vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   vBulletin 4.x Add-ons (https://vborg.vbsupport.ru/forumdisplay.php?f=245)
-   -   Anti-Spam Options - Automatically deny registration for users with multi-dotted email address (https://vborg.vbsupport.ru/showthread.php?t=283540)

cloferba 05-26-2012 10:00 PM
Automatically deny registration for users with multi-dotted email address
 
1 Attachment(s)
On my forum many bots have multi-dotted email address so I wanted to avoid them to create a new account on my forum.

The way to do this is create a new plugin to recognize these multi-dotted email address provided at time of registration and delete them automatically.

Steps:
  • Create a new plugin using hook userdata_start
  • Use this code:
Code:
$this->validfields['email'][VF_CODE] = '
    $max_dots = 1;
    if ($retval = $dm->verify_useremail($data))
    {
        $parts = explode("@", $data);
        if (is_array($parts) && substr_count($parts[0], ".") > $max_dots)
        {
            $dm->error("bademail");
            $retval = false;
        }
    }
    return $retval;
';
It only checks the part before the '@', so set $max_dots to the number of dots you will allow (I think one dot in an email name probably isn't unusual, but that's up to you). Also, this uses the default 'bademail' phrase, but if you'd rather have a special error messages for "too many dots" you can create a phrase and use the varname in place of 'bademail'.

Special thanks to kh99 who provided this solution.

copjend 05-27-2012 07:09 PM
Many thank

Boofo 05-27-2012 07:15 PM
If you use email verification, that should catch the phony email addresses so they wouldn't be able to register, anyway. ;)

Snowhog 05-27-2012 07:36 PM
This plugin (not a MOD) was suggested to me based on my post that was answered by kh99 at https://vborg.vbsupport.ru/showpost....12&postcount=3

It doesn't delete registrants with multi-dotted emails, it merely prevents them from actually registering.

djbaxter 05-27-2012 07:49 PM
This is a good idea.

To prevent brain strain, can you easily tell me how to also check for semicolons or colons before the @? For a while I was getting Chinese bots with email address like gobbledygoop;more_gobbledygoop@somesite.com

Snowhog 05-27-2012 08:43 PM
You could write two additional plugins (give each a unique plugin name) using the code with only a slight modification.

Plugin to deny registration if email address contains any colons preceding the @
Code:
$this->validfields['email'][VF_CODE] = '
    $max_colons = 0;
    if ($retval = $dm->verify_useremail($data))
    {
        $parts = explode("@", $data);
        if (is_array($parts) && substr_count($parts[0], ":") > $max_colons)
        {
            $dm->error("bademail");
            $retval = false;
        }
    }
    return $retval;
';
Plugin to deny registration if email address contains any semicolons preceding the @
Code:
$this->validfields['email'][VF_CODE] = '
    $max_semicolons = 0;
    if ($retval = $dm->verify_useremail($data))
    {
        $parts = explode("@", $data);
        if (is_array($parts) && substr_count($parts[0], ";") > $max_semicolons)
        {
            $dm->error("bademail");
            $retval = false;
        }
    }
    return $retval;
';
I'm sure that these could be incorporated into the original plugin, but I'm not a coder, so maybe kh99 can suggest how to do that.

Boofo 05-27-2012 08:52 PM
You should be able to do a preg_match to cover all of them in a single piece of code.

djbaxter 05-27-2012 09:53 PM
Thanks. I'll play around with this a bit and see if I can make it one if a or b or c statement.

Boofo 05-27-2012 10:26 PM
Maybe make it a setting where you can add what to exclude. ;)

djbaxter 05-27-2012 10:37 PM
That's probably a bit beyond my vBulletin skills.

Boofo 05-27-2012 11:53 PM
I have complete faith in you, sir.

djbaxter 05-28-2012 12:24 AM
LOL. Well you're not going to get rich that way. :)

Boofo 05-28-2012 12:40 AM
I'll always be rich in friendship with you as a friend. ;)

kh99 05-28-2012 01:46 AM
Quote:
Originally Posted by Snowhog (Post 2333653)
You could write two additional plugins (give each a unique plugin name) using the code with only a slight modification.
That's a good thought, but unfortunately it won't work the way this is written. It replaces the code that verifies an email address, so if you have multiple plugins doing the same thing, only the last one to run would have any effect.

