Clean and Tweak My Site....

I am currently having some security issues with my site running Dolphin 7.0.7

I get 50+ fake registration per day (from @163.com). Also get Malicous URL, Trojan and redirect notification from Avast.

So here's my url.... www.worldautismcommunity.com

Please let me know how much you would charge to fix the issue/tweak the installation and prevent from happening in the future.

Post this in the Jobs section. 

You might want to also search the forums here for ways to block email addresses and spam controll.

Thank you :)

This is an easy fix. You just need to block those emails.

Here's something Prolaznik created a while back. I use it on my site and it works very well:

 prolaznik has published another way for restrict some of email providers of spammer on registration, I've added the email to ban, and this works very well for me..

Step1.

/inc/ design.inc.php

at the end of the file find
bx_import('BxDolAlerts');

and add this ABOVE it.

function ForbidenEmailProvider($Email)

     {
     
       $ForbidenEmailProvider[] = "@163.com";

       $ForbidenEmailProvider[] = "@sohu.com";

       $ForbidenEmailProvider[] = "@21cn.com";

       $ForbidenEmailProvider[] = "@gmx.com";

       $ForbidenEmailProvider[] = "@126.com";

       $ForbidenEmailProvider[] = "@qq.com";

       $ForbidenEmailProvider[] = "@yahoo.cn";

       $ForbidenEmailProvider[] = "@mx8168.net";

       $ForbidenEmailProvider[] = "@110mail.net";

       $ForbidenEmailProvider[] = "@buybrandshop.info";

       $ForbidenEmailProvider[] = "@lenfos.com";

       $ForbidenEmailProvider[] = "@mailinator.com";

       $ForbidenEmailProvider[] = "@tom.com";

       $ForbidenEmailProvider[] = "@hotmilitararygirls.com";

       $ForbidenEmailProvider[] = "@speaktolearn.net";

       $ForbidenEmailProvider[] = "@qtyhosting.com";

       $ForbidenEmailProvider[] = "@12gohere.net";

       $ForbidenEmailProvider[] = "@boxedchristmascards.ne";

       $ForbidenEmailProvider[] = "@yeah.net";

       $ForbidenEmailProvider[] = "@free-medicine.net";

       $ForbidenEmailProvider[] = "@satiny.co.uk";

       $ForbidenEmailProvider[] = "@energyforthehome.com";

       $ForbidenEmailProvider[] = "@dunkssb.net";

       $ForbidenEmailProvider[] = "@pumpkincarving.org";

       $ForbidenEmailProvider[] = "@theory-test-practice.co.uk";

       $ForbidenEmailProvider[] = "@cooljordanshoestore.com";

       $ForbidenEmailProvider[] = "@betfairmethods.com";
    
       foreach($ForbidenEmailProvider as $key => $value)
          {
          if ( strpos("zyx".$Email,$value) > 0 )
             return false;
          }  

       return true;

     }



Step2.

in administration / builders / profile fields (join form)
edit the email field click on advanced and replace

return (bool) preg_match('/^([a-z0-9\+\_\-\.]+)@([a-z0-9\+\_\-\.]+)$/i', $arg0);

WITH THIS

return ( ForbidenEmailProvider($arg0) and preg_match('/^([a-z0-9\+\_\-\.]+)@([a-z0-9\+\_\-\.]+)$/i', $arg0) );

Step3.

in administration / settings / languages settings look for

_FieldError_Email_Check

and edit the error msg. that's displayed, the default one is (please enter correct email) change to something like this

Invalid email address / or the email provider you are using is blacklisted.

or whatever you like.

That's it  you can add more email providers or remove some

$ForbidenEmailProvider[] = "@someprovider.";

this one needs to be on list

@linkjewellery.com

Thats whats nice about this. You can block any domain you want. I don't allow people with hotmail accounts either.

 I tried to add this SkyForum, trashed the join form, could you upload the files to a post here..

I may not be copying correctly.

When applied to a site I get a 500 error, and no email address will work.

This should DEFINITELY become part of the stock dolphin functionalilty at some point. If Boonex would add:

1. A block list for email domains

2. The option to block or allow link posting on the signup form, profile edit and blogs

We could cut out almost all the spam garbage we're dealing with.

 This one is pretty easy. Tell us exactly what you did installing it.

