I just discovered this accidentally when trying to paste the HTML snippet <a href="http://forums.worsethanfailure.com/forums/AddPost.aspx?ForumID=18#" onclick="window.scrollTo(0,0); return false;">Back To Top</a> to a coworker so I could explain that no scripting was necessary.  The server rejected my message.  I tried it a few times, varying the message slightly, and found that the characters [period] s c r would cause the send to fail, regardless of surrounding characters.  I use Pidgin, a multiprotocol IM client, so I'm fairly sure this filtering takes place on Microsoft's servers rather than on the client (the "server error" message also pointed in that direction).

I know .scr is the extension for a Windows screensaver, which is really an executable file in disguise.  It's a common vessel for viruses and I imagine the purpose of this nonsense is to prevent virus/spyware spam on their IM network.  Of course the result was that a perfectly legitimate message was rejected with no explanation, and I had to figure out what was going on so I could circumvent it.  I couldn't make any reference to the JavaScript function window.scrollTo at all, just in case I had some vague malicious intent.

I hate software that dictates my security policy to me [separately from company policy].  My email client automatically rejects any script or executable attachments, regardless of if I want them or not; it also flat out refuses to remember my password, despite the checkbox.  The IE on our server won't let us download archives from websites (necessary server utilities), until I flag that server explicitly as being trusted.  Almost everything on the Windows platform just feels like "it's our way or the highway" to me, and I find it alienating.  I don't like jumping through hoops that are there by-design to protect me from myself.

I'm sorry this devolved into an off-topic rant, but this sort of thing peeves me.  I supposedly administrate this network, but apparently I need a babysitter that can't be disabled.  That decision is reserved by the software; users and administrators have no say in the matter.  I know a corrollary of Murphy's law is that if a user can do something stupid, that user will do something stupid; but I think that's the prerogative of the user [or the employer of said user].  If something is inherently unsafe, warn me, and let me or some configurable policy decide what to do.

It doesn't even work, so far as I've heard.  Windows, IE, and Outlook exploits continue to crop up despite the weekly automatic vaccinations (which force a restart unless you figure out how to disable it.)  Intrusive-yet-ineffective security measures like this one just make my work more unpleasant, and steadily drain my enthusiasm until I consider converting to the Linux camp -- I installed it on my laptop and love the level of customization possible.

At least concerning the e-mail client (which name rhymes with "Toutlook"), Microsoft eventually accepted that it was a bad idea. There is some really obscure registry option that lets you disable that "feature". Also, as far as I know, it has been removed (or at least alleviated to a sane form) in newer versions.

I agree however that it tells quite a bit about the attitude that they put it in in the first place.

Nice of the forum software to expand "#" to "http://forums.worsethanfailure.com/forums/AddPost.aspx?ForumID=18#" for me.  Oh, the forum software is powered by Community Server?  Who makes that?  Let me guess.

[Edit: Okay, not first-party software after all.  We have Telligent to thank.]

Windows Live Messenger also blocks links ending in .info:

 if you send "www.visitmysite.info" to a friend, it will block the message entirely.  I also use Pidgin, so I'm pretty sure they (microsoft) block it themselves.
 

Oh, I remember stumbling across the ".scr" thing a while back. Utterly ridiculous.

Particularly since it doesn't actually take into account whether that substring is even part of a URL, as you've mentioned. And it's not case-sensitive, either. So you can't even refer to java.awt.ScrollPane, for instance. ::headdesk::

Apparently MSN also blocks anything with "download.php" from being sent, which, of course, blocks a bunch of legitimate download sites.

The extension change warning is perfectly valid, but it's a symptom of at least one larger problem. I will work on the assumption that extensions are worthwhile, although I am not sure about this either. The primary problem, and it's wonderful to see that Apple made the same mistake as Microsoft, is that graphical file rename selects the entire name including the extension. Therefore, if you type, or paste in, a whole new name, you automatically wipe out the extension.

It's so easy to screw up a filename when trying to edit it, and Microsoft of course, as usual, work around that by putting in another layer of inconvenience. Not only a dialog box, but one that does nothing useful. If you hit Yes, you lose your original extension. For an average user, they probably have no idea what it should be or that Explorer has undo, even the desktop (ctrl-Z or right-click on the desktop, Undo, despite no menu bar). If you hit No, the original name is restored and you have to type it all over again. I think Apple started this stupidity, not Microsoft -- the Finder was just as moronic. The only change is that OS X now lets you click which extension you want to keep.

