away.
If 3-4 months ago 100% of spam fell at these two levels, now the situation has changed. Firstly, several new manufacturers entered the long-forgotten spam software market, who had guessed about the possibility of filtering by caps - now they can not be distinguished from quip and official customers.
Secondly, as I said, AOL helped - the “left” contacts began to be automatically added to the Not-in-list server group, which in half the cases began to mislead StopSpam.
Despite the terrible lack of time, my hands got to the source of StopSpam, to top it all off, it is incorrectly processing authorization requests at the moment. As a result, a small mod appeared, traditionally - StopSpam + =)
The first step was to filter authorization, and the time came to put the Not-in-list group in place. This can be done simply - do not consider contacts in this group as authorized.
In addition, small ideas arose about expanding opportunities - for example, randomly composing questions from two or three mathematical actions.
I would very much like to make a distinction without a question - for some he is very annoying. But I did not find any effective methods - filtering by keywords is easily bypassed, a statistical (Baesov) filter is there, and even more so a stat. the analysis in IM is somehow inappropriate. Databases of spammers like DNSBL are impossible here - the wins change every day, and the IP is easily hidden. The only thing that is possible is URIBL, but usually addresses are sent in the form of gibberish, which you need to interpret yourself. Maybe you have any ideas on this?
The mod code is available on our svn.
True, I haven’t committed any recent changes there - there are some doubts.
Binary
Small UPD: flooded the release build, plus options are now stored in the old StopSpam section
I will be glad sane wishes =)
Moved to Miranda IM
First, I’ll talk about how spam in Miranda can be filtered in general.
The first level of spam cut-off is the protocol module. I'm talking about the modification of ICQ +, but in the official ICQj everything will work in much the same way. Here, filtering is quite simple - when an event is received from an unidentified contact (ie does not exist in the local contact list) it Capps (list of supported features Protocol) are checked for compliance icqlib from fellow mluwhich is used by the vast majority of spammers, as well as a couple of its modifications. Since their caps are quite unique, it is guaranteed to be a spambot.
The second level is filtering modules. They hook after cryptographic modules in the chain of processing new events. I have StopSpam, the principle of which is old as spam - the new contacts are asked a security question, and until the correct answer is received, the contact is hidden and all its events are ignored. In my question, I need to calculate a certain integral, therefore, together with spammers, 100% of those who wanted to get to know it flew away.
If 3-4 months ago 100% of spam fell at these two levels, now the situation has changed. Firstly, several new manufacturers entered the long-forgotten spam software market, who had guessed about the possibility of filtering by caps - now they can not be distinguished from quip and official customers.
Secondly, as I said, AOL helped - the “left” contacts began to be automatically added to the Not-in-list server group, which in half the cases began to mislead StopSpam.
Despite the terrible lack of time, my hands got to the source of StopSpam, to top it all off, it is incorrectly processing authorization requests at the moment. As a result, a small mod appeared, traditionally - StopSpam + =)
The first step was to filter authorization, and the time came to put the Not-in-list group in place. This can be done simply - do not consider contacts in this group as authorized.
In addition, small ideas arose about expanding opportunities - for example, randomly composing questions from two or three mathematical actions.
I would very much like to make a distinction without a question - for some he is very annoying. But I did not find any effective methods - filtering by keywords is easily bypassed, a statistical (Baesov) filter is there, and even more so a stat. the analysis in IM is somehow inappropriate. Databases of spammers like DNSBL are impossible here - the wins change every day, and the IP is easily hidden. The only thing that is possible is URIBL, but usually addresses are sent in the form of gibberish, which you need to interpret yourself. Maybe you have any ideas on this?
The mod code is available on our svn.
True, I haven’t committed any recent changes there - there are some doubts.
Binary
Small UPD: flooded the release build, plus options are now stored in the old StopSpam section
I will be glad sane wishes =)
Moved to Miranda IM