Advertisement:

Author Topic: Restrict Email Providers on Registration  (Read 82701 times)

Offline Ned.net

  • Semi-Newbie
  • *
  • Posts: 27
  • Gender: Male
    • I can't fly, yet I tried
Re: Restrict Email Providers on Registration
« Reply #140 on: February 01, 2018, 02:18:10 AM »
Hi all,

like GravuTrad said, it would be really great to have this mod as a native feature of SMF, or at least updated to be functionnal in latest version of SMF. It's incredibly usefull for professional-use forums.
no shame not knowing,
a lot not learning
------------------------
Il n'y a aucune honte à ne pas savoir
mais beaucoup à ne pas apprendre

Offline Kiriakos GR

  • Jr. Member
  • **
  • Posts: 161
  • Gender: Male
    • @ITTSB_EU on Twitter
Re: Restrict Email Providers on Registration
« Reply #141 on: May 06, 2018, 05:53:06 PM »
I do agree too,  this should become native feature of SMF.

Gmail and Hotmail these are now first class disposable email accounts.
Even spam bots using them to register as members.
Any new owner of disposable Android electronics device, he gets Gmail account right away.

I do consider this mod as Security level one and a missing SMF feature.
And no, SMF version emulation this is not smart idea for installation of older mods.
95% of SMF administrators we are not software programmers. 
 

Offline GigaWatt

  • The Smiley Guy
  • Support Specialist
  • SMF Hero
  • *
  • Posts: 1,441
  • Gender: Male
    • Macedonian electronics forum
Re: Restrict Email Providers on Registration
« Reply #142 on: May 06, 2018, 08:29:39 PM »
Gmail and Hotmail these are now first class disposable email accounts.

How? You do know that Gmail and Hotmail now both have an SMS verification system, right? It won't let you register unless you type in the code supplied via SMS. Sure, there are lots of sites that supply free phone numbers that can receive SMS, but who would go through that much trouble just to register on a forum to write spam ::).

In fact, since they've implemented the phone verification system, Gmail and Hotmail are one of the more trusted services. Hotmail just carries it's bad name from years of abuse.

Now, here are typical examples of "disposable" mail servers: mail.ru, yandex.com, mail.com...
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

Offline GravuTrad

  • Senior Translator
  • SMF Hero
  • *
  • Posts: 8,610
  • Gender: Male
  • One of the french SMF translators
Re: Restrict Email Providers on Registration
« Reply #143 on: May 06, 2018, 08:38:50 PM »
jonnybryce21@gmail.com is a gmail spambot, so no these big mailboxes enterprises are not secure to spam.
nothing is secure to spam.
On a toujours besoin d'un plus petit que soi! (Petit!Petit!)


Think about Search function before posting.
Pensez à la fonction Recherche avant de poster.

Offline GigaWatt

  • The Smiley Guy
  • Support Specialist
  • SMF Hero
  • *
  • Posts: 1,441
  • Gender: Male
    • Macedonian electronics forum
Re: Restrict Email Providers on Registration
« Reply #144 on: May 06, 2018, 09:28:40 PM »
I was talking about spammers, not bots... bots will always find a way.
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

Offline jelv

  • Semi-Newbie
  • *
  • Posts: 50
  • Gender: Male
Re: Restrict Email Providers on Registration
« Reply #145 on: June 15, 2018, 04:55:57 AM »
Gmail and Hotmail these are now first class disposable email accounts.

How? You do know that Gmail and Hotmail now both have an SMS verification system, right? It won't let you register unless you type in the code supplied via SMS. Sure, there are lots of sites that supply free phone numbers that can receive SMS, but who would go through that much trouble just to register on a forum to write spam ::).

In fact, since they've implemented the phone verification system, Gmail and Hotmail are one of the more trusted services. Hotmail just carries it's bad name from years of abuse.

Now, here are typical examples of "disposable" mail servers: mail.ru, yandex.com, mail.com...

You've totally misunderstood the issue.

It is NOT because spammers are registering using hotmail etc. to sign up to SMF based forums. It is because their totally pathetic Smart Filter every so often decides to bounce back notification and registration emails for absolutely no valid reason* and the site admin then has to expend hours convincing Micro$oft to remove the block only for a few months later the same thing to happen again. This has been going on for two or three years and forum admins around the world have had enough - due to the aggravation caused they just want to say sorry to people attempting to register using M$ emails, please use a different reliable mail provider.