Of course, if you lose the extension entirely, there isn't even a warning in Windows (unlike Mac OS X, IIRC) that the new name will render the file unable to be launched by its default action.

I wonder, do any of the X11 file managers get all this right?

And yes, trying to get URLs to go through MSN in Pidgin can be really frustrating. I've barely touched Microsoft's two official MSN clients (Windows Messenger, MSN Messenger/Windows Live Messenger) so I don't know whether they have the same problem.

I think the funniest one was this:

Trying to open a PNG image in Internet Explorer, with QuickTime set to render them (perhaps so you can have true 32-bit PNGs?) Of course, this was not the first and not the last time that Windows Explorer or Internet Explorer could not understand what the Internet was (like being told that by Windows Explorer that a particular .txt file on some \\SERVER was a dangerous file on the Intenet that I shouldn't open ...)

[Edit: yes, the PNG file in the screenshot above was itself a screenshot of another bug, a bug in MSN Messenger ;-)]

Daniel Beardsmore:

One thing to watch out for is that HTTP uses mime-types, not file extensions, to determine what a file is used for.  The extension means nothing.  You could perhaps dupe some naive individual with a safe-looking file extension in a URL, that triggers a download of executable code (though most modern user agents are too smart for this sort of thing).  I've seen dynamic HTML pages with extensions like .exe and .dll, that were simply programs running server-side.  The browser knows this because the mime-type remains text/html, as sent in the HTTP headers.

You probably already knew that, but it's good to bear in mind.

[Edit: Doh!  I only just now realized that was a local path in your screenshot.  Disregard my comment.]

joe.edwards@imaginuity.com:

I hate software that dictates my security policy to me [separately from company policy].  My email client automatically rejects any script or executable attachments, regardless of if I want them or not; it also flat out refuses to remember my password, despite the checkbox.  The IE on our server won't let us download archives from websites (necessary server utilities), until I flag that server explicitly as being trusted.  Almost everything on the Windows platform just feels like "it's our way or the highway" to me, and I find it alienating.  I don't like jumping through hoops that are there by-design to protect me from myself.

I'm sorry this devolved into an off-topic rant, but this sort of thing peeves me.  I supposedly administrate this network, but apparently I need a babysitter that can't be disabled.  That decision is reserved by the software; users and administrators have no say in the matter.  I know a corrollary of Murphy's law is that if a user can do something stupid, that user will do something stupid; but I think that's the prerogative of the user [or the employer of said user].  If something is inherently unsafe, warn me, and let me or some configurable policy decide what to do.

You are rapidly approaching the point where you discover the reason for free software. Unix platforms are better than anything MS has done, but that's not what it's all about. If you don't have the source and the right to fix it, you don't own it - it owns you. It's all about whether you're the guy driving the cart or the horse pulling the cart.

Daniel Beardsmore:

I wonder, do any of the X11 file managers get all this right?

Anybody who's serious about using a unix platform doesn't use them for file management - the shell is just so much better at it than any GUI created so far. As such, all the X11 file managers are designed for immigrants from windows and macosx, so they tend to duplicate some of the insanity.

Daniel Beardsmore:

It's so easy to screw up a filename when trying to edit it, and Microsoft of course, as usual, work around that by putting in another layer of inconvenience. Not only a dialog box, but one that does nothing useful. If you hit Yes, you lose your original extension. For an average user, they probably have no idea what it should be or that Explorer has undo, even the desktop (ctrl-Z or right-click on the desktop, Undo, despite no menu bar). If you hit No, the original name is restored and you have to type it all over again. I think Apple started this stupidity, not Microsoft -- the Finder was just as moronic. The only change is that OS X now lets you click which extension you want to keep.

Of course, if you lose the extension entirely, there isn't even a warning in Windows (unlike Mac OS X, IIRC) that the new name will render the file unable to be launched by its default action.

This annoyance was introduced by Microsoft as the MacOS did not natively pay attention to file extensions until MacOS X. MacOS 9 and lower used 4 byte file type and creator codes to identify both the type of file and what application should open the file when the file is double clicked in the Finder.

