If you are still hosting a vBulletin 4 forum for whatever the reason may be, you are probably experiencing the spambot hell. Captcha plugins are out of date or simply bypassed and protections like human verification questions just do not seem to work. You could throw Cloudflare in front for some bot detection and that is probably a good idea.
I observed that the major hole in arresting the bots from even registering is the use of various random domains and subdomains in their emails. You do have an email banlist option in Admin CP but that really does not cut it because there is no support for regex and there are infinite domains to block. An email whitelist would be much better because you then force the spammers to create email accounts at major email providers like gmail and outlook which slows them down.
That will block legitimate users who use personal email domains but that is usually a small minority that can be handled on case by case basis. It depends on your use case if you can accept that.
There are no email whitelist plugins out there so I decided to just dig into the vBulletin code and hardcode it.. how hard can it be? Turns out it’s easy.
The function that handles the email ban list can be found under the name is_banned_email in a includes/functions_user.php.
Right before the return statement, we can hardcode our email domain whitelist as an additional protection:
// custom addition: email whitelist
$email_domain_whitelist = [
/* Default domains included */
"aol.com", "att.net", "facebook.com", "gmail.com", "gmx.com", "googlemail.com",
"google.com", "hotmail.com", "hotmail.co.uk", "mac.com", "me.com", "mail.com", "msn.com",
"live.com", "sbcglobal.net", "verizon.net",
/* Other global domains */
"email.com", "games.com" /* AOL */, "hush.com", "hushmail.com", "icloud.com", "inbox.com",
"lavabit.com", "love.com" /* AOL */, "outlook.com", "pobox.com", "rocketmail.com" /* Yahoo */,
"safe-mail.net", "wow.com" /* AOL */, "ygm.com" /* AOL */, "ymail.com" /* Yahoo */, "zoho.com", "fastmail.fm",
"yandex.com","iname.com",
/* United States ISP domains */
"bellsouth.net", "charter.net", "comcast.net", "cox.net", "earthlink.net", "juno.com",
/* British ISP domains */
"btinternet.com", "virginmedia.com", "blueyonder.co.uk", "freeserve.co.uk", "live.co.uk",
"ntlworld.com", "o2.co.uk", "orange.net", "sky.com", "talktalk.co.uk", "tiscali.co.uk",
"virgin.net", "wanadoo.co.uk", "bt.com",
/* Domains used in Asia */
"sina.com", "qq.com", "naver.com", "hanmail.net", "daum.net", "nate.com",
/* French ISP domains */
"hotmail.fr", "live.fr", "laposte.net", "wanadoo.fr", "orange.fr", "gmx.fr", "sfr.fr", "neuf.fr", "free.fr",
/* German ISP domains */
"gmx.de", "hotmail.de", "live.de", "online.de", "t-online.de" /* T-Mobile */, "web.de",
/* Russian ISP domains */
"mail.ru", "rambler.ru", "yandex.ru", "ya.ru", "list.ru",
/* Domains used in Brazil */
"hotmail.com.br", "outlook.com.br", "uol.com.br", "bol.com.br", "terra.com.br", "ig.com.br",
"itelefonica.com.br", "r7.com", "zipmail.com.br", "globo.com", "globomail.com", "oi.com.br",
/* personal domains */
"czech.click"
];
$emailParts = explode('@', $email);
if (count($emailParts) === 2) {
$domain = $emailParts[1];
if (!in_array($domain, $email_domain_whitelist)) {
return 1;
}
}