* There is a suspicion that deletion of SMF notification emails without being opened is perhaps why emails from SMF forums are being considered "spammy" and that is why the mail servers for SMF forums are being blocked.
jelv

Offline demlak

  • Jr. Member
  • **
  • Posts: 177
Re: Restrict Email Providers on Registration
« Reply #146 on: September 06, 2018, 08:55:30 PM »
I totaly agree.. microsoft mailservers blocking other mailservers like hell..
this is not a smf thing, microsoft blocks complete IP ranges.
This means: if any other Server at my hoster is blocked by microsoft for spamming, my server is blocked, too

every few month i have trouble in getting my server unblocked. and now is the time i don't want to discuss anymore with microsoft. i want to block all mail-related microsoft servers. users with accounts of them have to choose another one.. it's not the fault of us admins. its the fault of microsoft. and it's not my part to work on this over and over again.


Offline demlak

  • Jr. Member
  • **
  • Posts: 177
Re: Restrict Email Providers on Registration
« Reply #147 on: September 06, 2018, 09:34:40 PM »
I just changed the original mod to work with smf 2.0.15 (was very easy)
the lost </i> tags mentioned here by Sh@mbles, are also now added.

i also tried to add this nice idea.. but it does not work:

To prevent the use of a restricted email provider when members change their email address while modifying their profile make the following change to ./Sources/Profile-Modify.php

Find:
Code: [Select]
return 'bad_email';

Replace with:
Code: [Select]
return 'bad_email';

// Lets restrict some email providers
if (!empty($modSettings['enable_restrict_EmailProvider']))
{
if (!empty($modSettings['restricted_provider']))
{
$restricted_provider = explode(",", preg_replace("/(\@[^a-zA-Z0-9,])/", "", $modSettings['restricted_provider']));

foreach ($restricted_provider as $key => $value)
if (empty($value))
unset($restricted_provider[$key]);
}
else
$restricted_provider = array();

foreach($restricted_provider as $provider)
{
preg_match('/' . $provider . '+/i', $email, $matches);

if(count($matches) > 0)
{
fatal_error(sprintf($txt['restricted']), false);
}
}
}

any idea how to realise the idea of not allowing users to modify their emailadress to a restricted one?

you can find the modded mod (incl. the not working part for profile-modifications) as attachment


-- edit by moderator - the mod license does not allow modification and redistribution of the mod package. Attachment removed. --
« Last Edit: September 07, 2018, 09:22:59 AM by Kindred »

Offline GL700Wing

  • Full Member
  • ***
  • Posts: 441
  • Gender: Female
Re: Restrict Email Providers on Registration
« Reply #148 on: September 13, 2018, 03:03:07 AM »
To prevent the use of a restricted email provider when members change their email address while modifying their profile make the following change to ./Sources/Profile-Modify.php

Find:
Code: [Select]
return 'bad_email';

Replace with:
Code: [Select]
return 'bad_email';

// Lets restrict some email providers
global $modSettings, $txt;
if (!empty($modSettings['enable_restrict_EmailProvider']))
{
if (!empty($modSettings['restricted_provider']))
{
$restricted_provider = explode(",", preg_replace("/(\@[^a-zA-Z0-9,])/", "", $modSettings['restricted_provider']));

foreach ($restricted_provider as $key => $value)
if (empty($value))
unset($restricted_provider[$key]);
}
else
$restricted_provider = array();

foreach($restricted_provider as $provider)
{
preg_match('/' . $provider . '+/i', $email, $matches);

if(count($matches) > 0)
{
fatal_error(sprintf($txt['restricted']), false);
}
}
}


Updated 13-Sep-18 - added "global $modSettings, $txt;"

Offline demlak

  • Jr. Member
  • **
  • Posts: 177
Re: Restrict Email Providers on Registration
« Reply #149 on: September 13, 2018, 04:12:54 AM »
hey GL700Wing, thx a lot!

but, there is still something faulty =)

in my test, there is a user with a restricted mail in his account and he tries to change the mailadress to a non restricted one.. and gets the blocking message.

edit:
tested far more now.. the blocking message apears always.. doesn't matter if original mailadress is restricted or not. same on target mailadress. so, it's like blocking mailchange for everyone and every mailadress
« Last Edit: September 13, 2018, 04:49:29 AM by demlak »

Offline GL700Wing

  • Full Member
  • ***
  • Posts: 441
  • Gender: Female
Re: Restrict Email Providers on Registration
« Reply #150 on: September 13, 2018, 06:10:55 AM »
hey GL700Wing, thx a lot!

but, there is still something faulty =)

in my test, there is a user with a restricted mail in his account and he tries to change the mailadress to a non restricted one.. and gets the blocking message.

edit:
tested far more now.. the blocking message apears always.. doesn't matter if original mailadress is restricted or not. same on target mailadress. so, it's like blocking mailchange for everyone and every mailadress

I have tested this on an SMF 2.0.15 forum with no other mods installed and it is working as expected. 

When testing make sure you refresh the page before trying to change the email address again (when the page is refreshed you will see the email address currently stored in the database for the user) - if you don't refresh the page you may encounter errors.

Offline demlak

  • Jr. Member
  • **
  • Posts: 177
Re: Restrict Email Providers on Registration
« Reply #151 on: September 13, 2018, 06:26:39 AM »
i always test such things in a new private window of browser.. fresh logging in user.. so there are no caching-problems.

in my environment, it has the described problem: whenever a user wants to change the mailadress, there comes the blocking-message. doesn't matter if this is a blocked mailadress or not. this also happens to administrators.

if your code is correct, then it must be because of another mod. i'll investigate this. also will try a fresh smf install. thx a lot

EDIT:
found the problem.. there was a typo in my filterlist.. shame on me =)

thx again for your work!
« Last Edit: September 13, 2018, 06:48:42 AM by demlak »

Offline GL700Wing

  • Full Member
  • ***
  • Posts: 441
  • Gender: Female
Re: Restrict Email Providers on Registration
« Reply #152 on: September 13, 2018, 07:01:30 AM »
i always test such things in a new private window of browser.. fresh logging in user.. so there are no caching-problems.

in my environment, it has the described problem: whenever a user wants to change the mailadress, there comes the blocking-message. doesn't matter if this is a blocked mailadress or not. this also happens to administrators.

if your code is correct, then it must be because of another mod. i'll investigate this. also will try a fresh smf install. thx a lot
What values do you have entered in each of the three fields (in Modifications Settings -> Miscellaneous) this mod?

Offline demlak

  • Jr. Member
  • **
  • Posts: 177
Re: Restrict Email Providers on Registration
« Reply #153 on: September 13, 2018, 07:05:05 AM »
as my edit states, it was my fault.. i had a typo in the filterlist =)

Offline GL700Wing

  • Full Member
  • ***
  • Posts: 441
  • Gender: Female
Re: Restrict Email Providers on Registration
« Reply #154 on: September 13, 2018, 07:28:30 AM »
as my edit states, it was my fault.. i had a typo in the filterlist =)
Apologies - I hadn't noticed your edit when I replied.  Glad you got it sorted.

Offline demlak

  • Jr. Member
  • **
  • Posts: 177
Re: Restrict Email Providers on Registration
« Reply #155 on: September 13, 2018, 07:46:29 AM »
btw.. if anyone is interested in the filterlist for microsoft servers, this is the one i use:
Code: [Select]
@hotmail.com,@hotmail.co,@hotmail.co.uk,@hotmail.de,@hotmail.eu,@hotmail.net,@hotmail.org,@live.com,@live.co,@live.co.uk,@live.de,@live.eu,@live.net,@live.org,@msn.com,@msn.co,@msn.co.uk,@msn.de,@msn.eu,@msn.net,@msn.org,@outlook.com,@outlook.co,@outlook.co.uk,@outlook.de,@outlook.eu,@outlook.net,@outlook.org,@passport.com,@passport.net
since admins deleted the updated modification i attached to a post above, i just tell you how to get the mod working with actual SMF 2.0.15:

1. download and unpack the zip
2. open install2.xml
3. delete everything after
Code: [Select]
<id>Duncan85:Restrict_Email_Providers_on_Registration</id>
and place in:
Code: [Select]
<version>1.2a</version>

<file name="$sourcedir/Subs-Members.php">
<operation>
<search position="replace"><![CDATA[ // !!! Separate the sprintf?
if (empty($regOptions['email'])]]></search>
<add><![CDATA[   // Lets restrict some email providers
   if (!empty($modSettings['restricted_provider']))
   {
      $restricted_provider = explode(",", preg_replace("/(\@[^a-zA-Z0-9,])/", "", $modSettings['restricted_provider']));

      foreach ($restricted_provider as $key => $value)
         if (empty($value))
            unset($restricted_provider[$key]);
   }
   else
      $restricted_provider = array();
 


   if (!empty($modSettings['enable_restrict_EmailProvider']) && !empty($modSettings['restricted_provider']))
   {
      foreach($restricted_provider as $provider)
      {         
         preg_match('/' . $provider . '+/i', $_POST['email'], $matches);
   
         if(count($matches) > 0)
            fatal_error(sprintf($txt['restricted'], $regOptions['username']), false);
      }
   }
   
    if (!empty($modSettings['accepted_provider']))
   {
      $accepted_provider = explode(",", preg_replace("/(\@[^a-zA-Z0-9,])/", "", $modSettings['accepted_provider']));

      foreach ($accepted_provider as $akey => $avalue)
         if (empty($avalue))
            unset($accepted_provider[$akey]);
   }
   else
      $accepted_provider = array(); 
   
    if (!empty($modSettings['enable_restrict_EmailProvider']) && !empty($modSettings['accepted_provider']))
   {
      foreach($accepted_provider as $aprovider)
      {         
         preg_match('/' . $aprovider . '+/i', $_POST['email'], $matches);

if(count($accepted_provider) == 1)
{
if(count($matches) == 0)
fatal_error(sprintf($txt['restricted'], $regOptions['username']), false);
}
else
{
if(count($matches) == 0 && !(each($accepted_provider)))
fatal_error(sprintf($txt['restricted'], $regOptions['username']), false);
}
      }
   }
   // !!! Separate the sprintf?
   elseif (empty($regOptions['email'])]]></add>
</operation>
</file>

<file name="$sourcedir/Profile-Modify.php">
<operation>
<search position="replace"><![CDATA[ return 'bad_email';]]></search>
<add><![CDATA[ return 'bad_email';

// Lets restrict some email providers
global $modSettings, $txt;
if (!empty($modSettings['enable_restrict_EmailProvider']))
{
if (!empty($modSettings['restricted_provider']))
{
$restricted_provider = explode(",", preg_replace("/(\@[^a-zA-Z0-9,])/", "", $modSettings['restricted_provider']));

foreach ($restricted_provider as $key => $value)
if (empty($value))
unset($restricted_provider[$key]);
}
else
$restricted_provider = array();

foreach($restricted_provider as $provider)
{
preg_match('/' . $provider . '+/i', $email, $matches);

if(count($matches) > 0)
{
fatal_error(sprintf($txt['restricted']), false);
}
}
}]]></add>
</operation>
</file>

<file name="$sourcedir/ManageSettings.php">
<operation>
<search position="before"><![CDATA[ // Mod authors, add any settings UNDER this line. Include a comma at the end of the line and don't remove this statement!!
]]></search>
<add><![CDATA[
array('check', 'enable_restrict_EmailProvider',
&$txt['enable_restrict_EmailProvider']),
array('text', 'restricted_provider', '35',
&$txt['restricted_provider']),
array('text', 'accepted_provider', '35',
&$txt['accepted_provider']),
]]></add>
</operation>

</file>

<file name="$languagedir/Modifications.english.php">
<operation>
<search position="end" />
<add><![CDATA[$txt['restricted'] = 'Sorry, E-mail accounts from that provider cannot be used, we have had members reporting emails not being received when using the E-Mail addresses from your provider, please use an alternative email address. We are sorry for the inconvenience caused by your E-Mail provider.';
$txt['enable_restrict_EmailProvider'] = 'Enable restriction of E-Mail providers';
$txt['restricted_provider'] = 'Which providers should<br />be restricted? (Blacklist)<br /><i> (As an example,for the providers <b><font color="red">hotmail and gmail</font></b> you should write @hotmail.com,@gmail.com)</i><font color="red"><br />Note that either restricted provider or accepted provider list should be empty.</i></b></font>';
$txt['accepted_provider'] = 'Which providers should<br />be accepted? (Whitelist)<br /><i> (As an example,for the providers <b><font color="red">hotmail and gmail</font></b> you should write @hotmail.com,@gmail.com)</i><font color="red"><br />Note that either restricted provider or accepted provider list should be empty.</i></b></font>';
]]></add>
</operation>
</file>