Also, in OS X if you delete the file extension of a file while renaming it, the Finder simply hides that file's extension leaving it unchanged.

Heron:

Windows Live Messenger also blocks links ending in .info:

 if you send "www.visitmysite.info" to a friend, it will block the message entirely.  I also use Pidgin, so I'm pretty sure they (microsoft) block it themselves.
 

OK, I had to see if MS was as stupid here in their implementation as I expected...and I was right.

They block '.info' ANYWHERE in a message.

Even if it's, say, www.infoworld.com. Or myPackageName.InformationRecord. Context does not matter whatsoever.

::sound of head hitting desk repeatedly::

codeman38:

Oh, I remember stumbling across the ".scr" thing a while back. Utterly ridiculous.

Particularly since it doesn't actually take into account whether that substring is even part of a URL, as you've mentioned. And it's not case-sensitive, either. So you can't even refer to java.awt.ScrollPane, for instance. ::headdesk::

Apparently MSN also blocks anything with "download.php" from being sent, which, of course, blocks a bunch of legitimate download sites.

 
*the utility of which is laughable. 

AbbydonKrafts:

I'm glad I don't use that thing...

I've spent a lot of time talking to contacts on MSN, but it's not the random blocking that's the biggest problem, but the general server connection reliability. It's got to be the least reliable IM system on the planet. I am not sure what's with the limit of one colour and style per message though.

The only snag is that many of us seem to be Pidgin users, and it's no great secret that Pidgin's MSN code is painfully obsolete. It's hard to tell how much of MSN is simply Pidgin being buggy and broken, like how Yahoo file transfers die with an error despite actually completing successfully. MSN file transfers still go at pathetic speed (about 2 kB/sec often), which I do wish would get fixed.

I wish I didn't have to use the MSN chat network, but so many people only use that one. I don't know if any of them are especially reliable or especially well-supported in Pidgin, but AIM and ICQ seem to be pretty good at the moment, file transfers notwithstanding.

Daniel Beardsmore:

I've spent a lot of time talking to contacts on MSN, but it's not the random blocking that's the biggest problem, but the general server connection reliability. It's got to be the least reliable IM system on the planet. I am not sure what's with the limit of one colour and style per message though.

I use BitlBee as my MSN client, and I can attest that the uptime/reliability of the MSN servers is quite good, measured in weeks (and that's mainly just reconnect-to-another-server downtime, significant downtime's only occurred a couple times in the past two years).

As for the arbitrary blocking/dropping of messages based on random terms - happens in BitlBee too.

I assume this is some sort of spam filter that only affects clients that don't properly identify to the server (e.g. Pidgin).

I guess the "side" effect, that this makes non MS-clients almost unusable is not entirely bad for MS. Other companies providing IM services have been very uncooperative towards alternative clients as well.

codeman38:

Heron:

Windows Live Messenger also blocks links ending in .info:

 if you send "www.visitmysite.info" to a friend, it will block the message entirely.  I also use Pidgin, so I'm pretty sure they (microsoft) block it themselves.
 

OK, I had to see if MS was as stupid here in their implementation as I expected...and I was right.

They block '.info' ANYWHERE in a message.

Even if it's, say, www.infoworld.com. Or myPackageName.InformationRecord. Context does not matter whatsoever.

::sound of head hitting desk repeatedly::

asuffield:

Anybody who's serious about using a unix platform doesn't use them for file management - the shell is just so much better at it than any GUI created so far. As such, all the X11 file managers are designed for immigrants from windows and macosx, so they tend to duplicate some of the insanity.

asuffield:

Daniel Beardsmore:

I wonder, do any of the X11 file managers get all this right?

Anybody who's serious about using a unix platform doesn't use them for file management - the shell is just so much better at it than any GUI created so far. As such, all the X11 file managers are designed for immigrants from windows and macosx, so they tend to duplicate some of the insanity.

