PlanetCloud Posted April 26, 2022 Share Posted April 26, 2022 Hi, when we allow users to signup with our subdomain, they can pick quite dangerous subdomains such as "support" or "admin". This may cause confusion and or be used as a weapon to attack other clients, making them think that they're actually the authority from the hosting provider. Such keywords should therefore be reserved. Question is... What other keywords should we reserve in order to protect business integrity and our clients? Here's what I got so far: support, help, api, app, system, admin, team, administration, mail, mailer, cpanel, control, auth *Note: I'm not trying to blacklist swear words Quote Link to comment Share on other sites More sharing options...
PlanetCloud Posted April 26, 2022 Author Share Posted April 26, 2022 (edited) 2 minutes ago, BastelPichi said: cpanel is already reserved, as theres the cpanel on it. Heres my list: smtp, imap, webmail, signup, signin, vpanel for api and app, isnt there a 4 letter minimum lenght for subdomains? Oh the minimum is 4? Ah.. looks like there are a lot of things I've forgotten about these. Thank you for reminding me and for your input. EDIT: Current list: $reservedKeywords = ['support', 'help', 'api', 'app', 'system', 'admin', 'team', 'administration', 'mail', 'mailer', 'cpanel', 'control', 'auth', 'smtp', 'imap', 'webmail', 'signup', 'signin', 'vpanel', 'register', 'login']; The 3 character ones are still included just in case.. Edited April 26, 2022 by PlanetCloud Quote Link to comment Share on other sites More sharing options...
TinkerMan Posted April 26, 2022 Share Posted April 26, 2022 "webmail" "email" Quote Link to comment Share on other sites More sharing options...
MS-DOS Posted April 26, 2022 Share Posted April 26, 2022 Hi, Yes these subdomains should be blocked CMS like WHMCS offer this option we can on our side moderate that but the registration form is not they should add it Quote Link to comment Share on other sites More sharing options...
Dimitris Posted April 26, 2022 Share Posted April 26, 2022 I would suggest to add the keywords 'forum', 'panel', 'server', 'phpmyadmin', 'client', 'tutorials', 'blog' and 'staff' Quote Link to comment Share on other sites More sharing options...
Dimitris Posted April 26, 2022 Share Posted April 26, 2022 40 minutes ago, BastelPichi said: When we are done with this, why dont ask the support to blacklist these? Well it's both a good and a bad idea. A good one as it won't allow users to use those subdomains because even if you restrict them at signup they can be added later in vPanel bypassing all reserved keywords. However, the hosting account for reseller domains is a normal free hosting one so that would not let resellers as well use these keywords for subdomains unless iFastNet develops some kind of future inside MOFH admin panel to assign such domains to a free hosting account. Quote Link to comment Share on other sites More sharing options...
TinkerMan Posted April 26, 2022 Share Posted April 26, 2022 1 hour ago, Dimitris said: they can be added later in vPanel bypassing all reserved keywords. Cant you create some sort of JS check? I know it can be overridden, but…. and you can also be calling “getUserDomains” in your client area, and have it create a flag for you if a reserved keyword is used, then you (as a reseller) can check the account periodically for phishing content. Quote Link to comment Share on other sites More sharing options...
Dimitris Posted April 26, 2022 Share Posted April 26, 2022 17 minutes ago, TinkerMan said: Cant you create some sort of JS check? I know it can be overridden, but…. and you can also be calling “getUserDomains” in your client area, and have it create a flag for you if a reserved keyword is used, then you (as a reseller) can check the account periodically for phishing content. That's actually the best idea I believe. Good one! Quote Link to comment Share on other sites More sharing options...
PlanetCloud Posted April 27, 2022 Author Share Posted April 27, 2022 11 hours ago, MS-DOS said: Hi, Yes these subdomains should be blocked CMS like WHMCS offer this option we can on our side moderate that but the registration form is not they should add it Hmm, do we have to configure what to blacklist or is there a default list that are automatically blacklisted? If so, can you send the list here? Here's the current list: $reservedKeywords = ['support', 'help', 'api', 'app', 'system', 'admin', 'team', 'administration', 'mail', 'mailer', 'cpanel', 'control', 'auth', 'smtp', 'imap', 'webmail', 'signup', 'signin', 'vpanel', 'register', 'login', 'forum', 'panel', 'server', 'phpmyadmin', 'client', 'tutorials', 'tutorial', 'blog', 'staff', 'dash', 'status', 'dashboard', 'manage', 'server', 'root', 'client-area']; Quote Link to comment Share on other sites More sharing options...
