How to prevent sign-ups with fake email addresses?

Discussion in 'Setting-up protection' started by orish, Jul 31, 2021.

  1. orish

    orish aMember Pro Customer

    Joined:
    Mar 15, 2011
    Messages:
    49
    I have had several attempts to sign up for a free membership made by fake or throwaway email addresses.

    I've configured amember to send a confirmation email before activation. This has become essential for me now.

    If the address is fake then the confirmation email will not be received and no big deal. However, if it's a throwaway email then the new user still gets important information in my email like contact details and can access the free protected areas, etc. (given them better opportunities to spam me or hack into the system).

    How do I prevent this?

    Ideally, I'd like to have a mechanism (like in Happy Forms) where the submit button is conditionally active. For instance, if the email is invalid (or has a banned domain, like *@abdiell.xyz, or even an invalid or banned TLD, like *.xyz) or if any of the fields contain a URL, or "http" then the submit button should remain inactive, i.e. not even allowing the user to send the form at all.

    I think there is already a mechanism to ban IPs or a range of IPs (or maybe I'm thinking of something I've configured on my server), so that anyone operating from a banned IP can't even visit my website (just throws up some random error message as a deterrent). Doesn't stop people from using a VPN of course, so I don't know if it's viable.

    Any ideas?
  2. caesar

    caesar aMember Pro Developer Staff Member

    Joined:
    Oct 16, 2009
    Messages:
    2,286
    Hello,

    You can ban email domains in admin interface at:
    aMember CP -> Configuration -> Blocking IP/E-Mail

    Best Regards.
    orish likes this.
  3. joeyjay

    joeyjay aMember Pro Customer

    Joined:
    Apr 1, 2017
    Messages:
    3
    @orish, check your inbox for easy to follow instructions
  4. orish

    orish aMember Pro Customer

    Joined:
    Mar 15, 2011
    Messages:
    49
    Thank you Caesar. I completely forgot about this. I had even entered some IP addresses and emails before. So I knew about it already.

    Silly me.

    I particularly like the wildcard feature - that's very useful. I persistently get sign-up attempts with the TLD .xyz. So I think %.xyz will get rid of these hackers I hope :)
  5. joeyjay

    joeyjay aMember Pro Customer

    Joined:
    Apr 1, 2017
    Messages:
    3
    That makes 2 of us Orish, I have used the feature many times, but don't remember even seeing the email aspect of it, lol... Leave it to the aMember team to think of everything, eh?
  6. fionaclarkson

    fionaclarkson New Member

    Joined:
    Aug 16, 2021
    Messages:
    2
    Is there any way to prevent this, how do you know the addresses are fake?
  7. bstein

    bstein aMember Pro Customer

    Joined:
    Apr 11, 2020
    Messages:
    1
    there are services like 10minmail, imo not possible to get 100% rid of such attempts.

Share This Page