Try to use command line to manage a webdav folder :D

i particulary like the konqueror feature to filter content. Very usefull to manage content of /home/tchize/*.png and dont get bothered by other files :D 

joe.edwards@imaginuity.com:

I just discovered this accidentally when trying to paste the HTML snippet <a href="http://forums.worsethanfailure.com/forums/AddPost.aspx?ForumID=18#" onclick="window.scrollTo(0,0); return false;">Back To Top</a> to a coworker so I could explain that no scripting was necessary.  The server rejected my message.  I tried it a few times, varying the message slightly, and found that the characters [period] s c r would cause the send to fail, regardless of surrounding characters.  I use Pidgin, a multiprotocol IM client, so I'm fairly sure this filtering takes place on Microsoft's servers rather than on the client (the "server error" message also pointed in that direction).

I know .scr is the extension for a Windows screensaver, which is really an executable file in disguise.  It's a common vessel for viruses and I imagine the purpose of this nonsense is to prevent virus/spyware spam on their IM network.  Of course the result was that a perfectly legitimate message was rejected with no explanation, and I had to figure out what was going on so I could circumvent it.  I couldn't make any reference to the JavaScript function window.scrollTo at all, just in case I had some vague malicious intent.

I hate software that dictates my security policy to me [separately from company policy].  My email client automatically rejects any script or executable attachments, regardless of if I want them or not; it also flat out refuses to remember my password, despite the checkbox.  The IE on our server won't let us download archives from websites (necessary server utilities), until I flag that server explicitly as being trusted.  Almost everything on the Windows platform just feels like "it's our way or the highway" to me, and I find it alienating.  I don't like jumping through hoops that are there by-design to protect me from myself.

I'm sorry this devolved into an off-topic rant, but this sort of thing peeves me.  I supposedly administrate this network, but apparently I need a babysitter that can't be disabled.  That decision is reserved by the software; users and administrators have no say in the matter.  I know a corrollary of Murphy's law is that if a user can do something stupid, that user will do something stupid; but I think that's the prerogative of the user [or the employer of said user].  If something is inherently unsafe, warn me, and let me or some configurable policy decide what to do.

It doesn't even work, so far as I've heard.  Windows, IE, and Outlook exploits continue to crop up despite the weekly automatic vaccinations (which force a restart unless you figure out how to disable it.)  Intrusive-yet-ineffective security measures like this one just make my work more unpleasant, and steadily drain my enthusiasm until I consider converting to the Linux camp -- I installed it on my laptop and love the level of customization possible.

WWWWolf:

Trying to find the file from among the bazillion documents if you Know It Was Somewhere Here?

grep 

Subtle name-changes for a few files in the directory?

qmv

 

And especially, ordinary every-day opening of files for GUI application use

Passed as the final argument to the program.

tchize:

asuffield:

Daniel Beardsmore:

I wonder, do any of the X11 file managers get all this right?

Anybody who's serious about using a unix platform doesn't use them for file management - the shell is just so much better at it than any GUI created so far. As such, all the X11 file managers are designed for immigrants from windows and macosx, so they tend to duplicate some of the insanity.

Try to use command line to manage a webdav folder :D

davfs2 or fusedav. So much better than something that only works with KDE applications.

I'm not sure whether I was using Pidgin when I tested that.  However, for kicks and giggles, I'm in Windows right now, using Windows Live Messenger, and my wife is sitting next to me on *her* laptop logged in to Windows Live Messenger.  We are both using the newest version.

the string ".info" is blocked.

the strings ".exe", ".inf", and (of course) ".com" are not blocked.

So no, this is not an issue that only affects non-Microsoft clients.  This is a Microsoft server-side issue, which implies that it is done on purpose.

I use MSN because I know a lot of people that do.  I rarely see significant server downtime (less than two or three times a year) whether I'm using Pidgin or Windows Live Messenger.

Hm ... I think I've seen some good .info sites, but nothing specific comes to mind.

However, this is funny — from the regular-expressions.info site:

[You] could use the regular expression \b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}\b Analyze this regular expression with RegexBuddy to search for an email address. Any email address, to be exact.

Aside from the seemingly random insertion of "Analyze this regular expression with RegexBuddy" caused by inserting a link into the sentence containing an image with an alt property (which rears the ugly head of title vs. alt usage), I am amused to see their attempt to match every single e-mail address.

I lose track of exactly which characters that expression won't match (and how many can be reasonably expected to occur in 99.999% of real addresses) but it would be nice if the site were to acknowledge the limitations of its expression. Or, hey, since it's a regular expression site, post the complete Borg Cube expression.

In its defence, the "properly formatted email address" does at least go on to explain the limitations of then above expression. But it did say "Any". In italics.

