Phishing scanner

scsi · Nov 20, 2009

Lmao no one can hold copyright over a perl script..Id like to see that one hold up in court. Just cause some random guy puts it in a header...give me a break.

I still wouldnt use some random code posted on a forum on my production server that is 3 years old.

floyd · Nov 22, 2009

Any written work is copyrighted automatically by default. Its just a matter of proving who wrote it first. It doesn't matter if it is a perl script or a novel its still copyrighted unless the writer releases it.

interfasys · Nov 23, 2009

@scsi - The code may be 3 years old, but it works (people are still using Windows XP that was written how many years ago?

). The databases are regularly updated and that's what counts.

Now, if you want to come up with your own code, it would help make spamblocker even better

nobaloney · Nov 24, 2009

Or if the original author would put his code into an open source license.

I've copyrighted my changes to the exim.conf file, and I've included the previous copyrights as well; see my license file (either from the DirectAdmin site or from my site) for how to do it.

I've also put my code under the GNU GPL license, with this text:

Code:

# The entire Exim 4 distribution, including the exim.conf file, is
# distributed under the GNU GENERAL PUBLIC LICENSE, Version 2,
# June 1991. If you do not have a copy of the GNU GENERAL PUBLIC LICENSE
# you may download it, in it's entirety, from the website at:
# 
# http://www.nobaloney.net/exim/gnu-gpl-v2.txt

It's easy enough for anyone to do the same. If the original author would release his code under this license (by publishing it here in these forums or on a site somewhere) I'd be able to include it in SpamBlocker exim.conf.

Jeff

panamaspace · Dec 3, 2009

Erik Mugele, author of SURBL script, replies

Jeff,

In regards to your points above, and in the name of completeness, I took your question directly to the creator of the SURBL script. If anything, it should be interesting to know his views on its use.

I only asked him because I was curious. Here is his reply:

As I see it, there are absolutely no problems with using the script
with the current license.

Jeff mentions the exim.conf file and its copyright. My script is not
a part of the exim.conf file but separate and therefore does not fall
under exim.conf license. Yes, I do mention some configuration code on
my website but it is merely an example to show how to use the script.
My exim.conf snippet does NOT have a copyright on it. In fact, a mail
admin should not use that snippet blindly without knowing what they
are doing and should customize for their own system as it is only an
example to illustrate how to call the Perl script.

Second, the BSD license on the script itself makes NO restrictions on
how the script is used or not used. You (they) may use it or not.
You (they) may distribute it (with the license as stated) or not... in
a commercial product or free product. In nuclear weapons or embedded
operating systems. The license makes NO restrictions on how or where
it is used.

I think the confusion comes from the fact that the exim.conf has a GPL
license. That's all well and good except that my script is not part
of the exim system or exim.conf file and is therefore not subject to
its restrictions.

As a side note, the script hasn't been updated because 1) it works
and 2) there are no updates needed. The only thing that should be
kept up to date are the lists of domains maintained by the SURBL folks
as mentioned by one of the posters.

Erik

If you wish... you can correspond with Erik Mugele directly on his contact form at: https://www.teuton.org/~ejm/email_form.shtml.

Thanks.

nobaloney · Dec 5, 2009

I don't need to correspond with Eric. The problem as I see it is the code posted here doesn't say anywhere it's licensed under the BSD licens OR I've missed it. If I've missed it please point it out to me.

Nevertheless, I agree with Eric that it can be used. I don't have time to work on it right now; repost to the thread in about a month to remind me.

Or work on it yourself

.

Jeff

interfasys · Mar 27, 2010

Newer version of the script
http://www.gossamer-threads.com/lists/exim/users/80694

jeanlee411 · Apr 25, 2010

jlasman said:
actually you've brought up a very good one ... a site that includes visuals from a different URL.

Of course this simply points out that banks could avoid most phishing by eliminating the ability for other sites to call up their images.

Jeff

I've implemented the solution mentioned above and it works quite well.
The main area where it could be improved is in regard to the txt files.

1) A cron could be run each month to update the list of TLDs. The URL that returns the list is at the top of the file
2) The whitelist could automatically be updated from a reliable source (I don't have one)

Cheers,

__________________________
Watch The Losers Online Free
Watch The Back-Up Plan Online Free

nobaloney · May 18, 2010

I've decided I can't include this in the newest SpamBlocker because I can't see in the thread everything I need to know to implement it, and because it requires something outside of the exim.conf file.

If interested parties will consider continuing with this thread please let me know, and I'll move the thread to the next exim.conf version thread, clean it up a bit, and we can move forward with it for a future version of the exim.conf file.

Jeff

tdldp · Jun 14, 2010

jlasman said:
I've decided I can't include this in the newest SpamBlocker because I can't see in the thread everything I need to know to implement it, and because it requires something outside of the exim.conf file.

If interested parties will consider continuing with this thread please let me know, and I'll move the thread to the next exim.conf version thread, clean it up a bit, and we can move forward with it for a future version of the exim.conf file.

Jeff

I can understand you jeff on this...
Yet it is quite simple for any admin to implement this on his box..
Don't know if it could be taken apart in a .pl file called by exim.conf (like : /etc/virtual/surbl.pl), but could be a solution to your problems... I'll try to give it a test..

I'll just add, that I use it since 3.0 - beta, and it works like a charm... (Avoids, approx 40 000 emails reaching mail folders each year (mostly viagra / cialis things))

Tdldp

floyd · Jun 15, 2010

I am trying to figure out how this thread that I started went from being about scanning for files on the server that contain phishing information to scanning email which is totally different.

I am looking for a way to scan for web sites on the server that are designed to steal personal information.

AndyII · Feb 14, 2011

hey Floyd,
arent most of those caused through a shell script injected into a site with vulnerabilities?
I found 2 scripts and I will link them here ,
http://iscanner.isecur1ty.org
https://github.com/terry81/Malicious-Web-Scripts-Search/blob/master/find_and_replace.pl

I have used them and I liked the hack-search.pl, you can also add other search parameters found in terry81-Malicious-Web-Scripts-Search
I didnt use the find_and_replace just the search then went and looked at each find, I ran this in the home directory, and in individual sites

nobaloney · Feb 15, 2011

Your first link isn't working for me this morning; is it still working for you?

Jeff

Phishing scanner

scsi

Verified User

floyd

Verified User

interfasys

Verified User

nobaloney

NoBaloney Internet Svcs - In Memoriam †

panamaspace

Verified User

nobaloney

NoBaloney Internet Svcs - In Memoriam †

interfasys

Verified User

jeanlee411

New member

nobaloney

NoBaloney Internet Svcs - In Memoriam †

tdldp

Verified User

floyd

Verified User

AndyII

Verified User

nobaloney

NoBaloney Internet Svcs - In Memoriam †