How’s Your Abuse?

Nobody ever gives me any feedback about TightURL except when they’re having trouble getting it to run.  So in order to get useful information about how well it works, I run a public copy at http://tighturl.com and that’s how I learn everything I know about how TightURL performs out in the world.  One of the reasons I started a devblog (development blog) was to try and get some more input from my [code] users.

In that vein, how’s your abuse? Mine’s been showing the first serious signs of bot abuse since summer of 2010.  I’m also finding that Kaspersky Internet Security flags a lot of the abusive URLs.  So the next enhancement to the TightURL anti-abuse system will probably be to add additional data sources to the URL checking routines.

Does anyone have experience with Google Safe Browsing?  It looks like that’s probably the only free data available that I’m not already using via SURBL.

This entry was posted in Uncategorized. Bookmark the permalink.

11 Responses to How’s Your Abuse?

  1. Ak says:

    Hello ! I am using yourls for two years and working fine. But I do hear great thing about http://tighturl.com/ , but never tried. I will try it Today .

    Regarding the abuse you say….Yes ! you are right a, I always worry about the spam if I want to make my shortening service for public use. So I am using it only for self-access

    Do the script http://tighturl.com/ provides any in-built system to detect the spam? Or any such things to avoid spam on my installation of ‘ tighturl ‘?

    >Does anyone have experience with Google Safe Browsing?

    I don’t know how to use it. Would you mind to post an article or write it here to implement it with the installation of ‘ tighturl ?

    Thanks for the useful URL shortening script !

    • ron says:

      Virtually all of the work over the last two years has been to the anti-abuse system.  TightURL uses SURBL, URIBL, Bad Behavior, httpBL (via Bad Behavior), and some internal detection code.  I am hoping to allow TightURL (service operators) to submit abuse data back to me for sharing with everyone else.

  2. Ak says:

    BTW… all the links created with ‘tighturl’ script and links on your site are displaying ‘ Bit.ly’s ‘ logo on mouse over. I have a bit.ly’s addon installed on my browser and it reveals every shortened URL ‘s source on mouse over with bit.ly’s logo. Most likely those URL s are based on Bit.ly’s API . Links created by Yourls doesn’t show that. What may be the reason ?

    Thanks!

    • ron says:

      If that’s happening, then it must be a bug in the Bit.ly addon.  Is that something official?  I know someone at Bit.ly I could talk to about it.

      • AK says:

        Thanks for your response !

        It is not a bug. However, I will update you with the screen-shots of it

      • AK says:

        Here we go …I wonder …the addon pop-up’s bit.ly’s logo on every link related to ‘ tighturl.com ‘

        1) http://i.imgur.com/rqsFo.png

        2)http://i.imgur.com/aBntk.png

        3)http://i.imgur.com/HlhfN.png

        It is not a bug. I have bit.ly’s addon installed on my FireFox’s browser. When mouse over on any link related(Even the Google search results ) to ‘ tighturl.com ‘ domain, bit.ly’s addon is raising a pop up image. Usually that pop up logo will only appears for bit.ly or other URLs depended on it.

        I am just willing to get it to your notice as I wonder about it

        Thanks !

  3. Hi,
    I run a copy of tight url over at u4u.be, and haven’t had tons of bots (by tons, I mean a meanful amount enough to make me stop using it or something), but, over half of my database is spam/affiliate/whatever (sigh, looks like I’ll have to look through it and remove anything I don’t trust). However, I’m only up to u4u.be/20 or something like that, so you can tell it hasn’t gone very far. I mainly use it for my personal shortener, although I allow public access for friends, etc. So far though, no one has complained about my website which makes me think that there’s no spam or viruses or fishing going on (good thing, too). Thinking of fishing, I’d better start opening a twitter search every now and then for u4u.be :).
    -Michael.
    P.S. Yes, I was the one who had soooooo many questions about the killbot :). I can’t wait for your new release!

    • ron says:

      The percentage of submitted links that are abuse has been going up at tighturl.com .  There are a few reasons for that though, one of which was a couple of issues that took the service down a couple of times, resulting in the loss of some regular non-abusive users.

      I sent you mail about the bot a couple of months ago, I’d found a bug that I think fixed a problem you were having.  Did that help?

  4. Josh says:

    Ron, check it out — someone posted links to l’il task-specific php functions here:
    http://blog.yourls.org/2011/04/yourls-abuse-anti-spam-plugins/#comment-248
    they are designed to connect to the phishtank and virustotal APIs

    • ron says:

      Very interesting page, although I’ve only skimmed it.  Interesting that I see plugins mentioned, since I’m planning on doing the same in TightURL.  Thanks for showing it to me.

  5. Josh says:

    AK, respectfully, I think you’re mixing apples and oranges.
    If you have the “bit.ly preview” Firefox addon installed
    ( https://addons.mozilla.org/en-US/firefox/addon/bitly-preview/ )
    it wouldn’t / shouldn’t activate onHover unless the URL of a given anchor pattern matches /bit\.ly/

    Perhaps you ALSO have the “Link Alert” addon installed
    ( https://addons.mozilla.org/en-US/firefox/addon/link-alert/ )
    and its author compiled in a “lookup list” of url-shortening domains (er, patterns) and it generically displays a bitly icon onHover for any domains matching the lookup list?

    FWIW, in my use, the Link Alert addon erroneously displays the orange RSS icon for many non-rss URLs ~~ the longer the URL, the more likely a substring within it will match / trigger the Link Alert response. I would guess the scenario you’re experiencing is similar to this.

Leave a Reply

Your email address will not be published. Required fields are marked *