Skip to:
Content
Pages
Categories
Search
Top
Bottom

E-mail domains blacklist doesn't work

  • Avatar of Mac
    Mac
    Participant

    @motomac

    Hi. I have a strange problem. My e-mail domains blacklist doesn’t work.

    I added some spam domains, but spammers register without any problem.

Viewing 25 replies - 1 through 25 (of 26 total)
  • Avatar of Paul Gibbs
    Paul Gibbs
    Keymaster

    @djpaul

    Disable BuddyPress and all other plugins. Does the blacklist work? If it doesn’t, it’s a WordPress problem. If they do work with WordPress, re-enable each plugin one at a time until it stops working. If BuddyPress is the culprit, please report a bug ticket on http://trac.buddypress.org/ using your username and password from this site.

    Avatar of gregfielding
    gregfielding
    Participant

    @gregfielding

    I’m having this too…and it seems to have really gotten worse in the last 2-3 days.

    I’ve recently bumbed to 1.2.3 and updated a handful of other plugins.

    @mac -any luck finding the culprit?

    Any chance 1.2.3 is doing this?

    Avatar of Mac
    Mac
    Participant

    @motomac

    I can’t disable all the plugins, because my network is big, and there are many people. This problem I have for a very long time (from BP near 1.0).

    Avatar of Hugo
    Hugo
    Moderator

    @hnla

    It’s not 1.2.3 I’ve mentioned this but no one responded to the point . The feature doesn’t work or didn’t work in 1.1.2 and I think but am not sure yet that it’s not working in 1.2.2.

    trouble is with disabling all plugins and buddypress is that on productions sites where the issue would be apparent – difficult to recreate in a local dev environ – one doesn’t really want to do this!

    Avatar of Paul Gibbs
    Paul Gibbs
    Keymaster

    @djpaul

    If you cannot rule out everything else other than BuddyPress, we aren’t going to track it down.

    Avatar of Hugo
    Hugo
    Moderator

    @hnla

    True, I keep a test install running live with minimal plugins other than BP, I can perhaps disable BP and take it back to WPMU and open registrations again and see what gets through and report that back which might help, but won’t be able to set that up till later.

    Avatar of gregfielding
    gregfielding
    Participant

    @gregfielding

    I can’t experiment either and am getting 10+ spam signups an hour. yikes.

    Avatar of Hugo
    Hugo
    Moderator

    @hnla

    But there are many steps one can initiate to stem that tide of spammers, although the domain blacklist is an issue in not apparently working I have still had reasonable success in reducing spam signups to around a dozen a day and still have one or two steps that I haven’t taken yet

    Avatar of Djsteve
    djsteve
    Participant

    @djsteve

    This has been a wordpress mu issue for a while off and on.. I discussed an idea about at mu forums:

    http://mu.wordpress.org/forums/topic/13982

    [blockquote]

    I too have noticed that even putting domains in the block list seems to not stop future registrations. Here is a thought of mine.

    MAYBE a spammer actually signs up 100 new accounts, and then only activates one a day. So even though we have added his domain to the ban list for signups, he still has 99 more that have been signed up, but not yet activated?

    If this is the case I would like to see MU add core code that checks to see upon activation if the domain they originally used to signup has since been banned, and then prevent them from activating if it has.

    Just a thought, not sure if this is the case – but it may be worth looking into.

    [/blockquote]

    It was suggested that I add this suggestion to the trac, ( http://core.trac.wordpress.org/ )

    but I really don’t know how to use that thing…

    not sure that it is a buddypress specific issues, but I DO believe that the spammers are looking for buddypress phrases when compiling their lists of sites to hit…

    Avatar of gregfielding
    gregfielding
    Participant

    @gregfielding

    @Djsteve

    This seems like a buddypress flaw, not a wordpress or mu issue.

    Perhaps if buddypress can’t read the wpmu blocked domains, maybe BP needs it’s own domain banner.

    Avatar of David Lewis
    David Lewis
    Participant

    @takeo

    There are multiple entry points for SPAM bots… so any one measure probably won’t accomplish much. I posted a list of everything I did in the “Spam, Spam and more Spam” thread. Worse case… you could try captcha.

    Avatar of Gene53
    Gene53
    Participant

    @gene53

    Worse case… you could try captcha

    Is there one you could recommend?

    It would be great if some coder could write a simple admin defined question and answer plugin for the registration page.

    Avatar of Djsteve
    djsteve
    Participant

    @djsteve

    I added captcha – and I still get multiple signups from the same dozen or so email-domains, even though they are already in my blacklist..

    I am checking on another hunch today… I think there is a possibility that maybe having the same entry twice in the blocked domains could be causing an issue with it not working – that seemed to make it fail once before… I just pasted the domains I had banned into a spreadsheet and then sorted it alpha – and I had the same domain listed several times in several instances… now to clean it up and try it again.. I now have 437 banned domains in my list.. maybe there is an issue there?

    Maybe these qualifiers should be added to the trac for fixing? on buddypress and maybe mu?

    I will read the spam spam spam thread and see if there is anything else I can do as well.

    Avatar of gregfielding
    gregfielding
    Participant

    @gregfielding

    FWIW, this wasn’t a problem for me until I upgraded to 1.2.3. Maybe it’s a coincidence, but I’d banned .info a few weeks ago and hadn’t gotten any registrations from them since. But since the upgrade, I get 30-50 .info’s a day.

    Are we sure nothing changed in 1.2.3 that would effect this?

