in Open Source, Technology

An open source PHP client for SURBL; thanks to the spam attack on nsfw.in

Couple of days back, I got an email from Amazon Abuse Desk, that botnet spammers were abusing NSFW.in. Our IP on the AWS EC2 was added to The Spamhaus Block List. Some Russian botnet spam gangs were creating automates short url at NSFW.in.

Abhinay created a PHP Client for SURBL. Now, NSFW.in short-link creation just need to look up the domain against SURBL to see if a domain is blacklisted or not.

The SURBL PHP client is released as Open-Source under MIT license and is available at Github.

NSFW.in is a url shortening service that makes unsafe URLs safer!

  1. First, I would like to applaud you for using surbl and other techniques to keep your shorter clean of badware. Shorteners are being highly abused right now.

    However, there are significant flaws in your client. Others should not use it IMHO.

    It doesn't handle IP based urls nor does it handle correctly 2 and 3 level tlds as specified in http://www.surbl.org/guidelines. Additionally your approach performs a naked nslookup without checking or escaping the parameters opening yourself to a scripting attack which could take over your server.

    People desirous of employing this technology may wish to consider looking at or using this one which can be found at http://www.oitc.com/source/uri_reputation.html It follows surbl implementation guidelines, handles IP based urls correctly and has no security risk.

Comments are closed.