Adrian Chadd wrote:
> Yup; I'm working on loading that into a hash for lookups, after normalising
> the URLs (removing the protocol, user@password, anchor; can't remove the query
> as some phish URLs bounce via well-known services like google, live.com, etc.)
>
I was actually having a thought about that.. Is a url hash the only way
to go?
It is easy for a phisher to wildcard a whole subdirectory or even a
subdomain and make hashing of individual urls nearly useless.
Perhaps there should be an optional list of domains or dst adresses for
blocking the hosts obviously used only for phishing.
-- AndreasReceived on Sun Jun 24 2007 - 06:52:18 MDT
This archive was generated by hypermail pre-2.1.9 : Sun Jul 01 2007 - 12:00:04 MDT