How to restrict some of email providers on registration

Step1.

/inc/ design.inc.php

at the end of the file find
bx_import('BxDolAlerts');

and add this ABOVE it.

function ForbidenEmailProvider($Email)

     {
    
       $ForbidenEmailProvider[] = "@hotmail.";
       $ForbidenEmailProvider[] = "@msn.";
       $ForbidenEmailProvider[] = "@live.";
       $ForbidenEmailProvider[] = "@yahoo.";       
      
       foreach($ForbidenEmailProvider as $key => $value)
          {
          if ( strpos("zyx".$Email,$value) > 0 )
             return false;
          } 

       return true;

     }



Step2.

in administration / builders / profile fields (join form)
edit the email field click on advanced and replace

return (bool) preg_match('/^([a-z0-9\+\_\-\.]+)@([a-z0-9\+\_\-\.]+)$/i', $arg0);

WITH THIS

return ( ForbidenEmailProvider($arg0) and preg_match('/^([a-z0-9\+\_\-\.]+)@([a-z0-9\+\_\-\.]+)$/i', $arg0) );

Step3.

in administration / settings / languages settings look for

_FieldError_Email_Check

and edit the error msg. that's displayed, the default one is (please enter correct email) change to something like this

Invalid email address / or the email provider you are using is blacklisted.

or whatever you like.

That's it  you can add more email providers or remove some

$ForbidenEmailProvider[] = "@someprovider.";

One question can this auto check if the email is valid and not valid

No.

Nice work, prolaznik. There's a donut being sent through priority mail with your name on it.

This is good to have because now I can block this freaking 163.com, sohu.com, 21cn.com chinesse from join on my site

Block this email providers from the big spammer chinesse site

163.com

sohu.com

21cn.com

absolutely beautiful. matter of fact, this should have been placed in the market for sale, this is awesome, and extremely beneficial.

KUDOS

Prolaznik that's top notch... UFO add these to your list:

gmx.com
126.com
qq.com
yahoo.cn
mx8168.net

Thank a lot  @ mscottmscott  I will

Thank you Prolaznik ! This is what i wanted for quite some time now! Thank you so much! BIG Thumbs Up For you My Friend 

This is great. im going to get on it as soon as I have made my move to dedicated this week.

Is anyone compiling a definitive list?

Just seen this post and added the changes as recommended. Big thanks goes to prolaznik whos free contributions and many posts have helped out lots of people like me who would be lost without him. Nice one Prolaznik. havent tested yet but im sure it will work like a charm.

I had massive problem on my test site with at least 10 new spammer accounts a day. I couldnt use the email verification as i was using deanos fbconnect. Extreme as it was to combat this i edited site to only accept users registering with fbconnect accounts. as it was a test site anyway. Not one single spammer account was registered since that day.

Regards

Jim

Big Up! Prolaznik

Prolaznik

when putting the return ( ForbidenEmailProvider($arg0) and preg_match('/^([a-z0-9\+\_\-\.]+)@([a-z0-9\+\_\-\.]+)$/i', $arg0) ); into the email settings, i cant update my profile or anybody elses either. This is similar to a problem i had when using nicknames.

Soon as i remove that from the email advanced settings, i can save profile again.Any ideas whats causing it?

JIm

 i cant reproduce the error, after editing the profile info it saves for me.

try and change it to

return ( ForbidenEmailProvider($arg0) and ( DontUsedNickName($arg0) and preg_match('/^([a-z0-9\+\_\-\.]+)@([a-z0-9\+\_\-\.]+)$/i', $arg0) )

maybe you should download the nickname restriction from esase and remove that nickname mod you got.

I wanted to manage my list/array of denied e-mail hosts in a seperate read text file, so I've replaced the function with this:

function ForbidenEmailProvider($Email)

     {
    $file_handle = fopen("/PathToDolphin/inc/emailblacklist.txt", "rb");
    while (!feof($file_handle) ) {
        $ForbidenEmailProvider[] = fgets($file_handle);
    }
    fclose($file_handle);   

       foreach($ForbidenEmailProvider as $key => $value)
          {
          if ( strpos("zyx".$Email,$value) > 0 )
             return false;
          }

       return true;

     }

Hi Prolaznik

Tried as you suggested and to no avail. I downloaded and installed the esase mod as you suggested and still to no avail. If i remove the ( ForbidenEmailProvider($arg0)   part of the advanced email settings it works perfectly

Strange eh?

Jim

yes strange. Don't know what to tell you this is what i have
return ( ForbidenEmailProvider($arg0) and preg_match('/^([a-z0-9\+\_\-\.]+)@([a-z0-9\+\_\-\.]+)$/i', $arg0) );

did you uninstall your old nickname mod?

