My idea - check email domain ban before register

[Dmitry Zhuk]

Hi.

The last few weeks I delete a lot of spam posts in my forum. The most of posts is created by users, which email is generated (or not) from a few domains.
And today I decided to block on registration new user level, and I added a few code lines into components\com_users\models\registration.php file.

I found a function

Code: Select all

public function register

and add my checking code before line // Bind the data

This is my lines (may be with extra checks)

Code: Select all

// Add before
// Bind the data.

		if (1==1)
		{
			$cur_banned = array('sina.com', 'ukpayday24.com', 'kidalylose.pl', 'lylilupuzy.pl');
			$cur_email = $data['email'];
			if ($cur_email == "")
			{
				$this->setError("Email is null");
				return false;
			}
			$cur_email_at = strpos($cur_email, "@");
			if ($cur_email_at === false)
			{
				$this->setError("Email does not contain @");
				return false;
			}
			
			$cur_email_domain = strtolower(substr($cur_email, $cur_email_at+1));
			
			if (in_array($cur_email_domain, $cur_banned))
			{
				$this->setError("Email domain is banned!");
				return false;
			}
			
		}

And I suggest you to create a new menu item in "Users" block for entering domains, which you want to ban.

After then add into registration options new parameter - use ban list.
And in my code change 1==1 to check this parameter.
And variable $cur_banned fill by query your domain list.


With this featues you can not only block definite user, but can have easy way to stop registering new spam users from domains you know

[raazlancer]

Nice solution.. Thanks for sharing.

[raazlancer]

Just tested works well.

[Dmitry Zhuk]

I extended it in two places
1 - added blocking by IP array (like the domain array)
2 - change registration message - now it sends to admin with static text and IP address (I remove username from email subject) - I group it in inbox, and if I got more than 4-5 daily letters - I'm analyze it and block registering by IP. For example once I block registration attempts for 20-30 users from one IP (I think it was program registration)

[stutteringp0et]

Or you could skip altering core files (always a bad idea) and use an existing plugin to do the job. Search "Domain Restriction" in the JED - which offers:

1. Allowed Domains (email, domain or TLD based - all others are denied)
2. Restricted Domains (email, domain or TLD based - all others are allowed)
3. Automatic Group Assignment on an email, domain or TLD basis. Also has a provision for ignored groups - users belonging to selected groups are immune to automatic group assignment.

Why re-invent the wheel?

Full Disclosure: Domain Restriction is one of my extensions. I was trolling the ideas forum for ideas worth building when I found this - an idea I'd already built.

[Dmitry Zhuk]

I didn't find it (your extension) when was searching solution, and therefore I post my solution into "Joomla Idea Pool".
And I mean, that have built in restriction ability into joomla's engine - therefore I show my code, little changes (a few code lines)

[stutteringp0et]

It's always a bad idea to modify the joomla core. If a joomla update occurs - your changes are lost. Doing it through a plugin - the changes remain after an update.

My plugin is open source, and the code is available for all to see - as is a requirement for joomla extensions in the JED.