MOD: anti-spam E-mail filter - نوشته شده در (16489 Views)
MarcelG
Retired Support Moderator
MarcelG
مطلب: 2625
2625

version 1.1 - updated 03-09-2005

Here's a quick and simple mod I came up with after reading some topics here about spam some people received on their board created by autoregistration bots that succesfully get past the e-mail validation part.
It's a very simple mod, which simply dissallows certain e-mail domains from registering.
File to alter: Register.asp (be sure to backup first!)
Find this code:
Code:
		If strAutoLogon <> 1 then
			if Request.Form("Email") = "" then
				Err_Msg = Err_Msg & "<li>You Must give an e-mail address</li>"
			end if
Code:
if (Instr(lcase(Request.Form("Email")), "@gmailinator.com") > 0) or _
(Instr(lcase(Request.Form("Email")), "@dodgeit.com") > 0) or _
(Instr(lcase(Request.Form("Email")), "@spamgourmet.com") > 0) or _
(Instr(lcase(Request.Form("Email")), "@spamhole.com") > 0) or _
(Instr(lcase(Request.Form("Email")), "@jetable.org") > 0) or _
(Instr(lcase(Request.Form("Email")), "@bumpymail.com") > 0) or _
(Instr(lcase(Request.Form("Email")), "@mytrashmail.com") > 0) or _
(Instr(lcase(Request.Form("Email")), "@u-yep.com") > 0) then
	Err_Msg = "<li>Registration with an e-mail address from that domain is not possible!</li>" & Err_Msg
end if
As you can see I've already taken the liberty to add some domains for blacklisting. cool (including u-yep.com, and some fake mailservices such as dodgeit.com and mailinator.com)
When people try to register with any e-mail address from the domains listed, they get the message that that is not possible.
In order to add your own domains to block, simply copy the red line, and insert it inbetween the rest. Change the @spamgourmet.com domain into the domain you wish to block, and repeat for each and every domain you wish to block. Now your ready to go.
(This mod can also be used the other way around ; e.g. allowing registration only from the mentioned domains, and excluding all domains not mentioned. Simply change all instances of > 0 into = 0 and you're done.)
Any improvement/suggestion/etc is welcome!

Update

The code below also restricts already registered users from changing their e-mail address to any blacklisted address.
Find both instances of this line in pop_profile.asp:
Code:
if Request.Form("Email") = "" then
Directly above each instance add this code:
Code:
if (Instr(lcase(Request.Form("Email")), "@gmailinator.com") > 0) or _
(Instr(lcase(Request.Form("Email")), "@dodgeit.com") > 0) or _
(Instr(lcase(Request.Form("Email")), "@spamgourmet.com") > 0) or _(Instr(lcase(Request.Form("Email")), "@spamhole.com") > 0) or _
(Instr(lcase(Request.Form("Email")), "@jetable.org") > 0) or _
(Instr(lcase(Request.Form("Email")), "@bumpymail.com") > 0) or _
(Instr(lcase(Request.Form("Email")), "@mytrashmail.com") > 0) or _
(Instr(lcase(Request.Form("Email")), "@u-yep.com") > 0) then
Err_Msg = "<li>The e-mail domain you supplied is blacklisted at this board, and cannot be used!</li>" & Err_Msg
end if
Again, if you wish to add your own blacklisted domains, paste a copy of the red line in the code, and change the address.<
portfolio - linkshrinker - oxle - twitter
آخرین ویرایش توسط
 پیش‌فرض مرتب‌سازی برای تاریخ DESC به معنی جدیدترین است  
 تعداد در صفحه 
نوشته شده در
AnonJr
Forum Moderator
AnonJr
مطلب: 5768
5768
I like that. Why not store the domains in a table or txt file and just run through a loop? That way you can add more domains with out having to break out the code editor everytime.
Other than that thought I like it. I'll probably add this tonight to my Internet forums (don't think I'll have to worry about it on the intranet forum wink)
<
نوشته شده در
MarcelG
Retired Support Moderator
MarcelG
مطلب: 2625
2625
Well, I was thinking that too, but that would make it more extensive than absolutely necessary. I'll see if I can whip up a dbs + a admin page to make it db driven.
Another thing I'll have to do, is to prevent people from being able to change their e-mail address to any of the domains listed....I guess that's inc_profile.asp..sleepy /me is diving in again!<
portfolio - linkshrinker - oxle - twitter
آخرین ویرایش توسط
نوشته شده در
jitterwocky
Starting Member
jitterwocky
مطلب: 2
2
I wrote some very similar code to take care of the problem.
--
Dim strSpamEmail
strSpamEmail = Request.Form("Email")
Dim strSpamIP
strSpamIP = "http://" & Request.ServerVariables("REMOTE_HOST")
if InStr(1,strSpamEmail,"@u-yep.com",1) > 0 then
response.redirect strSpamIP
end if
--

