Oct. 11, 2008, 07:22 AM
Code:
[Patterns]
Name = "Kill Suspected Domain Landing Pages [ku]"
Active = TRUE
URL = "$TYPE(htm)"
Limit = 128
Match = "($URL(*\?foiffs=*)"
"|$URL(*(t|search).php\?uid=*\&src=)"
"|$URL(*\?rid=[0-9]+\&OptId=[0-9]+)"
"|$URL(*/domainpark.cgi\?s=*)"
"|$URL(*searchportal.information.com*)"
"|$URL(*/home.php\?pid=(\w|)*)"
")?$STOP()"
"|type="text/css" href="http://[^/]++/getfile.php\?file="
"|<form name="parking_form" method="get" action="/default.pk" id="parking_form">"
"|<link href="http://img.sedoparking.com/"
"|<link rel="Shortcut Icon" href="http://images.smartname.com"
"|background:url\("http://static.parkingpanel.com"
Replace = "\k$ALERT(Killed Suspected Domain Landing Page)"To test this out:
http://proxomitron.com/
http://aple.com/
http://kyeu.com/
http://kye-u.com/
http://inet-police.com/cgi-bin/env.cgi
I know there's more variations out there, but the prospect of purposely making more typos at this point in time doesn't really appeal to me
