Spam and Miranda
Recently, spam in icq has become a constant headache - spammers have become more resourceful and smarter, and AOL has helped them. Established, slightly outdated funds have ceased to cope, and 20-30 offers to buy or download something began to skip a day. There was an obsession to stop it.
To begin, talk about how spam in Miranda can be filtered at all.
The first spam cut-off level is the protocol module. I'm talking about the modification of ICQ +, but in the official ICQj everything will work about the same. Here, filtering is quite simple - when receiving an event from an unidentified contact (that is, not existing in the local contact list), its caps (a list of supported protocol features) are checked for compliance with icqlib from a friend mlu that is used by the vast majority of spammers, as well as a couple of modifications . Since their caps are quite unique, this is guaranteed to be a spamboot.
')
The second level is filtering modules. They put a hook after the cryptographic modules in the chain of processing new events. I have StopSpam, the principle of which is old as spam - a new control question is asked, and until the correct answer is received, the contact is hidden and all its events are ignored. In my question, you need to calculate a certain integral, therefore, along with spammers, 100% of those who want to meet with it flew away.
If 3-4 months ago at these two levels 100% of spam fell, now the situation has changed. First of all, several new manufacturers came to the long-forgotten market for spamming software, who guessed about the possibility of filtering by caps - now they cannot be distinguished from qip and official clients.
Secondly, as I already said, AOL helped - “left” contacts were automatically added to the server's Not-in-list group, which in half of the cases began to mislead StopSpam.
Despite the terrible lack of time, my hands got to the source of StopSpam, on top of everything that incorrectly processes authorization requests at the moment. As a result, a small mod appeared, traditionally - StopSpam + =)
The first thing was profiling filtering authorization, and the time came to put the group Not-in-list in place. You can do this simply - do not treat contacts in this group as authorized.
In addition, there were small ideas on empowerment - for example, random compilation of questions from two or three mathematical operations.
I would very much like to make a distinction without a question - for some he is very annoying. But I did not find any effective methods - filtering by keywords easily costs, the statistical (Baesov) filter is there, and even more so the stat. IM analysis is irrelevant. Spammers like DNSBL are impossible here - wines change every day, and IP is easily hidden. The only thing that is possible is URIBL, but usually addresses are sent in the form of gibberish, which you need to interpret yourself. Maybe you have any ideas on this?
The mod code is posted on our svn
True, while I didn’t commit the latest changes, there are some doubts.
Binary
Slight UPD: flooded release build, plus options are now stored in the old StopSpam section
I would be glad sane wishes =)
Transferred to Miranda IM
To begin, talk about how spam in Miranda can be filtered at all.
The first spam cut-off level is the protocol module. I'm talking about the modification of ICQ +, but in the official ICQj everything will work about the same. Here, filtering is quite simple - when receiving an event from an unidentified contact (that is, not existing in the local contact list), its caps (a list of supported protocol features) are checked for compliance with icqlib from a friend mlu that is used by the vast majority of spammers, as well as a couple of modifications . Since their caps are quite unique, this is guaranteed to be a spamboot.
')
The second level is filtering modules. They put a hook after the cryptographic modules in the chain of processing new events. I have StopSpam, the principle of which is old as spam - a new control question is asked, and until the correct answer is received, the contact is hidden and all its events are ignored. In my question, you need to calculate a certain integral, therefore, along with spammers, 100% of those who want to meet with it flew away.
If 3-4 months ago at these two levels 100% of spam fell, now the situation has changed. First of all, several new manufacturers came to the long-forgotten market for spamming software, who guessed about the possibility of filtering by caps - now they cannot be distinguished from qip and official clients.
Secondly, as I already said, AOL helped - “left” contacts were automatically added to the server's Not-in-list group, which in half of the cases began to mislead StopSpam.
Despite the terrible lack of time, my hands got to the source of StopSpam, on top of everything that incorrectly processes authorization requests at the moment. As a result, a small mod appeared, traditionally - StopSpam + =)
The first thing was profiling filtering authorization, and the time came to put the group Not-in-list in place. You can do this simply - do not treat contacts in this group as authorized.
In addition, there were small ideas on empowerment - for example, random compilation of questions from two or three mathematical operations.
I would very much like to make a distinction without a question - for some he is very annoying. But I did not find any effective methods - filtering by keywords easily costs, the statistical (Baesov) filter is there, and even more so the stat. IM analysis is irrelevant. Spammers like DNSBL are impossible here - wines change every day, and IP is easily hidden. The only thing that is possible is URIBL, but usually addresses are sent in the form of gibberish, which you need to interpret yourself. Maybe you have any ideas on this?
The mod code is posted on our svn
True, while I didn’t commit the latest changes, there are some doubts.
Binary
Slight UPD: flooded release build, plus options are now stored in the old StopSpam section
I would be glad sane wishes =)
Transferred to Miranda IM
Source: https://habr.com/ru/post/43259/
All Articles