PDA

View Full Version : Anti-Spam Options - Automatically deny registration for users with multi-dotted email address


cloferba
05-26-2012, 10:00 PM
On my forum many bots have multi-dotted email address so I wanted to avoid them to create a new account on my forum.

The way to do this is create a new plugin to recognize these multi-dotted email address provided at time of registration and delete them automatically.

Steps:

Create a new plugin using hook userdata_start


Use this code:

$this->validfields['email'][VF_CODE] = '
$max_dots = 1;
if ($retval = $dm->verify_useremail($data))
{
$parts = explode("@", $data);
if (is_array($parts) && substr_count($parts[0], ".") > $max_dots)
{
$dm->error("bademail");
$retval = false;
}
}
return $retval;
';

It only checks the part before the '@', so set $max_dots to the number of dots you will allow (I think one dot in an email name probably isn't unusual, but that's up to you). Also, this uses the default 'bademail' phrase, but if you'd rather have a special error messages for "too many dots" you can create a phrase and use the varname in place of 'bademail'.

Special thanks to kh99 (https://vborg.vbsupport.ru/member.php?u=346440) who provided this solution.

copjend
05-27-2012, 07:09 PM
Many thank

Boofo
05-27-2012, 07:15 PM
If you use email verification, that should catch the phony email addresses so they wouldn't be able to register, anyway. ;)

Snowhog
05-27-2012, 07:36 PM
This plugin (not a MOD) was suggested to me based on my post that was answered by kh99 at https://vborg.vbsupport.ru/showpost.php?p=2333212&postcount=3

It doesn't delete registrants with multi-dotted emails, it merely prevents them from actually registering.

djbaxter
05-27-2012, 07:49 PM
This is a good idea.

To prevent brain strain, can you easily tell me how to also check for semicolons or colons before the @? For a while I was getting Chinese bots with email address like gobbledygoop;more_gobbledygoop@somesite.com

Snowhog
05-27-2012, 08:43 PM
You could write two additional plugins (give each a unique plugin name) using the code with only a slight modification.

Plugin to deny registration if email address contains any colons preceding the @
$this->validfields['email'][VF_CODE] = '
$max_colons = 0;
if ($retval = $dm->verify_useremail($data))
{
$parts = explode("@", $data);
if (is_array($parts) && substr_count($parts[0], ":") > $max_colons)
{
$dm->error("bademail");
$retval = false;
}
}
return $retval;
';


Plugin to deny registration if email address contains any semicolons preceding the @
$this->validfields['email'][VF_CODE] = '
$max_semicolons = 0;
if ($retval = $dm->verify_useremail($data))
{
$parts = explode("@", $data);
if (is_array($parts) && substr_count($parts[0], ";") > $max_semicolons)
{
$dm->error("bademail");
$retval = false;
}
}
return $retval;
';
I'm sure that these could be incorporated into the original plugin, but I'm not a coder, so maybe kh99 can suggest how to do that.

Boofo
05-27-2012, 08:52 PM
You should be able to do a preg_match to cover all of them in a single piece of code.

djbaxter
05-27-2012, 09:53 PM
Thanks. I'll play around with this a bit and see if I can make it one if a or b or c statement.

Boofo
05-27-2012, 10:26 PM
Maybe make it a setting where you can add what to exclude. ;)

djbaxter
05-27-2012, 10:37 PM
That's probably a bit beyond my vBulletin skills.

Boofo
05-27-2012, 11:53 PM
I have complete faith in you, sir.

djbaxter
05-28-2012, 12:24 AM
LOL. Well you're not going to get rich that way. :)

Boofo
05-28-2012, 12:40 AM
I'll always be rich in friendship with you as a friend. ;)

kh99
05-28-2012, 01:46 AM
You could write two additional plugins (give each a unique plugin name) using the code with only a slight modification.

That's a good thought, but unfortunately it won't work the way this is written. It replaces the code that verifies an email address, so if you have multiple plugins doing the same thing, only the last one to run would have any effect.

