In an effort to stop certain bad actors I’ve started to add blacklisted domain names in the settings:
The two that I added a few days ago link to one of the more well-used “burner” email sites,
But, this morning, I saw the same user was able to register and post via the
mvrht.net address that was blacklisted:
Possible that it’s not working as intended?
are you sure
mvrht.net doesn’t contain any leading/trailing space? It is something I will improve but at the moment it’s possible you added spaces without seeing it.
double-checked. no lead/trail.
apparently i can add it twice.
Can you repro this @jomaxro?
Did you change your configuration since you posted the bug report, because I can’t sign up at you site with an address from
Wild guess: Maybe we do not check the blacklist for every oauth provider.
Can you go to Admin -> Users, search for the user, click on it and look at the value of “Logins”? Does it list an oauth provider?
Nope. Went through a bunch of old users.
OK. Then I’m out of ideas.
Old users who predate the setting change won’t be affected. So if new signups can’t use the address, the feature is working as designed…
Changing this to “support” since we can’t repro the problem, and it is working on your own site as shown in the screenshot @gerhard posted.
I just tested this on try.discourse.org, adding
gmail.com to the blacklist and confirmed that I could not create a new account with my personal gmail. Also checked that Google and Facebook OAuth logins fail as well.
how to find a table (blacklist email) in data explorer?