| Author |
 Topic  |
|
MarcelG
Retired Support Moderator
Netherlands
2625 Posts |
 Posted - 01 September 2005 : 15:14:20
|
version 1.1 - updated 03-09-2005
Here's a quick and simple mod I came up with after reading some topics here about spam some people received on their board created by autoregistration bots that succesfully get past the e-mail validation part.
It's a very simple mod, which simply dissallows certain e-mail domains from registering.
File to alter: Register.asp (be sure to backup first!)
Find this code:
If strAutoLogon <> 1 then
if Request.Form("Email") = "" then
Err_Msg = Err_Msg & "<li>You Must give an e-mail address</li>"
end if
if (Instr(lcase(Request.Form("Email")), "@gmailinator.com") > 0) or _
(Instr(lcase(Request.Form("Email")), "@dodgeit.com") > 0) or _
(Instr(lcase(Request.Form("Email")), "@spamgourmet.com") > 0) or _
(Instr(lcase(Request.Form("Email")), "@spamhole.com") > 0) or _
(Instr(lcase(Request.Form("Email")), "@jetable.org") > 0) or _
(Instr(lcase(Request.Form("Email")), "@bumpymail.com") > 0) or _
(Instr(lcase(Request.Form("Email")), "@mytrashmail.com") > 0) or _
(Instr(lcase(Request.Form("Email")), "@u-yep.com") > 0) then
Err_Msg = "<li>Registration with an e-mail address from that domain is not possible!</li>" & Err_Msg
end if
As you can see I've already taken the liberty to add some domains for blacklisting.  (including u-yep.com, and some fake mailservices such as dodgeit.com and mailinator.com)
When people try to register with any e-mail address from the domains listed, they get the message that that is not possible.
In order to add your own domains to block, simply copy the red line, and insert it inbetween the rest. Change the @spamgourmet.com domain into the domain you wish to block, and repeat for each and every domain you wish to block.
Now your ready to go.
(This mod can also be used the other way around ; e.g. allowing registration only from the mentioned domains, and excluding all domains not mentioned.
Simply change all instances of > 0 into = 0 and you're done.)
Any improvement/suggestion/etc is welcome!
Update
The code below also restricts already registered users from changing their e-mail address to any blacklisted address.
Find both instances of this line in pop_profile.asp:
if Request.Form("Email") = "" then
Directly above each instance add this code:
if (Instr(lcase(Request.Form("Email")), "@gmailinator.com") > 0) or _
(Instr(lcase(Request.Form("Email")), "@dodgeit.com") > 0) or _
(Instr(lcase(Request.Form("Email")), "@spamgourmet.com") > 0) or _(Instr(lcase(Request.Form("Email")), "@spamhole.com") > 0) or _
(Instr(lcase(Request.Form("Email")), "@jetable.org") > 0) or _
(Instr(lcase(Request.Form("Email")), "@bumpymail.com") > 0) or _
(Instr(lcase(Request.Form("Email")), "@mytrashmail.com") > 0) or _
(Instr(lcase(Request.Form("Email")), "@u-yep.com") > 0) then
Err_Msg = "<li>The e-mail domain you supplied is blacklisted at this board, and cannot be used!</li>" & Err_Msg
end if
Again, if you wish to add your own blacklisted domains, paste a copy of the red line in the code, and change the address.< |
portfolio - linkshrinker - oxle - twitter |
Edited by - MarcelG on 03 September 2005 07:36:10 |
|
|
AnonJr
Moderator
United States
5765 Posts |
Posted - 01 September 2005 : 17:43:55
|
I like that. Why not store the domains in a table or txt file and just run through a loop? That way you can add more domains with out having to break out the code editor everytime.
Other than that thought I like it. I'll probably add this tonight to my Internet forums (don't think I'll have to worry about it on the intranet forum  )
< |
 |
|
|
MarcelG
Retired Support Moderator
Netherlands
2625 Posts |
Posted - 02 September 2005 : 03:20:33
|
Well, I was thinking that too, but that would make it more extensive than absolutely necessary.
I'll see if I can whip up a dbs + a admin page to make it db driven.
Another thing I'll have to do, is to prevent people from being able to change their e-mail address to any of the domains listed....I guess that's inc_profile.asp..
/me is diving in again!< |
portfolio - linkshrinker - oxle - twitter |
Edited by - MarcelG on 02 September 2005 03:23:02 |
|
|
|
jitterwocky
Starting Member
2 Posts |
Posted - 02 September 2005 : 18:50:31
|
I wrote some very similar code to take care of the problem.
--
Dim strSpamEmail
strSpamEmail = Request.Form("Email")
Dim strSpamIP
strSpamIP = "http://" & Request.ServerVariables("REMOTE_HOST")
if InStr(1,strSpamEmail,"@u-yep.com",1) > 0 then
response.redirect strSpamIP
end if
--
I found I had to Dim my variables before putting them in the InStr code otherwise valid registrants would be shown a Snitz error message. Perhaps that has something to do with my particular version of VBScript.
The "1"s in the InStr code make it so that case doesn't matter.
My favorite part is redirecting the spam bot back to its own server via REMOTE_HOST. If enough Snitz forums used this code then the spammer servers would essentially initiate a mild denial-of-service attack against themselves.
