-2

I have a very specific requirement to stop bots attacking my site. They are joining and registering with email addresses of the form:

[first_name][numbers]@hotmail.com

e.g. samuel7348@hotmail.com

Can someone please give me the regex to match this so I can block them at registration?

halfer
  • 19,824
  • 17
  • 99
  • 186
Sean H
  • 1,045
  • 1
  • 14
  • 32
  • 3
    You are going to block legitimate users as well. Have you considered implementing a honeypot? See link - http://stackoverflow.com/questions/8873961/how-do-i-add-honey-pot-fields-to-my-forms – Mike Brant Mar 21 '14 at 23:13
  • What @MikeBrant said. Go for a honeypot, and/or implement a [simple CAPTCHA](http://stackoverflow.com/questions/15798918/what-is-the-best-method-to-prevent-a-brute-force-attack/15799289#15799289). With your current approach you might as well just block hotmail entirely. – Sammitch Mar 21 '14 at 23:16
  • I use captcha's for my websites. With a little research you can build your own captcha system or you could implement someobody else's system. Regardless, captchas are a great solution that will stop bots, but not stop real users with the "lettersNumbers@hotmail.com" You might also consider looking into a list of blacklisted ip addresses and adding a script to check those against the ip accessing your page. – Spencer D Mar 21 '14 at 23:20
  • Since thats the standard format for basically all emails on popular freemail services - you're going to catch almost everyone using hotmail with your example/request. – AD7six Mar 21 '14 at 23:21
  • Why not double opt-in? – CD001 Mar 22 '14 at 00:10

1 Answers1

1

Try this -

^[a-zA-Z]+[0-9]+@hotmail\.com$

Demo here.

Kamehameha
  • 5,423
  • 1
  • 23
  • 28
  • `some.day.ill.be.saturday.night1995@hotmail.com` – salathe Mar 21 '14 at 23:14
  • 1
    @salathe but the question was for [first_name][numbers]. It was only for that specific requirement. – Kamehameha Mar 21 '14 at 23:15
  • @Kamehameha, indeed... my point exactly. Your regex matches my email address, when it shouldn't. – salathe Mar 21 '14 at 23:16
  • Kamehama thanks but it's not working. I've put this in: `} elseif (preg_match('[a-zA-Z]+[0-9]+@hotmail\.com',$user_email)) { $json_api->error('Please try again later.'); }` but it's still allowing them in. any ideas? – Sean H Mar 21 '14 at 23:19
  • @Seano try it with the anchors.I have just edited it. – Kamehameha Mar 21 '14 at 23:20
  • 3
    @seano, you need delimiters (`/`) in the regex, like so, `preg_match('/[a-zA-Z]+[0-9]+@hotmail\.com/',$user_email)' – Bryan Elliott Mar 21 '14 at 23:23
  • 2
    As many here have already suggested, I would highly discourage you from using this regex. It will block MANY, MANY legitimate users from registering. It is extremely common to have an email address of `somename followed by numbers@hotmail.com` – Bryan Elliott Mar 21 '14 at 23:33
  • MElliot that worked thanks. As I said this is just a stopgap measure to stop the bots immediately. I'm now going to look into honeypots as a more robust long term solution. thanks all. – Sean H Mar 22 '14 at 00:17
  • Just wanted to say thanks guys for responding so quickly. I kild teh botz! It's actually an iPhone app and the app is live so I had to make changes in the API. Now looking at honey pots for iOS in our next release. Thanks guys. – Sean H Mar 22 '14 at 09:37