 I used different editor last night, I used Macromedia Dreamweaver to edit the file and it works now. Thanks

Cool.

I like Notepad or EditPadPro

 I used Notepad the first try and that I thought was the problem.

I usually use it to edit but when say you add an extra line to the code you included, the line position is not the same as in Macromedia.

Yeah, In Notepad, you have to make sure word wrap isn't enabled or you might cut a line right in half, lol

 notepad++ is working quite well for me all the time :-)

 I have some more very aggressive spammer attackers that should be added.

@aksarat.eu

@mail114.net

@supraonfootstore.com

This seems to just disable the "Join" button, nothing happens after clicking it.

another new spammer

@hush.com

I'm suffereing the same problem as DCSniper, the join button becomes disabled.

Can someone look into this please, its a definiate way of keeping the spam down, but the join button is disabled on the join page, any help please?

 another way without making these changes and taking the chance on it not working right and continually having to update your list.

Split your join for from one page to two, putting the security image last.  or and

Adding an extra question to your join form. 

http://www.boonex.com/forums/?action=goto&my_flags=1#topic/China-is-invading-help-me-with-form-field-validation.htm

Here's an updated list in alphanumeric order...

       $ForbidenEmailProvider[] = "@110mail.net";

       $ForbidenEmailProvider[] = "@126.com";

       $ForbidenEmailProvider[] = "@12gohere.net";

       $ForbidenEmailProvider[] = "@163.com";

       $ForbidenEmailProvider[] = "@188.com";

       $ForbidenEmailProvider[] = "@263.com";

       $ForbidenEmailProvider[] = "@21cn.com";

       $ForbidenEmailProvider[] = "@aol.com";

       $ForbidenEmailProvider[] = "@anji.com";

       $ForbidenEmailProvider[] = "@aksarat.eu";

       $ForbidenEmailProvider[] = "@bestcrusher.com";

       $ForbidenEmailProvider[] = "@betfairmethods.com";

       $ForbidenEmailProvider[] = "@bettabirch.com";

       $ForbidenEmailProvider[] = "@boxedchristmascards.ne";

       $ForbidenEmailProvider[] = "@buybrandshop.info";

       $ForbidenEmailProvider[] = "@cooljordanshoesale.com";

       $ForbidenEmailProvider[] = "@cooljordanshoestore.com";

       $ForbidenEmailProvider[] = "@corpease.net";

       $ForbidenEmailProvider[] = "@cric.com";

       $ForbidenEmailProvider[] = "@crystal.com.cn";

       $ForbidenEmailProvider[] = "@digitalchina.com";

       $ForbidenEmailProvider[] = "@dsmzibo.com";

       $ForbidenEmailProvider[] = "@dunkssb.net";

       $ForbidenEmailProvider[] = "@duoyuan.com";

       $ForbidenEmailProvider[] = "@eascs.com";

       $ForbidenEmailProvider[] = "@energyforthehome.com";

       $ForbidenEmailProvider[] = "@fnf.com";

       $ForbidenEmailProvider[] = "@free-medicine.net";

       $ForbidenEmailProvider[] = "@fuanan.com.cn";

       $ForbidenEmailProvider[] = "@fujitec.com.cn";

       $ForbidenEmailProvider[] = "@gdppri.com";

       $ForbidenEmailProvider[] = "@ginwave.com";

       $ForbidenEmailProvider[] = "@gnete.com";

       $ForbidenEmailProvider[] = "@gmx.com";

       $ForbidenEmailProvider[] = "@haerte.cn";

       $ForbidenEmailProvider[] = "@hamworthy.cn";

       $ForbidenEmailProvider[] = "@he.libertycenterone.com";

       $ForbidenEmailProvider[] = "@hnrtu.com";

       $ForbidenEmailProvider[] = "@hotmilitararygirls.com";

       $ForbidenEmailProvider[] = "@hush.com";

       $ForbidenEmailProvider[] = "@infosec.com.cn";

       $ForbidenEmailProvider[] = "@jotun.com";

       $ForbidenEmailProvider[] = "@karststage.com";

       $ForbidenEmailProvider[] = "@lenfos.com";

       $ForbidenEmailProvider[] = "@linkjewellery.com";

       $ForbidenEmailProvider[] = "@mail.iap.ac.cn";