Hi Prolaznik

Yup sure did. I uninstalled it. Installed one you recommended, then followed your instructions. Checked database to make sure all changes had taken effect. Flushed cache, even rebooted laptop, still nothing. Im still looking at it now to resolve the issue. Cant find the problem but will post if I do.

Thanks for all your help.

Regards Jim

 Thanx

Also add yeah.net too.

Thanks to this mod know all chinesse from 163.com they cant join on my site

Hello and thanks for a great mod but I c an't get it to work with 7.0.7 and I've followed all instructions.  I'm not a programmer so I appreciate any and all help from the members of this site.  Is there an easier way to do this?  Someone told me you can add it to .htaccess?  Not sure.  Thanks again for the great work.  x

Sam

I have some to add to the list..

110mail.net

buybrandshop.info

lenfos.com

mailinator.com (poker spammer)

tom.com (game spammer)

hotmilitararygirls.com

speaktolearn.net

qtyhosting.com

@ Prolaznik. sounds great! What be the chance you have a solution for a 7.0.0 site? that isnt in /inc/ design.inc.php

it is in on one of my 7.0.6 sites though. (I know upgrade... Too much modifications already)

Thanks for the help as always!

Are all you guys using shared hosting? The reason I ask is that if you are on a VPS or a dedicated server you should just install mod_security and be done with it. With mod_security you can put in ONE LINE that will stop spammers from posting a link anywhere on ANY of your sites.. and when they can't post a link they normally don't even join.. you can also add a rule that reads a text file of email addresses and blocks them. Also modsec covers everything on the server.. so if you have 10 dolphin sites you don't have to fool with changing each one. You can even put rules in to block by geographic location.

I know I sound like a broken record always talking about modsec and CSF firewall but they are both open source and FREE.. stopping spammers, scammers and hackers should be one of the first things you work out before you take your site live. 

 how or where I can install mod_security so I can stop this stupid people

my sharehosting have mod_security installi'm talking to them right now on the live chat support so I can stop this jack ass

I thing the best way to block all this spammers site is using the site IP using the IP Blacklist let me know if i'm wrong on this one

This is me chating with hostgator support talking about the mod_security to stop spammers

________________________________________________________________________

(12:03:57 AM) Gabriel Ma: Welcome to HostGator Live Chat. My name is Gabriel. How may I help you today?
(12:04:05 AM) UFO360: Hey Gabriel,
(12:04:28 AM) Gabriel Ma: Hello UFO360. How may I help you today?
(12:04:28 AM) UFO360: Can you tell me how to install a mod_security for my share hosting
(12:04:54 AM) UFO360: that will stop spammers
(12:05:56 AM) Gabriel Ma: mod_security is already installed on our servers. With regards to spam, is there a certain domain, or group that is spamming your account?
(12:06:19 AM) UFO360: yea
(12:06:36 AM) UFO360: they all from china postign stupid post about hangbags etc
(12:06:52 AM) UFO360: take a look please
(12:06:54 AM) UFO360: http://domain.com/blogs/entry/decorated-with-bright-headwear
(12:07:02 AM) Gabriel Ma: OK, one moment.
(12:11:32 AM) Gabriel Ma: So you're receiving spam on this site?
(12:13:44 AM) Gabriel Ma: As in it's going into posts, or is it from emails?
(12:15:34 AM) UFO360: to post
(12:16:29 AM) Gabriel Ma: Unfortunately, there's not much we could do with regards to blocking specific spam posts. There are methods you could use that require custom programming however.
(12:16:46 AM) Gabriel Ma: Unfortunately we not be able to provide support or configure that for you.
(12:17:45 AM) UFO360: I only ask where I can go to do this
(12:18:53 AM) Gabriel Ma: OK, please allow me a moment while I gather some additional information for you.
(12:20:04 AM) UFO360: No problem - Thanks
(12:22:38 AM) Gabriel Ma: Also, what did you build this site with?
(12:22:46 AM) UFO360: Dolphin
(12:23:06 AM) Gabriel Ma: Have you looked to see if Dolphin has a plugin to help filter certain types of posts and content?
(12:24:07 AM) UFO360: I have to disable Auto Approval for Blogs to stop the spammers
(12:25:25 AM) Gabriel Ma: OK, but often there can be filters, and I'm looking for any currently, that can be used to help filter the traffic. As far as where the posts are coming from, we really aren't able to block this unless they're known problem IP addresses.
(12:29:09 AM) UFO360: So what I can do
(12:30:39 AM) Gabriel Ma: The best option I would say is to look to see if you can find a filter plugin or a developer to assist for this. This is actually a common issue with forum or posting sites, and spam is inevitable.
(12:32:50 AM) UFO360: I have a tool call IP Blacklist
(12:35:21 AM) Gabriel Ma: That could be an option to use if you have problem IPs you know about.
(12:35:41 AM) UFO360: Ok- Thanks a lot for the information and the support

_________________________________________________________________________________

Yeah, Hostgator probably has modsec installed with the default rules which would stop XSS and mysql injection. They can't add custom rules to stop link posting because it would effect all the other people with accounts on the server.

