What keywords to reserve?

[PlanetCloud]

Hi, when we allow users to signup with our subdomain, they can pick quite dangerous subdomains such as "support" or "admin". This may cause confusion and or be used as a weapon to attack other clients, making them think that they're actually the authority from the hosting provider.

Such keywords should therefore be reserved. Question is...
What other keywords should we reserve in order to protect business integrity and our clients?

Here's what I got so far:
support, help, api, app, system, admin, team, administration, mail, mailer, cpanel, control, auth

*Note: I'm not trying to blacklist swear words

[PlanetCloud]

2 minutes ago, BastelPichi said:

cpanel is already reserved, as theres the cpanel on it. Heres my list:

smtp, imap, webmail, signup, signin, vpanel
for api and app, isnt there a 4 letter minimum lenght for subdomains?

Oh the minimum is 4? Ah.. looks like there are a lot of things I've forgotten about these.

Thank you for reminding me and for your input.

EDIT: Current list:

$reservedKeywords = ['support', 'help', 'api', 'app', 'system', 'admin', 'team', 'administration', 'mail', 'mailer', 'cpanel', 'control', 'auth', 'smtp', 'imap', 'webmail', 'signup', 'signin', 'vpanel', 'register', 'login'];

The 3 character ones are still included just in case..

Edited April 26, 2022 by PlanetCloud

[TinkerMan]

"webmail" "email"

[MS-DOS]

Hi,

Yes these subdomains should be blocked CMS like WHMCS offer this option we can on our side moderate that but the registration form is not they should add it

[Dimitris]

I would suggest to add the keywords 'forum', 'panel', 'server', 'phpmyadmin', 'client', 'tutorials', 'blog' and 'staff'  

[Dimitris]

40 minutes ago, BastelPichi said:

When we are done with this, why dont ask the support to blacklist these?

Well it's both a good and a bad idea.

A good one as it won't allow users to use those subdomains because even if you restrict them at signup they can be added later in vPanel bypassing all reserved keywords.

However, the hosting account for reseller domains is a normal free hosting one so that would not let resellers as well use these keywords for subdomains unless iFastNet develops some kind of future inside MOFH admin panel to assign such domains to a free hosting account.

[TinkerMan]

1 hour ago, Dimitris said:

they can be added later in vPanel bypassing all reserved keywords.

Cant you create some sort of JS check? I know it can be overridden, but….

 

and you can also be calling “getUserDomains” in your client area, and have it create a flag for you if a reserved keyword is used, then you (as a reseller) can check the account periodically for phishing content. 

[Dimitris]

17 minutes ago, TinkerMan said:

Cant you create some sort of JS check? I know it can be overridden, but….

 

and you can also be calling “getUserDomains” in your client area, and have it create a flag for you if a reserved keyword is used, then you (as a reseller) can check the account periodically for phishing content. 

That's actually the best idea I believe. Good one!

[PlanetCloud]

11 hours ago, MS-DOS said:

Hi,

Yes these subdomains should be blocked CMS like WHMCS offer this option we can on our side moderate that but the registration form is not they should add it

Hmm, do we have to configure what to blacklist or is there a default list that are automatically blacklisted? If so, can you send the list here?

Here's the current list:

$reservedKeywords = ['support', 'help', 'api', 'app', 'system', 'admin', 'team', 'administration', 'mail', 'mailer', 'cpanel', 'control', 'auth', 'smtp', 'imap', 'webmail', 'signup', 'signin', 'vpanel', 'register', 'login', 'forum', 'panel', 'server', 'phpmyadmin', 'client', 'tutorials', 'tutorial', 'blog', 'staff', 'dash', 'status', 'dashboard', 'manage', 'server', 'root', 'client-area'];

 

[PlanetCloud]

Is it smart to just add these subdomains under the main reseller account?

[Dimitris]

9 minutes ago, PlanetCloud said:

Is it smart to just add these subdomains under the main reseller account?

Well it depends on whether you're gonna use the subdomains or not. I'd suggest to add only the subdomains that you're gonna use in the main reseller account (so you don't get lost in a long list of subdomains) and maybe create a second one for the reserved ones

[PlanetCloud]

I see, good idea. Maybe a script to register all these would also come in handy

[Bleep Bloop]

I wont mind blocking swear or slang words to protect my reputation. Or getting suspended by ICANN lol

[MS-DOS]

9 hours ago, PlanetCloud said:

Hmm, devons-nous configurer ce qu’il faut mettre sur liste noire ou existe-t-il une liste par défaut qui est automatiquement mise sur liste noire? Si oui, pouvez-vous envoyer la liste ici?

Voici la liste actuelle :

$reservedKeywords = ['support', 'help', 'api', 'app', 'system', 'admin', 'team', 'administration', 'mail', 'mailer', 'cpanel', 'control', 'auth', 'smtp', 'imap', 'webmail', 'signup', 'signin', 'vpanel', 'register', 'login', 'forum', 'panel', 'server', 'phpmyadmin', 'client', 'tutorials', 'tutorial', 'blog', 'staff', 'dash', 'status', 'dashboard', 'manage', 'server', 'root', 'client-area'];

 

There is no default list, it is up to us to put it

Edited April 27, 2022 by MS-DOS

[Dimitris]

23 minutes ago, MS-DOS said:

‎There is no default list, it's up to us to put it‎

Correct. But please type in English

[TinkerMan]

14 hours ago, Dimitris said:

That's actually the best idea I believe. Good one!

Thanks!

[TinkerMan]

9 hours ago, PlanetCloud said:

Here's the current list:

Maybe add “dash” as well (CFClient area subdomain) 

[PlanetCloud]

On 4/27/2022 at 5:10 PM, Bleep Bloop said:

I wont mind blocking swear or slang words to protect my reputation. Or getting suspended by ICANN lol

Yes I know this may be a good idea but this is outside the scope of this topic I believe as if we are just trying to secure the most "authoritative" subdomains so our clients won't get tricked/phished/scammed/anything bad.

But I would keep that in mind and I think optionally we can block swear/slang words as well but that would be a very, very long list

 

[TinkerMan]

31 minutes ago, PlanetCloud said:

but that would be a very, very long list

Wrong. It would be a very, very, very long list. 

[PlanetCloud]

4 hours ago, BastelPichi said:

Would be possible if you just add it to your client area as filter, I bet there are swear word detection apis out there. (You can easely create accounts even if the signup form isnt there anymore, but that would scare off most people...)

Also maybe add cdn to the list.

Yes, but I dont think I should limit that or rely on another 3rd party. However Ill consider.