You might be able to do something like this:

Code:
$this->validfields['email'][VF_CODE] = '
    $max_chars = array("." => 1, ":" => 0, ";" => 0);
    if ($retval = $dm->verify_useremail($data))
    {
        $parts = explode("@", $data);
        if (is_array($parts))
        {
          foreach($max_chars AS $char => $max)
          {
              if (substr_count($parts[0], $char) > $max)
              {
                      $dm->error("bademail");
                      $retval = false;
                      break;
              }
          }
        }
    }
    return $retval;
';

(But I haven't tested it at all).

Boofo 05-28-2012 01:52 AM
You could even make the array a setting option to expand it. ;)

John Lester 05-28-2012 06:08 AM
Shouldn't this be titled something like "Automatically deny registration for users with multi-dotted email address" since it doesn't actually delete anything?

cloferba 05-28-2012 10:51 AM
Quote:
Originally Posted by John Lester (Post 2333801)
Shouldn't this be titled something like "Automatically deny registration for users with multi-dotted email address" since it doesn't actually delete anything?
you are right :)

Boofo 05-28-2012 01:13 PM
Or "Prevent users from registering with SPAM-like email addresses". ;)

victorvu 05-28-2012 05:34 PM
Hi:

This is totally unrelated, but I ask anyway. Hope that I will get the suggestion.

I want to deny guests who IPs do not show up in the list. How can I do this?

Thanks.

Victor

djbaxter 05-29-2012 03:05 PM
Quote:
Originally Posted by kh99 (Post 2333746)
That's a good thought, but unfortunately it won't work the way this is written. It replaces the code that verifies an email address, so if you have multiple plugins doing the same thing, only the last one to run would have any effect.

You might be able to do something like this:
Perfect.

Slight modification to prevent commas, semicolons, and colons, since I got another Chinese bot this morning trying to register with the email "liantianha,ofangjiancong@gmail.com":


PHP Code:
$this->validfields['email'][VF_CODE] = '
    $max_chars = array("." => 1, "," => 0,  ";" => 0, ":" => 0);
    if ($retval = $dm->verify_useremail($data))
    {
        $parts = explode("@", $data);
        if (is_array($parts))
        {
           foreach($max_chars AS $char => $max)
           {
               if (substr_count($parts[0], $char) > $max)
               {
                      $dm->error("bademail");
                      $retval = false;
                      break;
               }
           }
        }
    }
    return $retval;
'

kh99 05-29-2012 03:34 PM
Quote:
Originally Posted by djbaxter (Post 2334312)
Slight modification to prevent commas, semicolons, and colons, since I got another Chinese bot this morning trying to register with the email "liantianha,ofangjiancong@gmail.com"...

Hmm, that's interesting because that code should still be calling the existing is_valid_email() function, which does a preg_match using some complicated pattern which looks like it doesn't allow commas in the name (or semicolons, for that matter). Maybe it's not calling that function like I think it is.

ETA: no, I'm wrong somewhere, because commas are allowed even if I disable this plugin. So, good addition.

ETA: actually it looks like it's a vb bug, a problem in that pattern. It contains "+-/" which allows characters from + through /, which are "+ , - . /". The effect is only to allow commas when they shouldn't be allowed (the - should be escaped, or listed first or last).


(I missed your post, nhawk - did you beat me to it?)

dilbert 05-29-2012 04:01 PM
I'm not knocking the mod, but what about people with legitimate periods in their email?
An interesting note for Gmail users, the number of periods is irrelevant.
myusername@gmail.com it the same as
my.user.name@gmail.com or
m.y.u.s.e.r.n.a.m.e@gmail.com.

Boofo 05-29-2012 04:11 PM
Most likely, if you're using:

Quote:
m.y.u.s.e.r.n.a.m.e@gmail.com
then you are spamming.

djbaxter 05-29-2012 04:50 PM
Quote:
Originally Posted by dilbert (Post 2334340)
I'm not knocking the mod, but what about people with legitimate periods in their email?
An interesting note for Gmail users, the number of periods is irrelevant.
myusername@gmail.com it the same as
my.user.name@gmail.com or
m.y.u.s.e.r.n.a.m.e@gmail.com.
It's your choice but you can set the number of allowed periods here:

PHP Code:
$max_chars = array("." => 1"," => 0,  ";" => 0":" => 0); 
Change that =>1 to =>2 or =>3 or whatever. Actually, on reflection, I went back and changed it to 2 on my forums.

But Boofo is correct: if you have more than 1 or 2 you're probably up to no good anyway.

Added: This works fine on a vBulletin 3.87 forum as well as 4.x.

dilbert 05-29-2012 05:16 PM
OK, just pointing out that at least Gmail ignores any periods before the @.