I found I had to Dim my variables before putting them in the InStr code otherwise valid registrants would be shown a Snitz error message. Perhaps that has something to do with my particular version of VBScript.
The "1"s in the InStr code make it so that case doesn't matter.
My favorite part is redirecting the spam bot back to its own server via REMOTE_HOST. If enough Snitz forums used this code then the spammer servers would essentially initiate a mild denial-of-service attack against themselves.
<
نوشته شده در
AnonJr
Forum Moderator
AnonJr
مطلب: 5768
5768
Now there is some poetic justice!<
نوشته شده در
ruirib
Snitz Forums Admin
ruirib
مطلب: 26364
26364
Originally posted by marcelgoertz
(...)Another thing I'll have to do, is to prevent people from being able to change their e-mail address to any of the domains listed....I guess that's inc_profile.asp..sleepy /me is diving in again!
It's pop_profile.asp, in fact.<
Snitz 3.4 Readme | Like the support? Support Snitz too
نوشته شده در
MarcelG
Retired Support Moderator
MarcelG
مطلب: 2625
2625
It has been done! Find both instances of this line in pop_profile.asp:"
Code:
if Request.Form("Email") = "" then
Directly above each instance add this code:
Code:
if (Instr(lcase(Request.Form("Email")), "@gmailinator.com") > 0) or _
(Instr(lcase(Request.Form("Email")), "@dodgeit.com") > 0) or _
(Instr(lcase(Request.Form("Email")), "@spamgourmet.com") > 0) or _
(Instr(lcase(Request.Form("Email")), "@spamhole.com") > 0) or _
(Instr(lcase(Request.Form("Email")), "@jetable.org") > 0) or _
(Instr(lcase(Request.Form("Email")), "@bumpymail.com") > 0) or _
(Instr(lcase(Request.Form("Email")), "@mytrashmail.com") > 0) or _
(Instr(lcase(Request.Form("Email")), "@u-yep.com") > 0) then
Err_Msg = "<li>The e-mail domain you supplied is blacklisted at this board, and cannot be used!</li>" & Err_Msg
end if
That's it! <
portfolio - linkshrinker - oxle - twitter
آخرین ویرایش توسط
نوشته شده در
dabugster
Junior Member
dabugster
مطلب: 168
168
Originally posted by marcelgoertz

(Instr(lcase(Request.Form("Email")), "@u-yep.com") > 0) then
Err_Msg = "<li>The e-mail domain you supplied is blacklisted at this board, and cannot be used!</li>" & Err_Msg
end if[/code] That's it!

That is the one that was beaming my board non-stop for awhile. Stopped after like a week i guess but there were like 10 - 20 attempts .... always bounced to back me and the heading said something to the effect of 'someone@u-yep.com' originating from 'someone-else@u-yep.com'.

<
نوشته شده در
smiling
Starting Member
smiling
مطلب: 2
2
I have some problems for this MOD, since result is "expected then". my forum is interior-design.uni.cc
I want to disallow people to register with polimi.it as domain. Thanks<
نوشته شده در
pdrg
Support Moderator
pdrg
مطلب: 2897
2897
Most likely you've got a typo when copying the code -

if (Instr(lcase(Request.Form("Email")), "@gmailinator.com") > 0) <snip>
(Instr(lcase(Request.Form("Email")), "@u-yep.com") > 0) then Err_Msg = "<li>The e-mail domain you supplied is blacklisted at this board, and cannot be used!</li>" & Err_Msg
end if

Make sure there's a THEN for the IF to branch to. Read the above thread carefully, I believe it contains all you need to know, especially Marcel's post 3 above this one!<
نوشته شده در
smiling
Starting Member
smiling
مطلب: 2
2
ah.. or _ means then? what about <snip> now?<
شما باید یک متن وارد کنید