I have had several attempts to sign up for a free membership made by fake or throwaway email addresses. I've configured amember to send a confirmation email before activation. This has become essential for me now. If the address is fake then the confirmation email will not be received and no big deal. However, if it's a throwaway email then the new user still gets important information in my email like contact details and can access the free protected areas, etc. (given them better opportunities to spam me or hack into the system). How do I prevent this? Ideally, I'd like to have a mechanism (like in Happy Forms) where the submit button is conditionally active. For instance, if the email is invalid (or has a banned domain, like *@abdiell.xyz, or even an invalid or banned TLD, like *.xyz) or if any of the fields contain a URL, or "http" then the submit button should remain inactive, i.e. not even allowing the user to send the form at all. I think there is already a mechanism to ban IPs or a range of IPs (or maybe I'm thinking of something I've configured on my server), so that anyone operating from a banned IP can't even visit my website (just throws up some random error message as a deterrent). Doesn't stop people from using a VPN of course, so I don't know if it's viable. Any ideas?
Hello, You can ban email domains in admin interface at: aMember CP -> Configuration -> Blocking IP/E-Mail Best Regards.
Thank you Caesar. I completely forgot about this. I had even entered some IP addresses and emails before. So I knew about it already. Silly me. I particularly like the wildcard feature - that's very useful. I persistently get sign-up attempts with the TLD .xyz. So I think %.xyz will get rid of these hackers I hope
That makes 2 of us Orish, I have used the feature many times, but don't remember even seeing the email aspect of it, lol... Leave it to the aMember team to think of everything, eh?