Boofo 05-29-2012 05:30 PM
And that is exactly why you see a lot of gmail spammer addresses. ;)

dilbert 05-29-2012 05:54 PM
Yeah but...
They are the same address. Try it if you have Gmail. Send yourself something with a few extra periods before the @, it will still be delivered.
I don't want to keep taking this off-topic though.

djbaxter 05-29-2012 06:03 PM
Quote:
Originally Posted by dilbert (Post 2334382)
Yeah but...
They are the same address. Try it if you have Gmail. Send yourself something with a few extra periods before the @, it will still be delivered.
I don't want to keep taking this off-topic though.
No. Gmail may ignore them but most email clients and servers do not. And either way, it's a signal for spam that personally I want to eliminate/prevent.

The Rocketeer 05-30-2012 06:51 AM
Quote:
Originally Posted by Boofo (Post 2333602)
If you use email verification, that should catch the phony email addresses so they wouldn't be able to register, anyway. ;)
Are you sure Boofo?:erm: I use email verification (require clicking the activation link in the email sent after registration). However we get quite some bogus email members who are able to register. So you could use a bogus email to register.:confused:

wish there was better ways to prevent spammers..:(

was sent here from here https://vborg.vbsupport.ru/showthread.php?t=283667

djbaxter 05-30-2012 11:20 AM
Quote:
Originally Posted by The Rocketeer (Post 2334559)
Are you sure Boofo?:erm: I use email verification (require clicking the activation link in the email sent after registration). However we get quite some bogus email members who are able to register. So you could use a bogus email to register.:confused:

wish there was better ways to prevent spammers..:(

was sent here from here https://vborg.vbsupport.ru/showthread.php?t=283667
Answered in that thread at https://vborg.vbsupport.ru/showpost....22&postcount=3

Boofo 05-30-2012 11:39 AM
Quote:
Originally Posted by The Rocketeer (Post 2334559)
Are you sure Boofo?:erm: I use email verification (require clicking the activation link in the email sent after registration). However we get quite some bogus email members who are able to register. So you could use a bogus email to register.:confused:

wish there was better ways to prevent spammers..:(

was sent here from here https://vborg.vbsupport.ru/showthread.php?t=283667
How can a bogus email register if you are using email verification? The email addy HAS to be good to get the verification email in the first place.

djbaxter 05-30-2012 12:55 PM
Quote:
Originally Posted by Boofo (Post 2334636)
How can a bogus email register if you are using email verification? The email addy HAS to be good to get the verification email in the first place.
If the member was able to register with a bogus email but has not yet replied to the activation email, he might be able to post if the permissions for that group are not set correctly.

See https://vborg.vbsupport.ru/showpost....22&postcount=3

Boofo 05-30-2012 01:31 PM
It doesn't make much sense to use email verification AND allow them to post before they verify. Might as well not even bother with email verification at that point.

djbaxter 05-30-2012 01:47 PM
Exactly. But when I first started using vBulletin, I found the sheer number of options a bit overwhelming and some of my settings in the early days didn't make a lot of sense either.

Additionally, if a forum has more than one Admin, sometimes things can get messed up that way - best to restrict the permissions of co-admins to avoid this.

Boofo 05-30-2012 02:01 PM
IIRC, guests aren't allowed to posts in the default vb install settings. I have never understood why some of these sites allow guests to post. That causes more problems than anything when it comes to spammers.

djbaxter 05-30-2012 04:25 PM
I agree. But Guests are usergroup #1 by default. Users Awaiting Email Confirmation are usergroup #3. I don't recall what the defaults for usergroup 3 are.

Dylan Leblanc 05-06-2014 07:20 PM
Thanks for this. I used this plugin, but did

[pre]$dm->error("humanverify_image_wronganswer");[/pre]so that the spammers (hopefully!) don't catch on that I've blocked their email address and then change their tactics.

Naijasite 05-25-2014 10:08 PM
I have a lot of spam Bot registration with similar username typs with Caps lock after the first word in the username.

Example of spam username:
IKowalski
KMcClella
KDesmond

Please how can i deny registration with username with caps lock on forum registration.

First word can have Caps lock other word should be lower case.

Your assistance will be appreciated.
__________________

BlooD 09-24-2014 03:10 PM
hello,

How to please Require a unique email address during registration.

Thank you very much and good day!


All times are GMT. The time now is 06:12 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01670 seconds
  • Memory Usage 1,837KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (4)bbcode_code_printable
  • (2)bbcode_php_printable
  • (11)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (39)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete