diff --git a/README.md b/README.md index ec9adf8..88d5b42 100644 --- a/README.md +++ b/README.md @@ -7,9 +7,11 @@ This plugin was originally created by [Amiya Sahu][1]. ## Features * Block some user names from being registerd on the site (e.g. xxx, owner, spammer, virus, ...). -* Block undesired email domains (e.g. example.org, foo.example.com, ...) and/or all of their subdomains (e.g. .example.org, .foo.example.com, ...). Note that .foo.example.com (with a leading dot) blocks all subdomains of foo.example.com (like bar.foo.example.com and some.other.sub.foo.example.com), but not foo.example.com itself, whereas foo.example.com (without a leading dot) blocks only the domain itself, but none of its subdomains. +* Block undesired email domains (e.g. example.org, foo.example.com, ...) and/or all of their subdomains (e.g. .example.org, .foo.example.com, ...). Note that .foo.example.com (with a leading dot) blocks all subdomains of foo.example.com (like bar.foo.example.com and some.other.sub.foo.example.com), but not foo.example.com itself, whereas foo.example.com (without a leading dot) blocks only the domain itself, but none of its subdomains. + Note that this list is limited to 12000 characters. If you're hitting that limit (which I did) you may want to consider using a URI (DNS) blacklist (see below) for regular domain blocking and leave only subdomain blocking entries in this list. * Domain blocking can be configured for either blacklist mode (allow all domains/subdomains except the ones listed) or whitelist mode (allow only listed domains/subdomains). Default is blacklist mode. * Block undesired email addresses by regular expression match (e.g. Gmail addresses with more than 3 dots in their localpart: `(\..*){4,}@gmail\.com$`). +* Block undesired email addresses by URI blacklist lookup (e.g. black.uribl.com). If you're familiar with operating a DNS server I recommend running your own URI blacklist. If you're using a third party service it's recommended to have the local DNS resolver on your Q2A server cache lookup results, so that the blacklist service doesn't get flooded. * Prevent users from changing their email address. * prevent users from changing their username. diff --git a/qa-registration-blocker-lang-default.php b/qa-registration-blocker-lang-default.php index e754c45..1a12217 100644 --- a/qa-registration-blocker-lang-default.php +++ b/qa-registration-blocker-lang-default.php @@ -39,4 +39,6 @@ 'username_not_allowed' => "This username is not allowed", 'not_allowed_to_change_email' => 'You are not allowed to change your email', 'not_allowed_to_change_username' => 'You are not allowed to change your username', + 'uribl' => 'URI Blacklists', + 'uribl_note' => 'Validate e-mail domain against these URI blacklists (eg black.uribl.com, one per line)', ); diff --git a/qa-registration-blocker-options.php b/qa-registration-blocker-options.php index 5800be7..3eae1c5 100644 --- a/qa-registration-blocker-options.php +++ b/qa-registration-blocker-options.php @@ -33,6 +33,7 @@ class qas_ubl_opt { const BANNED_EMAIL_ADDRESSES = 'qas_ubl_banned_email_addresses'; const BANNED_EMAIL_REGEX = 'qas_ubl_banned_email_regex'; const WHITELIST_MODE = 'qas_ubl_whitelist_mode'; + const URIBL = 'qas_ubl_uribl'; const DONT_ALLOW_TO_CHANGE_EMAIL = 'qas_ubl_dont_allow_ch_email'; const DONT_ALLOW_TO_CHANGE_HANDLE = 'qas_ubl_dont_allow_ch_handle'; } diff --git a/qa-registration-blocker.php b/qa-registration-blocker.php index 97a54cd..93fc8dd 100644 --- a/qa-registration-blocker.php +++ b/qa-registration-blocker.php @@ -40,6 +40,7 @@ public function admin_form(&$qa_content) { qa_opt(qas_ubl_opt::WHITELIST_MODE, (int) qa_post_text(qas_ubl_opt::WHITELIST_MODE)); qa_opt(qas_ubl_opt::BANNED_EMAIL_ADDRESSES, qa_post_text(qas_ubl_opt::BANNED_EMAIL_ADDRESSES)); qa_opt(qas_ubl_opt::BANNED_EMAIL_REGEX, qa_post_text(qas_ubl_opt::BANNED_EMAIL_REGEX)); + qa_opt(qas_ubl_opt::URIBL, qa_post_text(qas_ubl_opt::URIBL)); qa_opt(qas_ubl_opt::DONT_ALLOW_TO_CHANGE_EMAIL, (int) qa_post_text(qas_ubl_opt::DONT_ALLOW_TO_CHANGE_EMAIL)); qa_opt(qas_ubl_opt::DONT_ALLOW_TO_CHANGE_HANDLE, (int) qa_post_text(qas_ubl_opt::DONT_ALLOW_TO_CHANGE_HANDLE)); $saved = true; @@ -51,6 +52,7 @@ public function admin_form(&$qa_content) { qas_ubl_opt::WHITELIST_MODE => qas_ubl_opt::PLUGIN_ACTIVE, qas_ubl_opt::BANNED_EMAIL_ADDRESSES => qas_ubl_opt::PLUGIN_ACTIVE, qas_ubl_opt::BANNED_EMAIL_REGEX => qas_ubl_opt::PLUGIN_ACTIVE, + qas_ubl_opt::URIBL => qas_ubl_opt::PLUGIN_ACTIVE, qas_ubl_opt::DONT_ALLOW_TO_CHANGE_EMAIL => qas_ubl_opt::PLUGIN_ACTIVE, qas_ubl_opt::DONT_ALLOW_TO_CHANGE_HANDLE => qas_ubl_opt::PLUGIN_ACTIVE, )); @@ -62,6 +64,7 @@ public function admin_form(&$qa_content) { $this->get_whitelist_mode(), $this->get_banned_email_address_field(), $this->get_banned_email_regex_field(), + $this->get_uribl_field(), $this->get_dont_allow_email_field_change(), $this->get_dont_allow_handle_field_change() ); @@ -87,6 +90,8 @@ public function filter_email(&$email, $olduser) { $topdomains = Array(); $subdomains = Array(); + $uribl = explode("\n", qa_opt(qas_ubl_opt::URIBL)); + foreach ($all_domains as $domain) { if (substr($domain, 0, 1) === '.') { $subdomains[] = $domain; @@ -106,6 +111,11 @@ public function filter_email(&$email, $olduser) { return $this->translate('email_domain_not_allowed'); } } else { + foreach ($uribl as $bl) { + if (preg_match('/^127\.0\.0\.[0-9]+$/', gethostbyname("${email_domain}.${bl}"))) { + return $this->translate('email_domain_not_allowed'); + } + } if (in_array($email_domain, $topdomains)) { return $this->translate('email_domain_not_allowed'); } @@ -248,6 +258,18 @@ private function get_banned_email_regex_field() { )); } + private function get_uribl_field() { + return array(array( + 'id' => qas_ubl_opt::URIBL, + 'label' => $this->translate('uribl'), + 'note' => $this->translate('uribl_note'), + 'tags' => 'name="' . qas_ubl_opt::URIBL . '"', + 'value' => qa_opt(qas_ubl_opt::URIBL), + 'type' => 'textarea', + 'rows' => 5, + )); + } + private function ends_with_any($str, $matches) { foreach ($matches as $match) { $length = strlen($match);