Shared hosting is a pain in the @$$!

They have a lot of spammers connected to them.

We all have spam coming from gmx

 Maybe you have the pain in the A#%^

because for me everything is working fine the only problem

if you need more php.ini limit you need a VPS or DS but for me everything is working fine. I own 10 domains and they all runing fine on share hosting  2 domains runing dolphin and runing fine

Doesn't work for me (Dolphin 7.0.4),

I added this to the design.inc.php file as you described ;

//*******************************************

// Additional lines to block spammer domains

function ForbidenEmailProvider($Email)

     {

       $ForbidenEmailProvider[] = "@163.";

       $ForbidenEmailProvider[] = "@110mail.";

       $ForbidenEmailProvider[] = "@21cn.";

  $ForbidenEmailProvider[] = "@sohu.";        

  $ForbidenEmailProvider[] = "@mx8168.";      

       foreach($ForbidenEmailProvider as $key => $value)

          {

          if ( strpos("zyx".$Email,$value) > 0 )

             return false;

          }  

       return true;

     }

//*******************************************

As soon as I put the new line into administration / builders / profile fields (join form) when any email address is entered the "join now" button ceases to function.

any advice?

I really want to get this working.. I'm on the verge of getting rid of dolphin because of this lack of, what I consider to be, a vital feature.

Paul

I've figured out why the join button was ceasing to function for some on Prolaznik's fix...

In design.inc.php, the code in my file was different to others (unsure whether due to previous modifications or discrepancies between version 7.0.3 and other versions...

At the bottom of your design.inc.php, you should see the following two lines:-

$oZ = new BxDolAlerts('system', 'design_included', 0);
$oZ->alert();

What is directly above these two lines? If you don't see the following line, then this will likely fix the issue:-

bx_import('BxDolAlerts');

Copy and paste the following into your design.inc.php file above:-

$oZ = new BxDolAlerts('system', 'design_included', 0);
$oZ->alert();

===

//block registrations using specific email providers
function ForbidenEmailProvider($Email)

     {  
       $ForbidenEmailProvider[] = "@163.com";
       $ForbidenEmailProvider[] = "@sohu.com";
       $ForbidenEmailProvider[] = "@21cn.com";
       $ForbidenEmailProvider[] = "@gmx.com";
       $ForbidenEmailProvider[] = "@126.com";
       $ForbidenEmailProvider[] = "@qq.com";
       $ForbidenEmailProvider[] = "@yahoo.cn";
       $ForbidenEmailProvider[] = "@mx8168.net";
       $ForbidenEmailProvider[] = "@110mail.net";
       $ForbidenEmailProvider[] = "@buybrandshop.info";
       $ForbidenEmailProvider[] = "@lenfos.com";
       $ForbidenEmailProvider[] = "@mailinator.com";
       $ForbidenEmailProvider[] = "@tom.com";
       $ForbidenEmailProvider[] = "@hotmilitararygirls.com";
       $ForbidenEmailProvider[] = "@speaktolearn.net";
       $ForbidenEmailProvider[] = "@qtyhosting.com";
       $ForbidenEmailProvider[] = "@12gohere.net";
       $ForbidenEmailProvider[] = "@boxedchristmascards.ne";
       $ForbidenEmailProvider[] = "@yeah.net";
       $ForbidenEmailProvider[] = "@free-medicine.net";
       $ForbidenEmailProvider[] = "@satiny.co.uk";
       $ForbidenEmailProvider[] = "@energyforthehome.com";
       $ForbidenEmailProvider[] = "@dunkssb.net";
       $ForbidenEmailProvider[] = "@pumpkincarving.org";
       $ForbidenEmailProvider[] = "@theory-test-practice.co.uk";
       $ForbidenEmailProvider[] = "@cooljordanshoestore.com";
       $ForbidenEmailProvider[] = "@betfairmethods.com";
   
       foreach($ForbidenEmailProvider as $key => $value)
          {
          if ( strpos("zyx".$Email,$value) > 0 )
             return false;
          } 

       return true;

