Category Archives: PHP

Protecting your vBulletin 4 registration against spambots with email domain whitelist

If you are still hosting a vBulletin 4 forum for whatever the reason may be, you are probably experiencing the spambot hell. Captcha plugins are out of date or simply bypassed and protections like human verification questions just do not seem to work. You could throw Cloudflare in front for some bot detection and that is probably a good idea.

I observed that the major hole in arresting the bots from even registering is the use of various random domains and subdomains in their emails. You do have an email banlist option in Admin CP but that really does not cut it because there is no support for regex and there are infinite domains to block. An email whitelist would be much better because you then force the spammers to create email accounts at major email providers like gmail and outlook which slows them down.

That will block legitimate users who use personal email domains but that is usually a small minority that can be handled on case by case basis. It depends on your use case if you can accept that.

There are no email whitelist plugins out there so I decided to just dig into the vBulletin code and hardcode it.. how hard can it be? Turns out it's easy.

The function that handles the email ban list can be found under the name is_banned_email in a includes/functions_user.php.

Right before the return statement, we can hardcode our email domain whitelist as an additional protection:

// custom addition: email whitelist
$email_domain_whitelist = [
    /* Default domains included */
    "aol.com", "att.net", "facebook.com", "gmail.com", "gmx.com", "googlemail.com",
    "google.com", "hotmail.com", "hotmail.co.uk", "mac.com", "me.com", "mail.com", "msn.com",
    "live.com", "sbcglobal.net", "verizon.net",

    /* Other global domains */
    "email.com", "games.com" /* AOL */, "hush.com", "hushmail.com", "icloud.com", "inbox.com",
    "lavabit.com", "love.com" /* AOL */, "outlook.com", "pobox.com", "rocketmail.com" /* Yahoo */,
    "safe-mail.net", "wow.com" /* AOL */, "ygm.com" /* AOL */, "ymail.com" /* Yahoo */, "zoho.com", "fastmail.fm",
    "yandex.com","iname.com",

    /* United States ISP domains */
    "bellsouth.net", "charter.net", "comcast.net", "cox.net", "earthlink.net", "juno.com",

    /* British ISP domains */
    "btinternet.com", "virginmedia.com", "blueyonder.co.uk", "freeserve.co.uk", "live.co.uk",
    "ntlworld.com", "o2.co.uk", "orange.net", "sky.com", "talktalk.co.uk", "tiscali.co.uk",
    "virgin.net", "wanadoo.co.uk", "bt.com",

    /* Domains used in Asia */
    "sina.com", "qq.com", "naver.com", "hanmail.net", "daum.net", "nate.com",

    /* French ISP domains */
    "hotmail.fr", "live.fr", "laposte.net", "wanadoo.fr", "orange.fr", "gmx.fr", "sfr.fr", "neuf.fr", "free.fr",

    /* German ISP domains */
    "gmx.de", "hotmail.de", "live.de", "online.de", "t-online.de" /* T-Mobile */, "web.de",

    /* Russian ISP domains */
    "mail.ru", "rambler.ru", "yandex.ru", "ya.ru", "list.ru",

    /* Domains used in Brazil */
    "hotmail.com.br", "outlook.com.br", "uol.com.br", "bol.com.br", "terra.com.br", "ig.com.br", 
    "itelefonica.com.br", "r7.com", "zipmail.com.br", "globo.com", "globomail.com", "oi.com.br",
    
    /* personal domains */
    "czech.click"
];

$emailParts = explode('@', $email);

if (count($emailParts) === 2) {
    $domain = $emailParts[1];
    if (!in_array($domain, $email_domain_whitelist)) {
        return 1;
    }
}

Cen
GitHub
Eurobattle.net
Lagabuse.com
Bnetdocs

Debugging Laravel in Eclipse PDT

I don't use PHP enough to justify buying a PHPStorm license so I am using Eclipse PDT instead. I am a bit rusty with Eclipse and PHP so I couldn't really find anything on Google about debugging Laravel projects in Eclipse. Finally figured it out, here is how.

Examples are done on Eclipse IDE Version: 2019-12 (4.14.0).

First, configure XDebug with Eclipse. On Fedora you can install it via

sudo dnf install php-xdebug

Check that XDebug remote is enabled with phpinfo() test site, if not add the following line to your php.ini:

xdebug.remote_enable = 1

Now in Eclipse, we first add a server. In Window->Preferences->PHP->Servers add a new server like this:

Document root is our Laravel public folder and base URL is the default host and port of

php artisan serve

Now check your Debug settings in PHP->Debug, select the newly created server and check that XDebug is set as the debugger:

If XDebug is not present here, configure it under PHP->Debug->Debuggers first.

Finally, under General->Web Browser, we select an external web browser to launch our website instead of integrated Eclipse Browser.

We are done with Preferences so close it. Next to the Debug button in main Eclipse toolbar, click on the arrow for the dropdown and select Debug configurations…

Create a new PHP Web Application config like this.

We point the file to public index and map it to root URL (default by artisan serve). Under Debugger tab check that XDebug is selected.

Now go to the terminal and serve your laravel app as you would with

php artisan serve

Finally, run the "web" Debug configuration from Eclipse. Eclipse should go into the Debug mode and open up your site in your selected browser. You can now place your breakpoints in controllers or wherever and things just work like you would expect.

Cen
GitHub
Eurobattle.net
Lagabuse.com
Bnetdocs