Cap'n Steve:

As a side note, has anyone ever seen a useful .info site? The only one I can think of is www.regular-expressions.info.

That one is more of a misinfo site. It's a jumbled mixture of correct information, misquotes, confusion, popular-but-wrong ideas, and advertising. Don't trust what you read there. 

Cap'n Steve:

As a side note, has anyone ever seen a useful .info site? The only one I can think of is www.regular-expressions.info.

First one I thought of was songtitle.info - which answers the age-old question "what was the song in that commercial?".

There's also colloquy.info, which, granted, is only useful if you use OS X and participate in IRC chats. Given that I've shared the link with Mac folks who were dissatisfied with Ircle, I think it's useful, anyway. :-p

Daniel Beardsmore:

The extension change warning is perfectly valid, but it's a symptom of at least one larger problem. I will work on the assumption that extensions are worthwhile, although I am not sure about this either. The primary problem, and it's wonderful to see that Apple made the same mistake as Microsoft, is that graphical file rename selects the entire name including the extension. Therefore, if you type, or paste in, a whole new name, you automatically wipe out the extension.

Vista actually fixes this issue. When you go to rename a file it selects all but the extension. At least they got something right with it. 

(10:53:59 PM) Telcontar: oo ...
Generating gallery:
Path: v0/v0g00 -
Warning: chdir(): No such file or directory (errno 2) in /usr/local/...../generategallery.php on line 87
0 images found.
(10:54:01 PM) Message could not be sent because a connection error occurred:
...

The "....." is not obfuscation -- it was where I removed two instances of ".com" and other cruft to placate MSN. Still no dice.

Seems that "generategallery.php" is considered another exploit, so I had to take ".php" off the end. Since ".php" is, well, rather commonplace on the Web, I wonder how many other valid URLs get blocked. It doesn't seem to have been too bothered about my site (all PHP pages) but a lot of my URLs end with '/' as I consider "index.*" unsightly.

At least it's good to know that Vista's Explorer has a time-saving improvement, to make up for the time wasted moving items to the Recycle Bin ...

Daniel Beardsmore:

The extension change warning is perfectly valid, but it's a symptom of at least one larger problem. I will work on the assumption that extensions are worthwhile, although I am not sure about this either. The primary problem, and it's wonderful to see that Apple made the same mistake as Microsoft, is that graphical file rename selects the entire name including the extension. Therefore, if you type, or paste in, a whole new name, you automatically wipe out the extension.

Not in Vista. In attached image, taken immediately after right click > rename (or double click on name) top = XP, bottom = Vista. One of the few immediately noticeable improvements in my experimentation. Edit: I see I've been beaten to this point.

AbbydonKrafts:

OMFG! I wonder what other hidden blocks it has.

I'm glad I don't use that thing...

.pif
.scr
grouppicture.php
groupicture.php
gallery.php
staff.php
pics.php
rottentomatoes.us
msn.php\?email=
download.php
www.baratinha.mypets.ws
www.messangerstats.net
www.messengertools.org
www.stuffplug.com/temp/downgrdr.exe
69.56.129.67/gift.com
xmas-2006
miralafoto/foto.exe
168.169.78.19
profile.php\?
tufoto
www.hornymatches.com
www.iwantu.com
www.block-checker.com
verti2/fantasma.zip
www.amigosparasempre.smtp.ru
www.amigosparasempro.smtp.ru
armazfiles.smtp.ru
www.chinacircle.com
www.mensagemparavc.mail15.com
www.mprofiles.net/members.php\?msn=
www.930le.com
www.66663.cn
www.shusu.cn
www.1717wan.cn
www.995ba.com
www.mydipan.cn
www.51kongqi.com
www.94nile.com/apple
sweetpictures.myphotos.cc/katiesex.pif
201.22.6.4/fotos/safada.html
www.life365.com
www.photogbase.com/pictures.php\?photo656.jpg
chnstudio.com/upload/impluse.exe
shurl.org/myhomepage
p1377.pic-myspace.info
www.mypengyou.com
pic831.mp3-myspace.com
www.51pingguo.cn
88chi.com
nihao52.com
81copy.com
myonlinecam.net
77885.cn
51zhaogu.com
51shejiao.cn
gangen.cn
wangw.cn
uglyphotos.net
funpic.de
505united.com
t35.com
quicknews.info
symantec.com/security_response/writeup.jsp\?docid=2004-120714-0643-99
members.lycos.co.uk/svy21/t/contact.php
sonresimler1.googlepages.com/ozelresimler.htm
viotagallery.com
www.spotyourface.net/main/pictures/sexy
image001.png
image002.gif
funbuddyicons.com
wellwell.biz
casedinjertionkderunhdaseo.com
jertionkdewiondaserunf.com
butuinkdesionmas.com
imp.exe
bush-gracioso.exe
www.windowslivemessenger.biz/msn/msn.php
memebers.lycos.co.uk/getmessenger
get-messenger
belgravehelpdesk.com
xpimad.com
album.zip
malbranche.goracer.de
albrahem.com
improfile.net
unknowntools.com
www.dreamlife365.com/member/
hetandunhasde.com
www.mensageirovirtual.land.rup