You might be able to do something like this:

$this->validfields['email'][VF_CODE] = '
$max_chars = array("." => 1, ":" => 0, ";" => 0);
if ($retval = $dm->verify_useremail($data))
{
$parts = explode("@", $data);
if (is_array($parts))
{
foreach($max_chars AS $char => $max)
{
if (substr_count($parts[0], $char) > $max)
{
$dm->error("bademail");
$retval = false;
break;
}
}
}
}
return $retval;
';


(But I haven't tested it at all).

Boofo
05-28-2012, 01:52 AM
You could even make the array a setting option to expand it. ;)

John Lester
05-28-2012, 06:08 AM
Shouldn't this be titled something like "Automatically deny registration for users with multi-dotted email address" since it doesn't actually delete anything?

cloferba
05-28-2012, 10:51 AM
Shouldn't this be titled something like "Automatically deny registration for users with multi-dotted email address" since it doesn't actually delete anything?

you are right :)

Boofo
05-28-2012, 01:13 PM
Or "Prevent users from registering with SPAM-like email addresses". ;)

victorvu
05-28-2012, 05:34 PM
Hi:

This is totally unrelated, but I ask anyway. Hope that I will get the suggestion.

I want to deny guests who IPs do not show up in the list. How can I do this?

Thanks.

Victor

djbaxter
05-29-2012, 03:05 PM
That's a good thought, but unfortunately it won't work the way this is written. It replaces the code that verifies an email address, so if you have multiple plugins doing the same thing, only the last one to run would have any effect.

You might be able to do something like this:



Perfect.

Slight modification to prevent commas, semicolons, and colons, since I got another Chinese bot this morning trying to register with the email "liantianha,ofangjiancong@gmail.com":


$this->validfields['email'][VF_CODE] = '
$max_chars = array("." => 1, "," => 0, ";" => 0, ":" => 0);
if ($retval = $dm->verify_useremail($data))
{
$parts = explode("@", $data);
if (is_array($parts))
{
foreach($max_chars AS $char => $max)
{
if (substr_count($parts[0], $char) > $max)
{
$dm->error("bademail");
$retval = false;
break;
}
}
}
}
return $retval;
';

kh99
05-29-2012, 03:34 PM
Slight modification to prevent commas, semicolons, and colons, since I got another Chinese bot this morning trying to register with the email "liantianha,ofangjiancong@gmail.com"...


Hmm, that's interesting because that code should still be calling the existing is_valid_email() function, which does a preg_match using some complicated pattern which looks like it doesn't allow commas in the name (or semicolons, for that matter). Maybe it's not calling that function like I think it is.

ETA: no, I'm wrong somewhere, because commas are allowed even if I disable this plugin. So, good addition.

ETA: actually it looks like it's a vb bug, a problem in that pattern. It contains "+-/" which allows characters from + through /, which are "+ , - . /". The effect is only to allow commas when they shouldn't be allowed (the - should be escaped, or listed first or last).


(I missed your post, nhawk - did you beat me to it?)

dilbert
05-29-2012, 04:01 PM
I'm not knocking the mod, but what about people with legitimate periods in their email?
An interesting note for Gmail users, the number of periods is irrelevant.
myusername@gmail.com it the same as
my.user.name@gmail.com or
m.y.u.s.e.r.n.a.m.e@gmail.com.

Boofo
05-29-2012, 04:11 PM
Most likely, if you're using:

m.y.u.s.e.r.n.a.m.e@gmail.com

then you are spamming.

djbaxter
05-29-2012, 04:50 PM
I'm not knocking the mod, but what about people with legitimate periods in their email?
An interesting note for Gmail users, the number of periods is irrelevant.
myusername@gmail.com it the same as
my.user.name@gmail.com or
m.y.u.s.e.r.n.a.m.e@gmail.com.

It's your choice but you can set the number of allowed periods here:

$max_chars = array("." => 1, "," => 0, ";" => 0, ":" => 0);

Change that =>1 to =>2 or =>3 or whatever. Actually, on reflection, I went back and changed it to 2 on my forums.

But Boofo is correct: if you have more than 1 or 2 you're probably up to no good anyway.

Added: This works fine on a vBulletin 3.87 forum as well as 4.x.

dilbert
05-29-2012, 05:16 PM
OK, just pointing out that at least Gmail ignores any periods before the @.