<file name="$languagedir/Modifications.english-utf8.php" error="skip">
<operation>
<search position="end" />
<add><![CDATA[$txt['restricted'] = 'Sorry, E-mail accounts from that provider cannot be used, we have had members reporting emails not being received when using the E-Mail addresses from your provider, please use an alternative email address. We are sorry for the inconvenience caused by your E-Mail provider.';
$txt['enable_restrict_EmailProvider'] = 'Enable restriction of E-Mail providers';
$txt['restricted_provider'] = 'Which providers should<br />be restricted? (Blacklist)<br /><i> (As an example,for the providers <b><font color="red">hotmail and gmail</font></b> you should write @hotmail.com,@gmail.com)</i><font color="red"><br />Note that either restricted provider or accepted provider list should be empty.</i></b></font>';
$txt['accepted_provider'] = 'Which providers should<br />be accepted? (Whitelist)<br /><i> (As an example,for the providers <b><font color="red">hotmail and gmail</font></b> you should write @hotmail.com,@gmail.com)</i><font color="red"><br />Note that either restricted provider or accepted provider list should be empty.</i></b></font>';
]]></add>
</operation>
</file>

<file name="$languagedir/Modifications.german_informal.php" error="skip">
<operation>
<search position="end" />
<add><![CDATA[$txt['restricted'] = 'Es tut uns leid, E-Mail-Adressen von diesem Anbieter können nicht genutzt werden. Nutzer berichteten uns, dass sie E-Mails nicht erhalten haben, wenn sie diesen Anbieter nutzten. Bitte benutze eine alternative E-Mail-Adresse. Es tut uns leid, dass dein E-Mail-Anbieter solche Probleme bereitet.';
$txt['enable_restrict_EmailProvider'] = 'Aktiviere die Sperre für E-Mail-Anbieter';
$txt['restricted_provider'] = 'Welche E-Mail Anbieter sollen<br />gesperrt werden? (Blacklist)<br /><i>(z.B. für <b><font color="red">hotmail und gmail</font></b> solltest du schreiben: @hotmail.com,@gmail.com)</i><font color="red"><br />Anmerkung: Entweder Blacklist oder Whitelist sollte leer sein.</i></b></font>';
$txt['accepted_provider'] = 'Welche E-Mail Anbieter sollen<br />akzeptiert werden? (Whitelist)<br /><i>(z.B. für <b><font color="red">hotmail und gmail</font></b> solltest du schreiben: @hotmail.com,@gmail.com)</i><font color="red"><br />Anmerkung: Entweder Blacklist oder Whitelist sollte leer sein.</i></b></font>';
]]></add>
</operation>
</file>

<file name="$languagedir/Modifications.german_informal-utf8.php" error="skip">
<operation>
<search position="end" />
<add><![CDATA[$txt['restricted'] = 'Es tut uns leid, E-Mail-Adressen von diesem Anbieter können nicht genutzt werden. Nutzer berichteten uns, dass sie E-Mails nicht erhalten haben, wenn sie diesen Anbieter nutzten. Bitte benutze eine alternative E-Mail-Adresse. Es tut uns leid, dass dein E-Mail-Anbieter solche Probleme bereitet.';
$txt['enable_restrict_EmailProvider'] = 'Aktiviere die Sperre für E-Mail-Anbieter';
$txt['restricted_provider'] = 'Welche E-Mail Anbieter sollen<br />gesperrt werden? (Blacklist)<br /><i>(z.B. für <b><font color="red">hotmail und gmail</font></b> solltest du schreiben: @hotmail.com,@gmail.com)</i><font color="red"><br />Anmerkung: Entweder Blacklist oder Whitelist sollte leer sein.</i></b></font>';
$txt['accepted_provider'] = 'Welche E-Mail Anbieter sollen<br />akzeptiert werden? (Whitelist)<br /><i>(z.B. für <b><font color="red">hotmail und gmail</font></b> solltest du schreiben: @hotmail.com,@gmail.com)</i><font color="red"><br />Anmerkung: Entweder Blacklist oder Whitelist sollte leer sein.</i></b></font>';
]]></add>
</operation>
</file>

</modification>


Save the file, zip all files and install mod by using this new zip file.

this includes all mentioned fixes in this thread and also a german translation for "german informal"
notice: the version number and title (it's not for registration only, anymore) of the mod is not changed. if you want to do so, edit package-info.xml, too.

p.s. i hope, this is not a license problem anymore =) btw.. which license? did not find any.