Daniel15:

For anyone that's wondering about this, here's a full list of everything that's censored:

symantec.com/security_response/writeup.jsp\?docid=2004-120714-0643-99

...

They are clearly insane. Why that particular one? 

asuffield:

Daniel15:

For anyone that's wondering about this, here's a full list of everything that's censored:

symantec.com/security_response/writeup.jsp\?docid=2004-120714-0643-99

...

They are clearly insane. Why that particular one? 

Exactly what I thought once I read the post. What did that point to though? I just get a 404 if I try to access it now. 

Daniel15:

To get around a lot of the blocking, you can use "%2e" instead of "." (eg. download%2ephp).

Which shows once again how utterly pointless and moronic this kind of block is. Every halfway determined spammer can easily circumvent it. Average Joe User, however can't. So the *only* impact this block has at all is to annoy users. Well done. Really well done.

asuffield:

Daniel15:

For anyone that's wondering about this, here's a full list of everything that's censored:

symantec.com/security_response/writeup.jsp\?docid=2004-120714-0643-99

...

They are clearly insane. Why that particular one? 

I don't know why it's got \? in there, but here is a link to it. As far as I can tell, it's a piece of adware that adds itself to autorun under the name "MSN Messenger". Perhaps they're worried that people will see that and think their OS is insecure?

rbowes:

I don't know why it's got \? in there ...

In the original list, they were all regular expressions. Daniel15 probably converted all the escaped dots, but didn't also spot the escaped question marks.

Daniel Beardsmore:

rbowes:

I don't know why it's got \? in there ...

In the original list, they were all regular expressions. Daniel15 probably converted all the escaped dots, but didn't also spot the escaped question marks.

.p
.s
grouppicture.p
groupicture.ph
gallery.php
staff.ph
pics.php
msn.php?email
download.ph
xmas-2006
miralafoto/foto.e
profile.php
tufoto
verti2/fantasma.z
armazfiles.smtp.
chnstudio.com/upload/impluse.ex
t35.c
members.lycos.co.uk/svy21/t/contact.ph
sonresimler1.googlepages.com/ozelresimler.htm
viotagallery.c
image001.pn
image002.gi
funbuddyicons.com
wellwell.bi
casedinjertionkderunhdaseo.co
jertionkdewiondaserunf.com
butuinkdesionmas.com
imp.e
bush-gracioso.exe
memebers.lycos.co.uk/getmessenger
get-messenge
belgravehelpdesk.com
xpimad.c
album.zi
malbranche.goracer.
albrahem.co
improfile.n
unknowntools.c
hetandunhasde.com
thecoolpics.ne
.*www.provnarkotika.com.*
gratishost.com
dreamlife365.c
whoadmitsyou.c
blockoo.com
baratinha.mypets.ws
messangerstats.ne
messengertools.or
stuffplug.com/temp/downgrdr.exe
hornymatches.c
iwantu.c
block-checker.com
amigosparasempre.smtp.
amigosparasempro.smtp.
chinacircle.co
mensagemparavc.mail15.com
mprofiles.net/members.php?msn=
930le.co
66663.cn
shusu.cn
1717wan.
995ba.co
mydipan.
51kongqi.co
94nile.c
life365.com
photogbase.com/pictures.php?photo656.j
mypengyou.c
51pingguo.c
spotyourface.net/main/pictures/sexy
windowslivemessenger.bi
mensageirovirtual.land.ru
provnarkotika.com
tinyurl.com/asdkfh13
wasedinterfunva.c
qerunherdasfunkin.co
photos.z
.*2nnvc7.
.*urltea.com.*
urltea.com/p2s
tinyurl.com/2nnvc
linkangel.net/msn
messenger-tips.co
imrealm.com
blocknblock.co
imtract.com
blockinri
messaging-names
tebloqueo.c
mesns.co
.*messenger-tips.com
.*get-messenger.com.
.*hotbeachpics.net.*
.*wadesuntiondketunhasde.com.
.*la.gg/upl
cbswest.com
newmsn
cirnews.com
.*easedrunkiondehunfans.com.*
.*amazingsexy.net
.*nishiwo.com.
.*vetionkdesunjadefin.com.
.*handeusjinkdewshishu.com
.*pozaseruiasterduin.com.*
.*okinyunhfeunasterfunjin.com
.*messengerscan.com.
.*.info.
.*messenger-scan.*
.*my-msn.servebeer.com
.*summer2008
.*images.zip.*
.*messengerscan.net.
.*msn-csi.tk.*
.*messenger-contacts.tk
.*xedinkiontnherioplinades.com.*
.*messenger-list.com
.*messengercheck.biz
.*msn-contacts.tk
.*myalbum2007.zip
.*cirnews.com.
.*messenger-checker.tk.
.*msn-live-scanner.tk.*
.*msn-scanner.tk.
.*bloockoo.net