Boofo
05-29-2012, 05:30 PM
And that is exactly why you see a lot of gmail spammer addresses. ;)

dilbert
05-29-2012, 05:54 PM
Yeah but...
They are the same address. Try it if you have Gmail. Send yourself something with a few extra periods before the @, it will still be delivered.
I don't want to keep taking this off-topic though.

djbaxter
05-29-2012, 06:03 PM
Yeah but...
They are the same address. Try it if you have Gmail. Send yourself something with a few extra periods before the @, it will still be delivered.
I don't want to keep taking this off-topic though.

No. Gmail may ignore them but most email clients and servers do not. And either way, it's a signal for spam that personally I want to eliminate/prevent.

The Rocketeer
05-30-2012, 06:51 AM
If you use email verification, that should catch the phony email addresses so they wouldn't be able to register, anyway. ;)

Are you sure Boofo?:erm: I use email verification (require clicking the activation link in the email sent after registration). However we get quite some bogus email members who are able to register. So you could use a bogus email to register.:confused:

wish there was better ways to prevent spammers..:(

was sent here from here https://vborg.vbsupport.ru/showthread.php?t=283667

djbaxter
05-30-2012, 11:20 AM
Are you sure Boofo?:erm: I use email verification (require clicking the activation link in the email sent after registration). However we get quite some bogus email members who are able to register. So you could use a bogus email to register.:confused:

wish there was better ways to prevent spammers..:(

was sent here from here https://vborg.vbsupport.ru/showthread.php?t=283667

Answered in that thread at https://vborg.vbsupport.ru/showpost.php?p=2334622&postcount=3

Boofo
05-30-2012, 11:39 AM
Are you sure Boofo?:erm: I use email verification (require clicking the activation link in the email sent after registration). However we get quite some bogus email members who are able to register. So you could use a bogus email to register.:confused:

wish there was better ways to prevent spammers..:(

was sent here from here https://vborg.vbsupport.ru/showthread.php?t=283667

How can a bogus email register if you are using email verification? The email addy HAS to be good to get the verification email in the first place.

djbaxter
05-30-2012, 12:55 PM
How can a bogus email register if you are using email verification? The email addy HAS to be good to get the verification email in the first place.

If the member was able to register with a bogus email but has not yet replied to the activation email, he might be able to post if the permissions for that group are not set correctly.

See https://vborg.vbsupport.ru/showpost.php?p=2334622&postcount=3

Boofo
05-30-2012, 01:31 PM
It doesn't make much sense to use email verification AND allow them to post before they verify. Might as well not even bother with email verification at that point.

djbaxter
05-30-2012, 01:47 PM
Exactly. But when I first started using vBulletin, I found the sheer number of options a bit overwhelming and some of my settings in the early days didn't make a lot of sense either.

Additionally, if a forum has more than one Admin, sometimes things can get messed up that way - best to restrict the permissions of co-admins to avoid this.

Boofo
05-30-2012, 02:01 PM
IIRC, guests aren't allowed to posts in the default vb install settings. I have never understood why some of these sites allow guests to post. That causes more problems than anything when it comes to spammers.

djbaxter
05-30-2012, 04:25 PM
I agree. But Guests are usergroup #1 by default. Users Awaiting Email Confirmation are usergroup #3. I don't recall what the defaults for usergroup 3 are.

Dylan Leblanc
05-06-2014, 07:20 PM
Thanks for this. I used this plugin, but did

$dm->error("humanverify_image_wronganswer");so that the spammers (hopefully!) don't catch on that I've blocked their email address and then change their tactics.

Naijasite
05-25-2014, 10:08 PM
I have a lot of spam Bot registration with similar username typs with Caps lock after the first word in the username.

Example of spam username:
IKowalski
KMcClella
KDesmond

Please how can i deny registration with username with caps lock on forum registration.

First word can have Caps lock other word should be lower case.

Your assistance will be appreciated.
__________________

BlooD
09-24-2014, 03:10 PM
hello,

How to please Require a unique email address during registration.

Thank you very much and good day!