XMB Forum Software

[New] Prevent registrations from users with subdomains in the email addresses

solbu - 1-15-2019 at 02:19 AM

Full Board URL: https://www.kristshell.net/pnp/forum/
XMB Version: 1.9.11


I help run a support forum for a mIRC script (I am the server admin)
We get a lot of spam registrations from users who most often put links to spam content by entering links to their crap in their BIOs, signatures or the URL fields.

When they register, they allmost allways use subdomains in their e-mail addresses when registering, e.g. subdomain.example.tld.

Is it possible to block all registrations when the email address contains a subdomain?
Idealy we would like to add this ban "*.*.*", but is that possible without blocking every single new registration in the proccess?

Jenny Lee - 2-3-2019 at 03:49 PM

Have in mind that not all email addresses using sub-domain are evil. That could lead into potential problems of denying a completely legit user that tries to register.

The best thing would be to use some social login integration(facebook, twitter you name it) and completely abolish registering by e-mail. I doubt spammers would be able to create dozens of Facebook accounts every-time they get banned on your website. They would end up banned by fb staff before they even reach your website. The big companies handles spammers quite efficiently so login-in trough them saves you a great deal.

Now about the thing you wish to accomplish... There are 3 ways of doing that.

1st. Using an online email verification api. They usually aren't free, but does the job perfectly. You don't have to worry about losing legitimate users. It's very unlikely for them to false flag a spam email.

2nd. Using your own white(black)-list of email domains.

Something like that would do the job:

If you intend to use it don't forget to show "allowed email list" in the registration page, so users would know what kind of email addresses they need in order to be on your website.

<?php $email = $_GET['email']; if( filter_var( $email, FILTER_VALIDATE_EMAIL ) ) { $domain = array_pop(explode('@', $email)); } else exit('Invalid email.'); $allowed_domains = ['gmail.com', 'outlook.com','yahoo.com','mail.com']; //the more legitimate ones you add the better if (in_array($domain,$allowed_domains)) { print $email.' is allowed to register'; } else { print $email.' is not allowed to register'; }

For example:

janedoe@gmail.com would return true
janedoe@subdomain.gmail.com would return false
janedoe@othersubdomain.gmail.com would return false
Any other valid email domain that's not in "$allowed_domains" also would return false

3rd. Using regex to deny sub-domain emails. (It's more complex.)

You would have to preg_match an email address in order to detect the usage of sub-domain and deny it from registering.