Welcome to the Question2Answer Q&A. There's also a demo if you just want to try it out.
+23 votes
2.6k views
in Plugins by
edited by

New Release:

The blocked IP field also has a size limit (which I hit as well), so I added another DNS blacklist lookup option. That allows me to put the (quite extensive) address ranges of spammer-friendly hosters into an RBL of my own.

Download: Version 1.8.0


The domain list has a limit of 12000 characters (which I hit), so I added an option for URI blacklist lookups. That way only the subdomain blocking entries need to remain in the domain list while "normal" domain blocking can be delegated to DNS lookups.

Download: Version 1.7.0


Version 1.6.0 adds the option to block e-mail addresses by regular expression match.

Download: Version 1.6.0


Version 1.5.0 adds ability to switch domain matching from blacklist (allow email addresses from all domains except the ones listed) to whitelist (allow email addresses only from listed domains).

Download: Version 1.5.0


I just released an updated version of the Registration Blocker plugin. The new version adds the ability to

  • block all subdomains of a given domain (adding .example.org to the blocked domains list will block registration with any subdomain of example.org, like foo.example.org or foo.bar.example.org, but not example.org itself)
  • block full email addresses

Download: Version 1.4.0

Q2A version: 1.8.5
by
Thanks @Ansgar for fast development
by
Thank you Ansgar!

Can you please share a regular expression to block by domain extension?

Let's say  all emails that use any domain with ".store" extension.

Thanks.
by
+1
A regular expression to match the entire TLD .store would be "\.store$" (without the double quotes). However, simply adding .store (with the leading dot) to the list of blocked domains (the "Email Domains" field) would do the same.
by
Thank you, I was getting a lot of domain.fun spam emails and I did not knew that .fun worked as a rule as well.

5 Answers

+2 votes
by

I just  updated the Registration Blocker plugin. The updated version adds the ability to 

  • Block some user names from being registerd on the site (e.g. xxx, owner, spammer, virus, ...).
  • block all subdomains of a given domain (adding .example.org to the blocked domains list will block registration with any subdomain of example.org, like foo.example.org or foo.bar.example.org, but not example.org itself)
  • Allow some email domains only (e.g. gmail.com, yahoo.com, ...)
  • Prevent users from changing their email address.
  • prevent users from changing their username.

Download: Updated Version

by
+1
Just for clarity: this is a different fork than the one I announced in the OP. I may add a checkbox for switching from blacklist mode to whitelist mode to my version at some point. However, I will not remove the subdomain feature, nor will I accept pull requests trying to do that.
by
What is the list of banned user i should write
And can you tell me how to use it too
by
There is no definitive list you "should write." It depends on how spammers are trying to abuse your site. I usually put names in the list that spammers have used repeatedly.
0 votes
by
You have no idea how much my community needed this... thank you
+1 vote
by

Due to popular demand: I just released Registration-Blocker version 1.5.0, which adds the ability to switch domain matching from blacklist (allow email addresses from all domains except the ones listed) to whitelist (allow email addresses only from listed domains).

Download: Version 1.5.0

+1 vote
by
Hello, this is a good tool. 
Can I also block domains from certain countries? 
Example: all .russ domains or email addresses?
by
+1
Yes, blocking all subdomains of a TLD is possible.
by
Hey @Ansgar Wiechers, @Matthi07 is talking extensions, not subdomains.

All emails that finish in:

.ru
.info
.site
.online
.club
.life

Etc...

That will get rid of a lot of spam in a easier way.

Is that possible? Or what to modify to make it happen?

Thanks.
by
@polle I'm well aware of what Matthi was talking about. You just failed to understand my response.

ru, info, site, etc. are so-called top-level domains (TLDs; the term "extension" is incorrect in this context). A second-level domain like example.info is a subdomain of the top-level domain info (even though the term "subdomain" is not commonly used when talking about second-level domains). By adding an entry .info (with the leading dot) to the block list all subdomains of that top-level domain get blocked (like example.info, foo.example.info, some.thing.else.info, ...).

Bottom line: yes, it's possible, as already stated.
by
Thank you for confirming that using a domain extension works.

About the naming, I just use the same as every single domain register in the world uses.

Domain: example.info (no matter the extension)
Subdomain: foo.example.info (it needs a parent domain)
Extension: .info

Cheers.
by
None of the registries I've worked with ever called TLDs "extensions," and I doubt that anyone with at least a modicum understanding of the domain name system would.
by
Not sure this has to go further, but what are your registers that sells you extensions as subdomains? Just curious to see how they actually have a "Buy Subdomains" and list all the extensions there.

If you go to the common ones, like hover, or goddady or any of those, you will see clearly: "Extensions".

At least in my experience for 20 years, I have never heard any person or company or register, refer to extensions as subdomains. This is the first time I hear that.

But it is ok, the important thing here is that extensions work in the plugin and that is great.

Cheers.
by
They're top level domains (TLDs). Not subdomains. Not extensions. The Wikipedia page about the Domain Name System (https://en.wikipedia.org/wiki/Domain_Name_System) is a good starting point if you want to read up on how DNS works. It also has links to the relevant RFCs.
by
Actually if you read my first message, I am not interested in how DNS works and that has nothing to do with this. it is just how things are said in the world and saying subdomains instead of extensions, confuses everyone.

Go here: https://uk.godaddy.com/domains/gtld-domain-names

You have to agree Godaddy is one of the biggest registers in the world, the same as Hover and all the others.

What can you see there?

Subdomains or Extensions?

That is everything, please don't try to convince me that every register in the world and me are incorrect, it makes no sense.

Now, please share a link to your register selling extensions as subdomains. That does not exists.

Cheers.
by
Please actually read what I wrote before responding. Thank you.
by
edited by
Ok, here is the quote: "Yes, blocking all subdomains of a TLD is possible."
Another one: "the term "extension" is incorrect"

Subdomains?

And that started everything. Please read my first message and your reply to that.

Cheers.
by
This is getting rather tedious, but I'll try explaining your misunderstanding one more time, so read closely:

"info" is a TOP LEVEL DOMAIN (or TLD), not an "extension".
The domain "example.info" is a SUBDOMAIN of that TOP LEVEL DOMAIN.
Hence blocking all SUBDOMAINS of a TOP LEVEL DOMAIN (i.e. ".info") will yield the desired result.

The relevant authoritative documentation about the Domain Name System is linked in the Wikipedia article I referenced. GoDaddy is not an authoritative source on DNS nomenclature, no matter how much you want it to.
–1 vote
by

I'm using AntiBot Captcha plugin with the latest q2a version.

it is working very well and has almost stopped spam registrations using bots. (I had 1000 to 2000 bots registrations each day!)

Just install it go to plugin settings increase the "Symbol count" to more than 6 and add some letters to "Character Set". (Characters are case sensitive)

Here is the link: https://github.com/pupi1985/q2a-kk-abc

by
Spamming an anti-spam plugin? Now, that's a new one.

Would you kindly NOT blindly copy/paste this to every freakin' question tagged with (anti-)spam? Thank you.
...