Aloha all,
I' ve been getting a ton of spam past my Fortigate 60B, though the only thing consistent is the url in the body, for example:
http://host.fractalmotiondesign.info/576adb6ba5a8b6774177711b8a03dfb6b0ab050
always in that format - no www, ends in .info, and a long string of characters afterwards.
my regex skills are non-existant, so I' ve used what was posted in the forums a few years ago (which helped a lot, years ago).
I' m thinking the best way to proceed to is to block ANY weblink that contains .info but going by past examples it seems I' m doing something wrong.
Any tips?
Rick Payton, IT Support
Morikawa & Associates
http://www.mai-hawaii.com/
FortiGate-60 build 726 (retired)
FortiGate-60B v4.0 build 328 MR2 Patch 8
FortiAnalyzer-100B v4.0 build 513 MR3