< |
|
|
|
AnonJr
Moderator
United States
5765 Posts |
Posted - 02 September 2005 : 20:42:05
|
| Now there is some poetic justice!< |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 02 September 2005 : 20:46:40
|
quote:
Originally posted by marcelgoertz
(...)Another thing I'll have to do, is to prevent people from being able to change their e-mail address to any of the domains listed....I guess that's inc_profile.asp..
/me is diving in again!
It's pop_profile.asp, in fact.< |
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
|
MarcelG
Retired Support Moderator
Netherlands
2625 Posts |
Posted - 03 September 2005 : 07:33:19
|
It has been done!
Find both instances of this line in pop_profile.asp:"
if Request.Form("Email") = "" then
Directly above each instance add this code:
if (Instr(lcase(Request.Form("Email")), "@gmailinator.com") > 0) or _
(Instr(lcase(Request.Form("Email")), "@dodgeit.com") > 0) or _
(Instr(lcase(Request.Form("Email")), "@spamgourmet.com") > 0) or _
(Instr(lcase(Request.Form("Email")), "@spamhole.com") > 0) or _
(Instr(lcase(Request.Form("Email")), "@jetable.org") > 0) or _
(Instr(lcase(Request.Form("Email")), "@bumpymail.com") > 0) or _
(Instr(lcase(Request.Form("Email")), "@mytrashmail.com") > 0) or _
(Instr(lcase(Request.Form("Email")), "@u-yep.com") > 0) then
Err_Msg = "<li>The e-mail domain you supplied is blacklisted at this board, and cannot be used!</li>" & Err_Msg
end if
That's it!
< |
portfolio - linkshrinker - oxle - twitter |
Edited by - MarcelG on 03 September 2005 07:33:32 |
|
|
|
dabugster
Junior Member
USA
168 Posts |
Posted - 05 September 2005 : 00:16:54
|
quote:
Originally posted by marcelgoertz
(Instr(lcase(Request.Form("Email")), "@u-yep.com") > 0) then
Err_Msg = "<li>The e-mail domain you supplied is blacklisted at this board, and cannot be used!</li>" & Err_Msg
end if[/code]
That's it!
That is the one that was beaming my board non-stop for awhile.
Stopped after like a week i guess but there were like 10 - 20 attempts .... always bounced to back me and the heading said something to the effect of 'someone@u-yep.com' originating from 'someone-else@u-yep.com'.
< |
|
|
|
smiling
Starting Member
2 Posts |
Posted - 22 November 2005 : 07:40:37
|
I have some problems for this MOD, since result is "expected then".
my forum is interior-design.uni.cc
I want to disallow people to register with polimi.it as domain.
Thanks< |
|
|
|
pdrg
Support Moderator
United Kingdom
2897 Posts |
Posted - 22 November 2005 : 07:56:50
|
Most likely you've got a typo when copying the code -
if (Instr(lcase(Request.Form("Email")), "@gmailinator.com") > 0) <snip>
(Instr(lcase(Request.Form("Email")), "@u-yep.com") > 0) then
Err_Msg = "<li>The e-mail domain you supplied is blacklisted at this board, and cannot be used!</li>" & Err_Msg
end if
Make sure there's a THEN for the IF to branch to. Read the above thread carefully, I believe it contains all you need to know, especially Marcel's post 3 above this one!< |
|
|
|
smiling
Starting Member
2 Posts |
Posted - 22 November 2005 : 11:45:36
|
ah.. or _ means then?
what about <snip> now?< |
|
|
|
wildfiction
Junior Member
167 Posts |
Posted - 17 June 2006 : 19:16:36
|
quote:
Originally posted by jitterwocky
I wrote some very similar code to take care of the problem.
--
Dim strSpamEmail
strSpamEmail = Request.Form("Email")
Dim strSpamIP
strSpamIP = "http://" & Request.ServerVariables("REMOTE_HOST")
if InStr(1,strSpamEmail,"@u-yep.com",1) > 0 then
response.redirect strSpamIP
end if
--
I found I had to Dim my variables before putting them in the InStr code otherwise valid registrants would be shown a Snitz error message. Perhaps that has something to do with my particular version of VBScript.
The "1"s in the InStr code make it so that case doesn't matter.
My favorite part is redirecting the spam bot back to its own server via REMOTE_HOST. If enough Snitz forums used this code then the spammer servers would essentially initiate a mild denial-of-service attack against themselves.
This is ingenious!!< |
|
|
|
wildfiction
Junior Member
167 Posts |
Posted - 02 July 2006 : 14:46:29
|
Just had someone at @bk.ru try to register and not confirm. Is this a new one to add to the list?
Is there a web site with a service, or xml/text file that maintains a list of these spam domains that our code could link to a look up? There's obviously no reason for multiple people to maintain separate lists of spam domains....< |
|
|
|
MarcelG
Retired Support Moderator
Netherlands
2625 Posts |
Posted - 02 July 2006 : 16:55:35
|
quote:
Originally posted by wildfiction
Is there a web site with a service, or xml/text file that maintains a list of these spam domains that our code could link to a look up? There's obviously no reason for multiple people to maintain separate lists of spam domains....
Was thinking of the same a couple of days ago....
I'm willing to host such a list/xml file, but I'm afraid I'm clueless on how to make one / import one.< |
portfolio - linkshrinker - oxle - twitter |
|
|
|
modifichicci
Average Member
Italy
787 Posts |
|
|
MarcelG
Retired Support Moderator
Netherlands
2625 Posts |
|
|
Topic |
|
MOD: anti-spam E-mail filter