PlanetCloud Posted April 27, 2022 Author Share Posted April 27, 2022 Is it smart to just add these subdomains under the main reseller account? Quote Link to comment Share on other sites More sharing options...
Dimitris Posted April 27, 2022 Share Posted April 27, 2022 9 minutes ago, PlanetCloud said: Is it smart to just add these subdomains under the main reseller account? Well it depends on whether you're gonna use the subdomains or not. I'd suggest to add only the subdomains that you're gonna use in the main reseller account (so you don't get lost in a long list of subdomains) and maybe create a second one for the reserved ones Quote Link to comment Share on other sites More sharing options...
PlanetCloud Posted April 27, 2022 Author Share Posted April 27, 2022 I see, good idea. Maybe a script to register all these would also come in handy Quote Link to comment Share on other sites More sharing options...
Bleep Bloop Posted April 27, 2022 Share Posted April 27, 2022 I wont mind blocking swear or slang words to protect my reputation. Or getting suspended by ICANN lol Quote Link to comment Share on other sites More sharing options...
MS-DOS Posted April 27, 2022 Share Posted April 27, 2022 (edited) 9 hours ago, PlanetCloud said: Hmm, devons-nous configurer ce qu’il faut mettre sur liste noire ou existe-t-il une liste par défaut qui est automatiquement mise sur liste noire? Si oui, pouvez-vous envoyer la liste ici? Voici la liste actuelle : $reservedKeywords = ['support', 'help', 'api', 'app', 'system', 'admin', 'team', 'administration', 'mail', 'mailer', 'cpanel', 'control', 'auth', 'smtp', 'imap', 'webmail', 'signup', 'signin', 'vpanel', 'register', 'login', 'forum', 'panel', 'server', 'phpmyadmin', 'client', 'tutorials', 'tutorial', 'blog', 'staff', 'dash', 'status', 'dashboard', 'manage', 'server', 'root', 'client-area']; There is no default list, it is up to us to put it Edited April 27, 2022 by MS-DOS Quote Link to comment Share on other sites More sharing options...
Dimitris Posted April 27, 2022 Share Posted April 27, 2022 23 minutes ago, MS-DOS said: There is no default list, it's up to us to put it Correct. But please type in English Quote Link to comment Share on other sites More sharing options...
TinkerMan Posted April 27, 2022 Share Posted April 27, 2022 14 hours ago, Dimitris said: That's actually the best idea I believe. Good one! Thanks! Quote Link to comment Share on other sites More sharing options...
TinkerMan Posted April 27, 2022 Share Posted April 27, 2022 9 hours ago, PlanetCloud said: Here's the current list: Maybe add “dash” as well (CFClient area subdomain) Quote Link to comment Share on other sites More sharing options...
PlanetCloud Posted April 29, 2022 Author Share Posted April 29, 2022 On 4/27/2022 at 5:10 PM, Bleep Bloop said: I wont mind blocking swear or slang words to protect my reputation. Or getting suspended by ICANN lol Yes I know this may be a good idea but this is outside the scope of this topic I believe as if we are just trying to secure the most "authoritative" subdomains so our clients won't get tricked/phished/scammed/anything bad. But I would keep that in mind and I think optionally we can block swear/slang words as well but that would be a very, very long list Quote Link to comment Share on other sites More sharing options...
TinkerMan Posted April 29, 2022 Share Posted April 29, 2022 31 minutes ago, PlanetCloud said: but that would be a very, very long list Wrong. It would be a very, very, very long list. Quote Link to comment Share on other sites More sharing options...
PlanetCloud Posted April 29, 2022 Author Share Posted April 29, 2022 4 hours ago, BastelPichi said: Would be possible if you just add it to your client area as filter, I bet there are swear word detection apis out there. (You can easely create accounts even if the signup form isnt there anymore, but that would scare off most people...) Also maybe add cdn to the list. Yes, but I dont think I should limit that or rely on another 3rd party. However Ill consider. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.