     }

bx_import('BxDolAlerts');

===

The entire bottom of your design,inc.php page should read:-

    $oForm = new BxTemplFormView($aForm);

    bx_import('BxDolAlerts');
    $sCustomHtmlBefore = '';
    $sCustomHtmlAfter = '';
    $oAlert = new BxDolAlerts('profile', 'show_login_form', 0, 0, array('oForm' => $oForm, 'sParams' => &$sParams, 'sCustomHtmlBefore' => &$sCustomHtmlBefore, 'sCustomHtmlAfter' => &$sCustomHtmlAfter, 'aAuthTypes' => &$aAuthTypes));
    $oAlert->alert();

    $sFormCode = '<div style="text-align: center; margin-top: 8px;"><a href="modules/?r=deanos_facebook_connect/login_form"><img border="0" src="' . BX_DOL_URL_ROOT . 'modules/deano/deanos_facebook_connect/templates/base/images/fbconnectbut.png"></a></div>' . $oForm->getCode();
   
    $sJoinText = (strpos($sParams, 'no_join_text') === false) ?
        '<div class="login_box_text">' . _t('_login_form_description2join', BX_DOL_URL_ROOT) . '</div>' :
        '';
   
    return $sCustomHtmlBefore . $sFormCode . $sCustomHtmlAfter . $sJoinText;
}

//block registrations using specific email providers
function ForbidenEmailProvider($Email)

     {  
       $ForbidenEmailProvider[] = "@163.com";
       $ForbidenEmailProvider[] = "@sohu.com";
       $ForbidenEmailProvider[] = "@21cn.com";
       $ForbidenEmailProvider[] = "@gmx.com";
       $ForbidenEmailProvider[] = "@126.com";
       $ForbidenEmailProvider[] = "@qq.com";
       $ForbidenEmailProvider[] = "@yahoo.cn";
       $ForbidenEmailProvider[] = "@mx8168.net";
       $ForbidenEmailProvider[] = "@110mail.net";
       $ForbidenEmailProvider[] = "@buybrandshop.info";
       $ForbidenEmailProvider[] = "@lenfos.com";
       $ForbidenEmailProvider[] = "@mailinator.com";
       $ForbidenEmailProvider[] = "@tom.com";
       $ForbidenEmailProvider[] = "@hotmilitararygirls.com";
       $ForbidenEmailProvider[] = "@speaktolearn.net";
       $ForbidenEmailProvider[] = "@qtyhosting.com";
       $ForbidenEmailProvider[] = "@12gohere.net";
       $ForbidenEmailProvider[] = "@boxedchristmascards.ne";
       $ForbidenEmailProvider[] = "@yeah.net";
       $ForbidenEmailProvider[] = "@free-medicine.net";
       $ForbidenEmailProvider[] = "@satiny.co.uk";
       $ForbidenEmailProvider[] = "@energyforthehome.com";
       $ForbidenEmailProvider[] = "@dunkssb.net";
       $ForbidenEmailProvider[] = "@pumpkincarving.org";
       $ForbidenEmailProvider[] = "@theory-test-practice.co.uk";
       $ForbidenEmailProvider[] = "@cooljordanshoestore.com";
       $ForbidenEmailProvider[] = "@betfairmethods.com";
   
       foreach($ForbidenEmailProvider as $key => $value)
          {
          if ( strpos("zyx".$Email,$value) > 0 )
             return false;
          } 

       return true;

     }

bx_import('BxDolAlerts');     
$oZ = new BxDolAlerts('system', 'design_included', 0);
$oZ->alert();

if ((int)$_GET['idAff'])
    BxDolService::call('inviter', 'accept_affiliate', array());

?>

Then also follow the other steps from Prolaznik:-

Step2.

in administration / builders / profile fields (join form)
edit the email field click on advanced and replace 

return (bool) preg_match('/^([a-z0-9\+\_\-\.]+)@([a-z0-9\+\_\-\.]+)$/i', $arg0);

WITH THIS

return ( ForbidenEmailProvider($arg0) and preg_match('/^([a-z0-9\+\_\-\.]+)@([a-z0-9\+\_\-\.]+)$/i', $arg0) );

Step3.

in administration / settings / languages settings look for 

_FieldError_Email_Check 

and edit the error msg. that's displayed, the default one is (please enter correct email) change to something like this

Invalid email address / or the email provider you are using is blacklisted.

or whatever you like.

