HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Email whitelist?

NewtexNewtex New
edited October 2019 in Vanilla 3.x Help

I have an email banning rule that works great, but it's slightly too generic atm and making it less generic would let bots pass through. If I was able to whitelist a certain email provider then it would be perfect. Is there any way to do that?

Comments

  • What is your current rule and how implemented?

  • KasparKaspar Moderator
    edited October 2019


    That would not help - As I understand what you wrote:

    You got a rule

    A*@example.ban

    But it is to generic as everyone starting with A gets banned.


    So you want to whitelist

    *@example.ban

    Which rule then gets presedence?


    Maybe your case is more clear when I see your reply to donshakespeare

  • @Kaspar

    That's a silly example and has nothing to do with domains. I clearly write that this is about email providers, not names.


    @donshakespeare

    My rule is *@*.*.*

    So far it has banned 5000 invalid users from spam domains matching that pattern.

    2 were valid.

    Those two valid users had *@yahoo.co*.*

    If I could whitelist *@yahoo.co*.*, that would be great.

  • KasparKaspar Moderator

    "a distinct subset of the Internet with addresses sharing a common suffix or under the control of a particular organization or individual."

    You want to whitelist the subset of common suffix, which is a domain or part of its name, not the organization or individual which is providing said domain.


    I have not tested this and do not know if it works "as is" with the current vf version but it is a start.


  • @Newtex Can you provide a sample of that pesky email being used by bot?

  • R_JR_J Admin
    edited October 2019

    By now I haven't understood how that rule is applied. A plugin for such a purpose would be short:

    class SomePlugin extends Gdn_Plugin {
        public function userModel_beforeRegister_handler($sender, $args) {
            if (isset($args['RegisteringUser'])) {
                $email = $args['RegisteringUser']['Email'];
            } else {
                $email = $args['User']['Email'];
            }
            // Do the magic here, return if everything is alright, if it fails:
            $args['Valid'] = false;
            $sender->Validation->addValidationResult('Email', 'Go away...');
        }
    }
    

    That "magic" there could be a preg_match and the whitelist could be written in the config to make it flexible: $pattern = Gdn::config('Plugins.SomePlugin.WhitelistPattern').If you put also that blacklist into a config setting, that would make a decent plugin.

    If you prefer to ban such users instead of hindering them from registration, you could use the afterRegistration event instead.

Sign In or Register to comment.