Raymond Dijkxhoorn wrote:
Hi!
http://adserver.adtech.de/?adlink|2.0|340|436977|1|16|AdId=323398;BnId=1;link=target.com
(where 'target.com' is the spammer site).
Anybody know anything about this?
I mailed their abuse dept but it seems they dont care. They are abuse by
spammers by running a open redirector.
This is going on a short week now and sinc then we have spotted a
gazillion of them.
Its the same guys that also abused the zdnet.com, internet.com and
nate.com redirs (remember those?)
I throw them out:
uri PROLO_REDIR_ADTECH_CHECK1 /^http:\/\/adserver\.adtech\.de\//
score PROLO_REDIR_ADTECH_CHECK1 8.0
describe PROLO_REDIR_ADTECH_CHECK1 PROLO_REDIR-ADTECH CHECK, Body
Note that the adforce.adtech.de also works (it's the A record for the
adserver CNAME).
SA 3.1 users can use the following redirector pattern (all on one line)
to determine the target domain:
redirector_pattern
/^http:\/\/(?:.*\.)?adtech\.de\/.*(?:;|\|)link=(.*?)(?:;|$)/i
Daryl