XF 2.1 Allowing registrations from email domain whitelist

[Edman]

I have a site that is being spammed up by Korean and Japanese bots, and they are bypassing everything. I have a feeling these are actual real people who are doing the spamming.

There is one common factor - they are registering using uncommong email domains. Domains such as:
@Dot-mail.top
@ifansforyou.ru
@amail3.com
@nygmkv.icu
@worldinvent.com
There are literally hundreds of these domains, and every other spam account uses a new one.

So what I want is for all registrations that are not
gmail.com
yahoo.com
yahoo.co.uk
hotmail.com
live.com
etc

to go into approval queue.

Is this possible with Xenforo, or maybe there is an add-on that can do this?

 

[Martok]

Unfortunately you can also get spam registrations from those email providers too, as well as get legitimate registrations from people who don't use any of those (for example anyone who has bought a domain name and uses that for their email).

Have you set up all of the spam options in Spam Management such as checking all registrations agains the StopForumSpam database (and what is your setup for that?). Also checking DNSBL on registration, have a Project Honey Pot key, a StopForumSpam using API key etc (all details in Spam Management in the ACP). I find all of this pretty much catches all of these spammers and puts them in the approval queue.

 

[Edman]

Unfortunately you can also get spam registrations from those email providers too, as well as get legitimate registrations from people who don't use any of those (for example anyone who has bought a domain name and uses that for their email).

That's not the case here, there are no spammers arriving from legitimate domains for me.

The board's also kinda quiet, so the chances of banning legitimate new registrations from weird email addresses that are actually looking to post are pretty low. Besides, they'd still be in the approval queue.

Have you set up all of the spam options in Spam Management such as checking all registrations agains the StopForumSpam database (and what is your setup for that?). Also checking DNSBL on registration, have a Project Honey Pot key, a StopForumSpam using API key etc (all details in Spam Management in the ACP). I find all of this pretty much catches all of these spammers and puts them in the approval queue.

Yes, all of this is set up. And the spam posts are specific - IPs are all Korean, Japanese, or use US servers like Digital Ocean. All posts are made in Japanese. And they are all registering with BS email domains.

 

[djbaxter]

Have you enabled email confirmation?



This will stop many of those.

Combine it with AndyB's addon to delete unconfirmed email registrations after X days (I use 10 days):

Auto delete email confirm

Premium upgrade: This XF2 add-on along with the entire collection can be purchased for $35.00 USD. Your Premium upgrade will allow you to download as many XF2 add-ons as you like for one year. Please see the entire collection located in the...

xenforo.com

 

[Edman]

Yes, email confirmation is enabled.

I don't see how deleting unconfirmed email would help in this case, given that users with unconfirmed emails can't post.

 

[Snog]

Those are all disposable email addresses.

Download this resource:

Unmaintained - Banned emails; Trashmails & Spammails

Description Navigate to the window below and select the banned_emails.xml file that is included in the zip archive. Donate If you like our work, please consider sending a small donation. Additional information We would prefer it if bugs were...

xenforo.com

And import the xml file that's in it into your banned email list.

 

[Edman]

Thanks! I've added this to my forum, lets see what happens!

 

[gogo]

Thanks! I've added this to my forum, lets see what happens!

So after half an year, did that help?

 

[Edman]

Nope! Spammers went right through that.

But the spam relented after a few months, and we're now getting 10-15 spam threads a month.

 

[gogo]

Nope! Spammers went right through that.

But the spam relented after a few months, and we're now getting 10-15 spam threads a month.

That means the add-on is not that useful then ?

Actually there are more and more domain names used for disposable emails every day. A static blacklist file really can't help much...

What could be the solution then? Let me create a new thread discuss this.

 

[CtrlV]

I think there should be an add-on that only allow Gmail Yahoo or hotmail email

 

[rosal]

I think there should be an add-on that only allow Gmail Yahoo or hotmail email

Yes one whitelist emails and all others emails goes to manual approval, anything like that?

 

[djbaxter]

I think there should be an add-on that only allow Gmail Yahoo or hotmail email

I don't use either of those.

Yes one whitelist emails and all others emails goes to manual approval, anything like that?

That would require, sooner or later, a very large whitelist, e.g., all those members using company emails for starters.

This would be unnecessary and impractical for most forums.

 

[rosal]

I don't use either of those.


That would require, sooner or later, a very large whitelist, e.g., all those members using company emails for starters.

This would be unnecessary and impractical for most forums.

85% off all new users have same emails services like gmail, hotmail, so for us is not a problem manual approval the others 15%.

 

[djbaxter]

85% off all new users have same emails services like gmail, hotmail, so for us is not a problem manual approval the others 15%.

That 85% may apply to your forum. Don't assume it applies to all or even most forums.