Tagged: Blacklist function NOT working
January 3, 2011 at 9:34 pm #2449
I have a user that is chronically trying to register on my site every day for the past month using a bad email addresses. As a result, I am getting a constant stream of error emails saying that message is undeliverable because there’s no such email account.
I’m using eMembers v5.8.8, and went to the control panel => Manage Blacklist and entered the email address, and all the variations he’s using separated by a semi-colon per the instructions. The problem is that the blacklist is NOT working.
I’ve tried several variations of the address with a semi-colon with a space, with no space, in columns, in a line to NO avail. This has been going on for over three weeks now.
Paul H.January 4, 2011 at 4:59 am #27727amin007Participant
The blacklist is to blacklist members to prevent bad members from being able to log in and use the site. The blacklist is not for checking who can register and who can’t. Are you using recaptcha on your registration form?January 4, 2011 at 6:15 pm #27728
Yes, I’m using recaptcha.
Additionally, he’s using a bad email address (and variations of the bad email, for instance, firstname.lastname@example.org, email@example.com, etc.), so he never receives the second email with the link in which to create a user name and password. So I created a user name and password for his first bad email, but the system still allows him to try to create NEW accounts using that same email.
Also, I have put that email address in the blacklist, but realize it’s pointless because he doesn’t know the user name or password.
How can I prevent this kind of “spam attack”? I can create accounts using whatever email he uses, but the system STILL allows him to try and create new ones. Can you fix it so that once an account is created with username and password, they can’t even try to submit for a new account?
PaulJanuary 5, 2011 at 3:29 am #27729amin007Participant
I probably wasn’t clear in my previous post. The blacklist only applies to a member. It does not apply to someone who is about to create a membership.
This is what you can do
Option 1) Create some accounts with those email addresses that he uses. You cannot create multiple accounts with the same email address so when he won’t be able to use those email address to create accounts anymore. You can also set the status of these fake accounts to blocked so no one can use it.
Option 2) This is the better option… you just block his IP address so he can’t access your site. so in your .htaccess file of the site just add his IP address against a block so he won’t even be able to view your site. It is very easy to do but if you are not sure then just search on Google a bit (there are a lot of articles on how to bock IP address in .htaccess file)January 5, 2011 at 3:17 pm #27730
Will do, many thanks!
PaulAugust 2, 2013 at 5:33 am #27731Russell58Member
Hi, I have an IPN script that is creating new members of everyone that buys anything via PayPal (yes this script needs replacing but for the time being there are reasons why we cant do that immediately).
In particular this was creating issues when PayPal sent us commissions for sales of another developer’s product… the developer was getting added as a member as we are using the WP-emember API (member.php) script.
I thought I could remedy this issue by adding the developer’s email to the blacklist but it did not. Then I tried to create a new member registration using the developer’s email and was prevented as you indicated in your post.
However,.. it appears that because I am using the option to “allow secondary membership” in the Settings panel that this overrides script generated new membership registrations.
Is that the case? I suppose it would be in which case I have 2 options;
1) don’t allow secondary registrations
2) remove the universal IPN from PayPal that sends all post sale data to member.php script!
Your confirmation would be appreciated.
Thanks.August 3, 2013 at 12:30 am #27732adminKeymaster
Option 2 is the best one to do as you shouldn’t really send IPN everywhere for every sale via your PayPal account. However, if you just cannot remove this then I would recommend hard-coding a special check in your script that is handling the membership creation via the API. You should be able to do some extra checks in your script to know if the IPN that came in is not for eMember (you can simply return or exit in that case rather than going forward to the emember API).August 3, 2013 at 6:45 am #27733Russell58Member
Thanks,.. that’s a good suggestion for the time being for us to add a code amendment in the IPN not to send certain sales via the member.php route.
Great support,.. much appreciated!
- You must be logged in to reply to this topic.