Ban email addresses in ListMail Pro?

[klausdahl]

Hi Dean,

Lately I've had a problem with people who try to spam my list.
They've signed up with other email addresses than their own. For
example, someone signed up with the company Paypal's support
email address: service@paypal.com

My question is this: Is there any way that I can set up the
validation procedure in your script, ListMail Pro, so that it can
filter away and show an error message when someone enters a
certain email address, such as, service@paypal.com or maybe an
AOL.com email address?

In other words, is it possible to disallow (ban) certain email
addresses (or domains like for example, email@aol.com or
email@hotmail.com) from being used in the fields used by ListMail
Pro?

I'll be very grateful if you'll please help me with this issue!

Thank you very much in advance!

Warmly,

Klaus Dahl

[DW]

Klaus,

This is not yet a part of the program but there are some simple modifications that can be added to signup.php to prevent certain emails from subscribing.  I fear that you may be pulled into a cat-and-mouse game by this troublemaker, however, as there are always more illegitimate addresses they will be able to find and add.

Immediately following the original LMP "include" lines at the top of signup.php

Code: [Select]

include("./config.php");
include("./admin.php");
Try adding:

Code: [Select]

if(strpos($email,'service@paypal.com') !== false
 || strpos($email,'bademail@paypal.com') !== false
 || strpos($email,'@baddomain.com') !== false
) exit('This email address may not subscribe.');
I will be implementing the ability to ban users in the very near future.

Regards

[klausdahl]

Thank you very much, Dean! So far it works perfectly for the email addresses I've tested. But you're right, it's difficult to prevent the problem entirely. But I'll do my best.

Adding this code (or a feature like it) to your excellent script, makes it even better. And it's very good already.

Thanks again, Dean!

Warmly,
Klaus

[DW]

You might also ban the submitter at the IP level with a line such as follows:

Code: [Select]

if($_SERVER['REMOTE_ADDR']=='10.20.30.40') exit('You may not subscribe.');
You can check the submitter's IP by clicking 'Edit' next to a user in the User Database.  I think this will be more effective than a per-email ban.  I will definitely consider adding IP banning to the upcoming ban feature.

Regards

[klausdahl]

Thanks a lot, Dean!

The only problem with that is that in this case the spammer is apparently using an anonymous IP address.

But I totally agree, such a feature will be most useful.  

Thanks, my friend!

Best,
Klaus

[john]

A handy IP address to ban is this one: 83.149.74.179

I'm getting 100's of spoof subscriptions from that ip.

If anyone else has any to ban, let me know.

John

[jennifer]

We have had an enormous amount of spam email addresses subscribing, even if they are deleted/removed, the resubscribe the following day.

Does the new version address this and enable a ban feature to be used in lieu of the programming lines you have noted below?


Thanks,
Nicole
on behalf of Jennifer

[DW]

Sorry this is not yet a feature but I'm hoping to have it in the next major update.  Until then you'll have to use the solution(s) mentioned in this thread.

Regards

[jennifer]

Dean,

In the signup.php I inserted the following lines as directed:

if(strpos($email,'@hotbox.com') !== false
 || strpos($email,'mnebs@odfyuft.biz') !== false
 || strpos($email,'nilap@gmail.com') !== false
 || strpos($email,'dgfdt@dpfyudf.com') !== false
 || strpos($email,'nilap@gmail.com') !== false
 || strpos($email,'nilaw@gmail.com') !== false
 || strpos($email,'nilad@gmail.com') !== false
 || strpos($email,'nilaz@gmail.com') !== false
 || strpos($email,'dloolik@mail.com') !== false
 || strpos($email,'ujxtc@odvyhg.biz') !== false
 || strpos($email,'buyeewers@mail.com') !== false
 || strpos($email,'bolen@yahoo.com') !== false
 || strpos($email,'dgfdt@dpfyudf.com') !== false
 || strpos($email,'volaazased@mail.com') !== false
 || strpos($email,'dfyuh@nxvops.biz') !== false
 || strpos($email,'gavaldi@yahoo.com') !== false
 || strpos($email,'brodwich@yahoo.com') !== false
 || strpos($email,'dorwin@yahoo.com') !== false
 || strpos($email,'ixfcif@dpfytws.net') !== false
 || strpos($email,'man555@yahoo.com') !== false
 || strpos($email,'xofts@paeqx.org') !== false
 || strpos($email,'xarense41@yahoo.com') !== false  
) exit('This email address may not subscribe.');

The largest spam signup offender is @hotbox.com.  After implementing the new php file on Sept 7th, I tested it by trying to sign up for the newsletter on the website and the testing was successful.

I have however, just received 7 New Signup notificaitons for: generic_viagra@hotbox.com, paxil@hotbox.com, costume@hotbox.com, fiveonike@hotbox.com, cingular_ringtones@hotbox.com, amoxicillin@hotbox.com, & soma@hotbox.com

Any ideas?


Thanks,
Nicole
on behalf of Jennifer

[DW]

Hi Nicole,

By all appearances it should work as expected. :? What happens if you try to subscribe one of those that made it through - does it deny subscription?  Do you have any other methods of subscription, such as by email?

If you continue to have troubles please create a trouble ticket with a description of the problem and information about your signup forms and I'll check into it free, as time allows.  For faster service you could order a Server Analysis for $35.

Regards

[jennifer]

I followed your suggestion and tried the signup page, which allowed me to signup using one of the banned email addys.  This prompted me to check the signup.php and I found that it was the original file without my ban prompts in it...  :shock:

Not sure what happened there but I copied the new file back out and it is working again, my signup tests showed that it is prohibiting signup by these addresses again.


Thanks,
Nicole
on behalf of Jennifer

[DW]

And to ban the user based on referring URL:

Code: [Select]

if(strstr($_SERVER['HTTP_REFERER'],'example.com/banned.html')) exit();

[clint]

I came across this the other day. Apparently it can be setup to work with a variety of scripts (but I must admit I am more conversant with cgi than php).

It looks like this program may have some potential to stop spammers subscribing.

http://www.bad-behavior.ioerror.us/

Regards,


Clint.

[reg]

The spam bot for me keeps trying to send URLs into one of the user fields (IE user3) for ads like:

http://vmig.stupidviagra_ad_whatever_url/index5.html

How would I use the above to top submissions if the http:// string or even .html string was found?

Thanks! This is great. Looks like a workable solution.

- reg

[reg]

Also, it seems that the Reference URL that comes in for my signup notifications always says:

Ref. URL: Unknown

Any way to filter for that? As obviously Ref. URL: Should be a page from my website.