       $ForbidenEmailProvider[] = "@mail.j2.com";

       $ForbidenEmailProvider[] = "@mail114.net";

       $ForbidenEmailProvider[] = "@mail15.com";

       $ForbidenEmailProvider[] = "@mailcity.com";

       $ForbidenEmailProvider[] = "@mailinator.com";

       $ForbidenEmailProvider[] = "@millenniumchengdu.com";

       $ForbidenEmailProvider[] = "@mx8168.net";

       $ForbidenEmailProvider[] = "@netapp.com";

       $ForbidenEmailProvider[] = "@ns4.i-mecca.net";

       $ForbidenEmailProvider[] = "@pidec.biz";

       $ForbidenEmailProvider[] = "@ptp.com.cn";

       $ForbidenEmailProvider[] = "@pumpkincarving.org";

       $ForbidenEmailProvider[] = "@qiye.163.com";

       $ForbidenEmailProvider[] = "@qq.com";

       $ForbidenEmailProvider[] = "@qtyhosting.com";

       $ForbidenEmailProvider[] = "@ro.openoffice.org";

       $ForbidenEmailProvider[] = "@saic.com.cn";

       $ForbidenEmailProvider[] = "@satiny.co.uk";

       $ForbidenEmailProvider[] = "@sina.com";

       $ForbidenEmailProvider[] = "@sohu.com";

       $ForbidenEmailProvider[] = "@speaktolearn.net";

       $ForbidenEmailProvider[] = "@sunrider.com";

       $ForbidenEmailProvider[] = "@supraonfootstore.com";

       $ForbidenEmailProvider[] = "@theory-test-practice.co.uk";

       $ForbidenEmailProvider[] = "@tom.com";

       $ForbidenEmailProvider[] = "@vip.163.com";

       $ForbidenEmailProvider[] = "@wellgo.com";

       $ForbidenEmailProvider[] = "@ym.163.com";

       $ForbidenEmailProvider[] = "@yahoo.cn";

       $ForbidenEmailProvider[] = "@yahoo.com.cn";

       $ForbidenEmailProvider[] = "@yeah.net";

epaulo FAIL. The list doesn't work because it disables the Join button, so adding this reallt isn't useful to myself or anyone else.

newton27 That may be the only way, by adding an extra block and asking a question etc.

This script idea in itself is great, but doesn't work at all, so pretty much useless.

@jf3000  please try to understand that "my" list is just an update to the email address list within the code block that SkyForum posted earlier in this thread (code written by Prolaznik).  That code block works for me... and it does not disable the Join button.  Your statement that the list I posted disables the Join button and is useless for everyone makes no sense to me.  Did you try to use the address list by itself?  That would explain your failure.

Placing that code in version 7.0.9 disables the join button, go through the posts on the forum, I am not the only person that seems to have this issue. The code that has been posted doesn't work, I am just letting you know and everyone else. Others have expressed it also disables there button as well. Simple.

Let's get some facts straight.  The list I posted is an ordered version of the one I found in the original code-block post by Prolaznik that's used to stop spammers that try to create an account with one of the listed email hosts.  It's the first / only time that I've posted my ordered version of the list.  The code block, with my ordered version, works perfect on my D 7.0.9 sites.  When someone tries to join with an email address, that uses one of the listed email hosts, their "join" fails... as it should.  

If you think the code is causing a problem with *your* D7.0.9 site then state it that way... don't generalize that since it fails on your site and you've read a few posts that it fails on some other sites that it therefore must fail for everyone's site.  My sites alone disprove that assertion.  

How exactly does your site's Join Button fail to work... and does this happen in all situations... on all pages?  I had problems with the Join Button in some situations and discovered it was related to how my site uses SSL.  I discovered if my site loaded with "http://" then I had Join Button problems... but when using "https://" the problems disappeared.  So forcing each page to load as https:// fixed the problem on my site.

Sky, Great post and Epaulo a very complete list, thank you both. For those that are having the problem with your JOIN button, make sure you are adding the code above the correct bx_import('BxDolAlerts'); as there are 2 in the file. if you added the code to the first one you see and not the last one you will have a problem with your JOIN button. 

 hi..thanks ..u just saved me from aol.com spammers.... any change to update the current list..