Hi guys,
Not sure how to troubleshoot this, and apologies if I've missed the obvious. This is our first time using the module.
We have been getting swamped with spam registrations from a specific domain: @itregi.com
I set a rule to deny these registrations: %@itregi.com
Nothing happened. We're still getting flooded.
The rule is there, enabled, and it seems like it should be working...but, see attached.

The user rego form is at:
http://directory.communitygarden.org.au/user/register
When I manually attempt to register with an @itregi.com address, the form submits (ie, is not denied).
Any clues for what I could do to improve?

Thanks heaps, JB

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

adammalone’s picture

Status: Active » Postponed (maintainer needs more info)

Hi John,

Having tested this on a site with user restrictions on, I was greeted with the standard denial message after using the same settings as you for creating the rule. Could I just ask you to check your permission page though and see if any unexpected roles have the bypass user restriction rules permission?

boabjohn’s picture

G'Day @typhonius,
Good idea to check the perms (I had not thought to do that) but there was nothing unexpected: no roles are able to bypass (ie, all permissions are empty in the config).
Is there some relatively simple way I could investigate further?
Sorry to present you with a mystery...maybe I'm a good test case for missing the obvious?
Kind regards,
JB

boabjohn’s picture

Ahhh...looks like maybe the obvious is being revealed...I had a slower look again and this time noticed that the spam emails, when copied from the Admin>User table, can easily include a trailing space.
Since I've re-done my Rules several times now I'm not sure if the failing rules did or did not include the trailing space.
I suspect that User Restrictions is faithfully counting the trailing space as a valid character, and thus failing to match on the trimmed version of the mail domain.
So I've set up two rules now: one with trailing space and one without. And it looks like the module is denying applications as expected.
Thanks for your help!
I'll mark this Closed now...not sure if it's worth making an issue out of the "trailing space trap for the unwary"...
Great module. Much appreciated.
Kind regards,
JB

boabjohn’s picture

Status: Postponed (maintainer needs more info) » Closed (works as designed)
adammalone’s picture

Status: Closed (works as designed) » Needs work

I'm actually going to reopen this and set to needs work. Drupal, by default, does some trimming of whitespace when usernames and emails are saved so I don't see why we shouldn't do that also.

jking1224’s picture

I'd have to agree with original post. I am trying to deny specific email domains and they continue to be creating freely. Using the est feature at the bottom of the rules list, it easily allows domains I am attempting to block.
Drupal version 7.32
User restrictions: 7.x-1.0

A rule of "Deny", email mask: %@mail.ru
and users with that email are still created.

adammalone’s picture

@jking1224 I'm not able to replicate this. Are you running something other than the standard Drupal login/registration form?

kaztur’s picture

+1
Email patterns like:
%@hotmail.com
%@outlook.com

bypass the chek and users with these email are in site.

adammalone’s picture

Status: Needs work » Postponed (maintainer needs more info)

@kaztur can these users log in or do they just exist on the site? Are you using the standard Drupal log in form or an alternate?

kaztur’s picture

@typhonius, sorry for poor information!

These users are new. Updating info is that these users cann't register in standard register form, but bypass the check in node create form with inline_registration module.

adammalone’s picture

@kaztur thanks for this. I'd recommend creating an issue against that project as well where we can work out the best method of supporting each other. This may mean that the inline registration module implements a user register form in a more standard way that user restrictions expects.

kaztur’s picture

@typhonius, thank You! I have created issue in inline registration module issue queue.

jking1224’s picture

FileSize
180.04 KB

I am using Drupal with Panopoly install profile. I believe it uses standard Drupal login / registration form.

Even when I go to the User Restrictions UI and use the "Check Rules" at the bottom, it says a denied address is allowed. See photo.

adammalone’s picture

Super weird. I just spun up Panopoly & User Restrictions latest versions on simplytest.me and got the opposite result (screenshot attached)

jking1224’s picture

It seems that OP, kaztur and I still have the issue which implies its a valid problem. I am not a coder and can't apply git patches.

Is there some lines of code I could add such as watchdog calls to log variable values or something? If you tell me line numbers, file names and some code, I can edit and test.

I agree its possible some other module I have running is causing the problem. I'm willing to edit and investigate to get "needs more info".

Help me to help you to help us.

howdytom’s picture

Any progress or fix on that? We are seeing increasing fake user registrations.

I am able to reproduce the issue. I've tried all kinds of combination e.g.

%@mail.ru
%mail.ru
mail.ru

None of them are working. This looks like a serious bug in User restrictions module and makes it almost unusable.

adammalone’s picture

Status: Postponed (maintainer needs more info) » Closed (outdated)