Daniel15:

AbbydonKrafts:

OMFG! I wonder what other hidden blocks it has.

I'm glad I don't use that thing...

For anyone that's wondering about this, here's a full list of everything that's censored:

.pif
.scr
grouppicture.php
groupicture.php
gallery.php
staff.php
pics.php
rottentomatoes.us
msn.php\?email=
download.php
www.baratinha.mypets.ws
www.messangerstats.net
www.messengertools.org
www.stuffplug.com/temp/downgrdr.exe
69.56.129.67/gift.com
xmas-2006
miralafoto/foto.exe
168.169.78.19
profile.php\?
tufoto
www.hornymatches.com
www.iwantu.com
www.block-checker.com
verti2/fantasma.zip
www.amigosparasempre.smtp.ru
www.amigosparasempro.smtp.ru
armazfiles.smtp.ru
www.chinacircle.com
www.mensagemparavc.mail15.com
www.mprofiles.net/members.php\?msn=
www.930le.com
www.66663.cn
www.shusu.cn
www.1717wan.cn
www.995ba.com
www.mydipan.cn
www.51kongqi.com
www.94nile.com/apple
sweetpictures.myphotos.cc/katiesex.pif
201.22.6.4/fotos/safada.html
www.life365.com
www.photogbase.com/pictures.php\?photo656.jpg
chnstudio.com/upload/impluse.exe
shurl.org/myhomepage
p1377.pic-myspace.info
www.mypengyou.com
pic831.mp3-myspace.com
www.51pingguo.cn
88chi.com
nihao52.com
81copy.com
myonlinecam.net
77885.cn
51zhaogu.com
51shejiao.cn
gangen.cn
wangw.cn
uglyphotos.net
funpic.de
505united.com
t35.com
quicknews.info
symantec.com/security_response/writeup.jsp\?docid=2004-120714-0643-99
members.lycos.co.uk/svy21/t/contact.php
sonresimler1.googlepages.com/ozelresimler.htm
viotagallery.com
www.spotyourface.net/main/pictures/sexy
image001.png
image002.gif
funbuddyicons.com
wellwell.biz
casedinjertionkderunhdaseo.com
jertionkdewiondaserunf.com
butuinkdesionmas.com
imp.exe
bush-gracioso.exe
www.windowslivemessenger.biz/msn/msn.php
memebers.lycos.co.uk/getmessenger
get-messenger
belgravehelpdesk.com
xpimad.com
album.zip
malbranche.goracer.de
albrahem.com
improfile.net
unknowntools.com
www.dreamlife365.com/member/
hetandunhasde.com
www.mensageirovirtual.land.rup

To get around a lot of the blocking, you can use "%2e" instead of "." (eg. download%2ephp).