On Wed, 2008-01-09 at 22:56 -0500, Ben Lentz wrote: > >> but this URI redirection stuff isn't very friendly > >> >when used by a spammer. > >> > > > > Ben, the key is the "btnI" param, which maps to the "I'm feeling lucky" > > button. > > This technique appeared last summer (I deployed my non-SA-based rule on > > 03-Jul-2007). > > Thank you, this is very valuable. I wonder if Google will ever consider > turning it off, since it's being abused. > > For now, I'm going with: > > uri GOOG_REDIR_SLASH > m{^https?://(?:\w+\.)*google\.(com|co\.uk|tw)/{2,}search} > score GOOG_REDIR_SLASH 1.0 > describe GOOG_REDIR_SLASH Google URL has extra slashes > after domain > uri GOOG_REDIR_LUCKY > m{^https?://(?:\w+\.)*google\.(com|co\.uk|tw)/+search.*btnI} > score GOOG_REDIR_LUCKY 3.0 > describe GOOG_REDIR_LUCKY Google URL uses I'm Feeling > Lucky for blind redirect > uri GOOG_PAGES > m{^https?://(?:\w+\.)*googlepages\.(com|co\.uk|tw)} > score GOOG_PAGES 2.0 > describe GOOG_PAGES URL hosted at GooglePages > > > ...seems pretty safe.
I think You need to ignore case too GOOGLE.COM will not match here I havent seen a spam with capitalized url but that will be trivial for the spammer