XMB Forum Software
Not logged in [Login - Register]
Go To Bottom

Printable Version  
Author:

[New] Prevent registrations from users with subdomains in the email addresses

solbu
Member
***




Posts: 29
Registered: 1-10-2007
Location: Norway
Member Is Offline

Mood: No Mood

question.gif posted on 1-15-2019 at 02:19 AM
[New] Prevent registrations from users with subdomains in the email addresses


Full Board URL: https://www.kristshell.net/pnp/forum/
XMB Version: 1.9.11

Hello.

I help run a support forum for a mIRC script (I am the server admin)
We get a lot of spam registrations from users who most often put links to spam content by entering links to their crap in their BIOs, signatures or the URL fields.

When they register, they allmost allways use subdomains in their e-mail addresses when registering, e.g. subdomain.example.tld.

Is it possible to block all registrations when the email address contains a subdomain?
Idealy we would like to add this ban "*.*.*", but is that possible without blocking every single new registration in the proccess?




My posts are licensed under a Creative Commons license
View user's profile Visit user's homepage View All Posts By User
Jenny Lee
Member
***




Posts: 34
Registered: 7-21-2017
Location: England, UK
Member Is Offline

Mood: Meh. :P

[*] posted on 2-3-2019 at 03:49 PM


Have in mind that not all email addresses using sub-domain are evil. That could lead into potential problems of denying a completely legit user that tries to register.

The best thing would be to use some social login integration(facebook, twitter you name it) and completely abolish registering by e-mail. I doubt spammers would be able to create dozens of Facebook accounts every-time they get banned on your website. They would end up banned by fb staff before they even reach your website. The big companies handles spammers quite efficiently so login-in trough them saves you a great deal.


Now about the thing you wish to accomplish... There are 3 ways of doing that.


1st. Using an online email verification api. They usually aren't free, but does the job perfectly. You don't have to worry about losing legitimate users. It's very unlikely for them to false flag a spam email.

2nd. Using your own white(black)-list of email domains.

Something like that would do the job:

If you intend to use it don't forget to show "allowed email list" in the registration page, so users would know what kind of email addresses they need in order to be on your website.

Code:
<?php $email = $_GET['email']; if( filter_var( $email, FILTER_VALIDATE_EMAIL ) ) { $domain = array_pop(explode('@', $email)); } else exit('Invalid email.'); $allowed_domains = ['gmail.com', 'outlook.com','yahoo.com','mail.com']; //the more legitimate ones you add the better if (in_array($domain,$allowed_domains)) { print $email.' is allowed to register'; } else { print $email.' is not allowed to register'; }


For example:

janedoe@gmail.com would return true
janedoe@subdomain.gmail.com would return false
janedoe@othersubdomain.gmail.com would return false
Any other valid email domain that's not in "$allowed_domains" also would return false

3rd. Using regex to deny sub-domain emails. (It's more complex.)

You would have to preg_match an email address in order to detect the usage of sub-domain and deny it from registering.


View user's profile View All Posts By User

  Go To Top

Powered by XMB 1.9.11 (Debug Mode)
Forum Script Software by XMB © 2001-2017 The XMB Group
[Queries: 16] [PHP: 20.4% - SQL: 79.6%]
Funded with thanks to competitions website.