Jeff Chan wrote: > Does anyone have a geocities rule that catches most of the spams > and has few FPs?
This is a collection of various geocities rules that I've been using. You might want to run them by a corpus to see what their FPs are like for you, but this is a good starting point. These are based on rules posted by others on the list, with a few limited hacks and customizations of my own added. uri L_L_GEOEXP /(?:uk|de)\.geocities\.com\/\w{2,20}\/\?\w{1,20}[=&]\w{2}/ describe L_L_GEOEXP Possible Geocities exploitation score L_L_GEOEXP 1.0 #stacks with geoexp, but is more specific and less FP prone. uri L_L_GEOEXP2 /(?:uk|de)\.geocities\.com\/[a-z]{2,20}\d{1,5}\/\?\w{1,20}[=&]\w{2}/ describe L_L_GEOEXP2 Possible Geocities exploitation score L_L_GEOEXP2 1.5 #different pattern, somewhat FP prone due to broader hit range. uri L_L_GEOEXP3 /(?:uk|de)\.geocities\.com\/[a-z]{5,7}[0-9]{2,3}\// describe L_L_GEOEXP3 Possible Geocities exploitation score L_L_GEOEXP3 1.0 uri UOLCC_UKGEO /(?:uk|de)\.geocities\.com\/[A-Z]?[a-z]{2,20}_[A-Z]?[a-z]{2,20}(?:_[A-Z]?[a-z]{2,20})?\d{0,4}\/\?[\w=\.]{3}/ describe UOLCC_UKGEO UK Geocities exploitation score UOLCC_UKGEO 2.0