That's it  you can add more email providers or remove some

$ForbidenEmailProvider[] = "@someprovider.";

Fantastic work you guys!  Really appreciate the effort made in helping us secure our sties as much as possible.  Happy New Year!

mine doesn't work! dolphin 7.0.9

this what turn out:

Warning: require_once(file:///C|/Documents and Settings/Administrator/Desktop/HostBackup23022012/public_html/inc/header.inc.php) [function.require-once]: failed to open stream: No such file or directory in /home/amedeus/public_html/inc/design.inc.php on line 21

Fatal error: require_once() [function.require]: Failed opening required 'file:///C|/Documents and Settings/Administrator/Desktop/HostBackup23022012/public_html/inc/header.inc.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/amedeus/public_html/inc/design.inc.php on line 21

Has anyone thought of modifying this with Ip address track and auto ip blacklist and include a text area that admins can add unwanted text filter?

These spammers change email addresses like changing shorts, but they all eventually use the same Ip address that could be configured as auto block in IP blacklist.

IP address blocking is not a solution. It will work for a short time, Most IP addresses on the internet are dynamic. And can easily be changed. Also due to the fact that IP addresses are dynamic you risk blocking innocent people simply because they happen to have a IP address that was previously blocked when in use by a spammer. I have throughly tested and researched the reliability of IP blocking, and it is not a viable solution.

The antispam system built into dolphin uses lists based on IP address and the relibility is poor and the number of false positives are high. So high in fact that i could not use them.

Thankyou for sharing this. Really appreciate it. :)

One that is plaguing me is brazillball.com.  Makes spam accounts with names like 3freecredit...

 i did all this and it has stopped all spam signups apart from

krushinem.net

bbblanket.com

even though i have added

       $ForbidenEmailProvider[] = "@bbblanket.com.";    
       $ForbidenEmailProvider[] = "@krushinem.net.";

here my list:

       $ForbidenEmailProvider[] = "@110mail.net";
       $ForbidenEmailProvider[] = "@163.com";
       $ForbidenEmailProvider[] = "@sohu.com";
       $ForbidenEmailProvider[] = "@21cn.com";
       $ForbidenEmailProvider[] = "@126.com";
       $ForbidenEmailProvider[] = "@qq.com";
       $ForbidenEmailProvider[] = "@yahoo.cn";
       $ForbidenEmailProvider[] = "@mx8168.net";
       $ForbidenEmailProvider[] = "@110mail.net";
       $ForbidenEmailProvider[] = "@buybrandshop.info";
       $ForbidenEmailProvider[] = "@lenfos.com";
       $ForbidenEmailProvider[] = "@mailinator.com";
       $ForbidenEmailProvider[] = "@tom.com";
       $ForbidenEmailProvider[] = "@hotmilitararygirls.com";
       $ForbidenEmailProvider[] = "@speaktolearn.net";
       $ForbidenEmailProvider[] = "@qtyhosting.com";
       $ForbidenEmailProvider[] = "@12gohere.net";
       $ForbidenEmailProvider[] = "@boxedchristmascards.ne";
       $ForbidenEmailProvider[] = "@yeah.net";
       $ForbidenEmailProvider[] = "@free-medicine.net";
       $ForbidenEmailProvider[] = "@satiny.co.uk";
       $ForbidenEmailProvider[] = "@energyforthehome.com";
       $ForbidenEmailProvider[] = "@dunkssb.net";
       $ForbidenEmailProvider[] = "@pumpkincarving.org";
       $ForbidenEmailProvider[] = "@theory-test-practice.co.uk";
       $ForbidenEmailProvider[] = "@cooljordanshoestore.com";
       $ForbidenEmailProvider[] = "@betfairmethods.com";
       $ForbidenEmailProvider[] = "@hotmail.com";
       $ForbidenEmailProvider[] = "@wegwerfemail.de";
       $ForbidenEmailProvider[] = "@yahoo.cn";
       $ForbidenEmailProvider[] = "@bbblanket.com.";   
       $ForbidenEmailProvider[] = "@krushinem.net.";

add mailnesia.com to the list

For some reason, when I add the code

return ( ForbidenEmailProvider($arg0) and preg_match('/^([a-z0-9+_-.]+)@([a-z0-9+_-.]+)$/i', $arg0) );

The form stops working properly after I enter any email in the email box.

Any ideas? The rest of the code has been added and causes no errors.

Im on 7.1 and have the same prob with the join button no longer functioning, although when using firefox it does ask if I want to save the password so the button must be doing something. I check to be sure that I do have the line mentioned above that might fix this problems.

One thing was I could not understand how to make the change in step 3. Not sure if that would cause the problem but if so can someone elaborate on that step. I just can't find that location to make the change.

 I would just get this and call it a day:

http://www.boonex.com/m/dolphin-anti-spam