Fork me on GitHub

email domains blacklist  Bottom

  • m7b5

    Freshman
    • Rank: Freshman
    • Registered: Sep 11, 2008
    • Last visit: Feb 05, 2010
    • Posts: 63
    Link to this post Posted: May 18, 2009 - 06:06 PM
    hello everybody,
    I sometimes have fake user registration, I suppose made by bots, that use false email addresses while compilingthe registration form.
    Fortunately the email confirmation procedure works, so the user remains "inactive", and I delete it ASAP.
    At the same time I'm compiling the domain blacklist field in the user administration page, and it keeps growing.
    Is 'comma' the only separator admitted between the domain names?
    I used to add a carriage return, to keep the list readable without scrolling, but today I had a new registration from a blacklisted domain... maybe the CR I inserted void the blacklist check?
    Should I return to a single-row list (can become very long)?
    Is there a way to break this blaclist line?

    thank you in advance..
  • larsneo
    larsneo
    Software Foundation
    • Rank: Software Foundation
    • Registered: Dec 31, 1969
    • Last visit: Oct 21, 2009
    • Posts: 3814
    Link to this post Posted: May 19, 2009 - 01:57 AM
    instead of trying to use a blacklist i'd suggest to use the registration question/answer combination, block "libwww, lwp" useragents and addionally use e.g. badbehavior to avoid fake user registrations...

    --
    regards from germany
    ..::[Zikula Application Framework]::.. ..::[SEO-Blog]::.. ..::[CMS Sicherheit]::..
  • songbird

    Freshman
    • Rank: Freshman
    • Registered: Jan 10, 2003
    • Last visit: Jan 30, 2010
    • Posts: 73
    Link to this post Posted: May 19, 2009 - 02:09 AM
    Specifically, how do you block "libwww, lwp" useragents?
  • m7b5

    Freshman
    • Rank: Freshman
    • Registered: Sep 11, 2008
    • Last visit: Feb 05, 2010
    • Posts: 63
    Link to this post Posted: May 19, 2009 - 02:23 AM

    larsneo

    instead of trying to use a blacklist i'd suggest to use the registration question/answer combination, block "libwww, lwp" useragents and addionally use e.g. badbehavior to avoid fake user registrations...


    ok, I'll try... when I'll understand what those useragents are icon_smile
    (sorry, I'm still quite newbie for these security things)

    Do you mean that the blacklist methon in user administration doesn't work well?

    thank you for answering
  • m7b5

    Freshman
    • Rank: Freshman
    • Registered: Sep 11, 2008
    • Last visit: Feb 05, 2010
    • Posts: 63
    Link to this post Posted: May 21, 2009 - 12:05 AM
    found.
    For those who may concern (or am I the only one?), blocking "libwww, lwp" useragents is made by editing the htaccess file, not a zikula feature.
  • ccandreva
    ccandreva
    Developer
    • Rank: Developer
    • Registered: Sep 22, 2005
    • Last visit: May 20, 2010
    • Posts: 292
    Link to this post Posted: May 21, 2009 - 02:30 AM
    Could you post what it was you added to .htaccess to do this ?
  • m7b5

    Freshman
    • Rank: Freshman
    • Registered: Sep 11, 2008
    • Last visit: Feb 05, 2010
    • Posts: 63
    Link to this post Posted: May 21, 2009 - 04:41 AM
    well... actually haven't tried yet, but I'm going ASAP.

    What I'm referring to is this article
    http://drupal.org/node/150550
    (but Googling around you find plenty of other examples), so what I'm going to do is inserting these rows (hoping it works)

    Code

    SetEnvIf User-Agent "libwww" getout
    SetEnvIf User-Agent "lwp" getout

Users on-line

  • 0 users

This list is based on users active over the last 60 minutes.