Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Banning an e-mail domain causes a 406 error?

I've been getting new applicants, all from hotmail.com, that are clearly automated spambots. So I went into the Ban List page, and added "*@hotmail.com" thinking that would ban them from even visiting/applying to register. First of all, am I correct in thinking this?

Secondly, after doing that, I see on the ban page that 97 users apparently have hotmail as their registered e-mail address. It looks like I could click on that "97" under the "Users" column to see the list, but when I do I get the following:

**Error 406 - Not Acceptable

An error has occurred. Generally a 406 error is caused because a request has been blocked by Mod Security. If you believe that your request has been blocked by mistake please contact the web site owner.**

I was wondering what could be causing this error? That andif I'm even using the Ban List function properly. Thanks!

Comments

  • if they are automated - it seems everybody who has used botstop plugin has had great success. Are you using it?

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • peregrineperegrine MVP
    edited March 2013

    I could be wrong but I think all you need is

    %hotmail.com

    or possibly
    %@hotmail.com

    or just try

    hotmail.com

    the * may be causing problems, try %

    $Result['u.Email like'] = $Ban['BanValue'];

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • peregrineperegrine MVP
    edited March 2013

    based on $Result['u.Email like'] = $Ban['BanValue'];

    it would seem the value you want to enter is just %hotmail.com

    http://dev.mysql.com/doc/refman/5.0/en/string-comparison-functions.html

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • ShadowdareShadowdare r_j MVP
    edited March 2013

    In the dashboard, there is text that suggests asterisks for wildcards. If it doesn't block people from joining with hotmail.com emails, then give what @peregrine suggested a try. The 406 error can be fixed by adding exclusions for the mod_security module in the Apache web server.

    Add Pages to Vanilla with the Basic Pages app

  • Sorry for the delay, I went out of town after posting that. Thanks all for the awesome advice. I haven't tried botstop, but I'll definitely be checking it out and/or changing my * to a %

  • Was there ever any resolution to this? I tried adding '%hotmail.com' to my ban list, but no dice. I was able to successfully register a hotmail email address, and confirm it.

  • I went with installing botstop and that did the trick for me.

  • I already have a captcha and email verification. I feel like an additional "are you human" question in superfluous at this point. On the other hand, I have had no hotmail addresses who aren't spammers, so I was just going to block them entirely, and have someone email me for manual signup if they're legit. Not terribly elegant, but it's getting a little ridiculous.

  • vrijvlindervrijvlinder Papillon-Sauvage MVP

    There is a new plugin called ban applicant maybe it will work for you. I don't have the means to test it since I got botstop I get no applicants

  • @Lark said:
    I already have a captcha and email verification. I feel like an additional "are you human" question in superfluous at this point. On the other hand, I have had no hotmail addresses who aren't spammers, so I was just going to block them entirely, and have someone email me for manual signup if they're legit. Not terribly elegant, but it's getting a little ridiculous.

    and you tried just this:

    hotmail.com

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

  • @peregrine said:
    and you tried just this:

    hotmail.com

    We're not even going to talk about how dumb I feel right now. Thanks!

Sign In or Register to comment.