    Avatar of Mac
    Mac
    Participant

    @motomac

    I have the latest versions of WPMU and BP, but I have tonnes of spam.

    It’s a pity, there are not any antispam plugins for BP which work on the registration page.

    Avatar of Hugo
    Hugo
    Moderator

    @hnla

    I said I’d try and establish some test conditions to try and determine whether banned email domains were an issue in WP or BP, tests were not hugely conclusive sadly.

    site running out of the box no modifications (WPMU / BP) – no anti spam measures in place. had been receiving ~ 10 -20 spam registrations daily (quantity of spam is governed to some extent by search engine ranking /prominence)

    1/ Running WPMU 2.9.2 ALL BP plugins deactivated site open to user account registrations only.

    24 hour period = no spam registrations at all – a surprising result!

    2/ Conditions as above (1) but allowing blog to be registered

    Start to receive spam signups – not many but only observed over a 6 hour period.

    These do not match to any banned emails domains entered by me, so on the surface looks as though banned domains working BUT this is far from conclusive as they may simply not have attempted to.

    3/ Activate BP 1.2.3 allow accounts and blogs to be registered.

    Spam increases – not hugely though! of the 6- 8 received in a 12 hour period one is noted as having an email domain that matches to one entered in the banned domains list.

    None of the above is that conclusive or useful sadly, it’s a difficult subject to run tests on. It does appear that BP probably does have some problem with the banned domain list, but then I get the impression that with each version 1.2.2.1 / 1.2.3 spam issues feel as though they are lessening but others may not be experiencing that.

    Avatar of gregfielding
    gregfielding
    Participant

    @gregfielding

    A plugin or tweak that could get BP to recognize the banned list would be awesome…

    Avatar of Paul Gibbs
    Paul Gibbs
    Keymaster

    @djpaul

    “Banned Email Domains” only exists in WPMU. It exists in WP 3.0, but again only in a multi-sites configuration. BuddyPress doesn’t make use of it currently. This would be a good feature to add for BP 1.3, which will be the version that offers supports for WP 3.0.

    Avatar of Hugo
    Hugo
    Moderator

    @hnla

    *puzzled* have you just found that out then DJPaul?

    Avatar of Mac
    Mac
    Participant

    @motomac

    I had made a small plugin (question) on the registration page (if somebody needs, let me know). Tonnes of spam disappeared, but some strange spammers still register.

    I noticed, that they have empty needed fields in from registration form. Therefore spammers register not from BP registration page. But from where?

    Avatar of Nick Watson
    Nick Watson
    Participant

    @nickbwatson

    I’m getting several spammers signing up, I have the Anti Splog plugin (here) and the reCAPTCHA is turned on.

    Email Activation is turned on.

    AND I’ve blocked all of the emails on this list (here)

    HOW ARE THEY GETTING THROUGH!

    There actually is a function in buddypress but it is named different from the wpmu version, and I can see no way to administer it.

    If you check your bp-core-signup.php file you will see:
    `$limited_email_domains = get_site_option( ‘limited_email_domains’, ‘buddypress’ );`

    Just change this line to:
    `$limited_email_domains = get_site_option( ‘banned_email_domains’, ‘buddypress’ );`

    This will solve signups from excluded domain list. Hopefully this will be incorporated in bpress core for compatability.

    Avatar of christofire
    christofire
    Participant

    @christofire

    @rondilly I was eager to test your solution, but it does the opposite of what you propose. It will make it so ONLY BANNED DOMAINS can register. Essentially, you are defining limited domains (“If you want to limit blog registrations to certain domains.”) with the banned email domain list.

    Avatar of Djsteve
    djsteve
    Participant

    @djsteve

    Has anyone made any progress with this? Will we have buddypress checking for banned email domains soon?
    Will we have buddypress checking for banned domains upon registration and perhaps even again upon activation?
    Can someone please add the possibility to add *.info in a way that works
    I know this won’t stop all spam and splogs – but I am getting tired of deleting a dozen spammers every day that are mostly from the same dozen domain names that I have added to the block list. This would save lots of people hlaf the splog deletions, and that adds up to a lot of time saved.
    BTW – has anyone tested buddypress with TTC Spam Bot Registration plugin (http://wordpress.org/extend/plugins/ttc-user-registration-bot-detector/ )to see if there are any issues? I am guessing it may still be bypassed by buddypress even if it worked in WP?

    Ok. Here’s the code. Find this in bp-core-signup.php

    if ( is_array( $limited_email_domains ) && empty( $limited_email_domains ) == false ) {
    $emaildomain = substr( $user_email, 1 + strpos( $user_email, ‘@’ ) );

    if ( in_array( $emaildomain, (array)$limited_email_domains ) == false )
    $errors->add( ‘user_email’, __( ‘Sorry, that email address is not allowed!’, ‘buddypress’ ) );
    }

    BELOW IT, ADD THIS;

    //MY HACK
    $banned_email_domains = get_site_option( ‘banned_email_domains’, ‘buddypress’ );

    if ( is_array( $banned_email_domains ) && empty( $banned_email_domains ) == false ) {
    $emaildomain = substr( $user_email, 1 + strpos( $user_email, ‘@’ ) );

    if ( in_array( $emaildomain, (array)$banned_email_domains ) == true )
    $errors->add( ‘user_email’, __( ‘Sorry, that email address is not allowed!’, ‘buddypress’ ) );
    }
    //MY HACK

Viewing 25 replies - 1 through 25 (of 26 total)

You must be logged in to reply to this topic.