TheTechLounge Posted February 2, 2018 Share Posted February 2, 2018 Hi,We have had a couple of people attempt to buy a hosting package with a subdomain of our domain.Example: We own domain.com, two people have attempted to sign up for a package and register subdomain.domain.com.Now this obviously fails as they don't pay for the package and we cancel the order, but how do I prevent them from doing it in the first place. The only way I have been able to replicate this behaviour in WHMCS is if I select the I will use my existing domain and update my name servers option and enter the subdomain there. We have Blocked the registration of existing domains within the ordering section and in WHM > Tweak Settings > Allow users to park subdomains of the server’s hostname and Allow resellers to create accounts with subdomains of the server’s hostname are all disallowed. Link to comment Share on other sites More sharing options...
brian! Posted February 2, 2018 Share Posted February 2, 2018 52 minutes ago, TheTechLounge said: The only way I have been able to replicate this behaviour in WHMCS is if I select the I will use my existing domain and update my name servers option and enter the subdomain there. well if that's how they're doing it, you might need to add some validation to the TLD field that prevents them from entering your domain in that box... <input type="text" id="owndomaintld" value="{$tld|substr:1}" pattern="^((?!thetechlounge.co.uk).)*$" oninvalid="this.setCustomValidity('Do not enter thetechlounge.co.uk')" oninput="setCustomValidity('')" placeholder="com" class="form-control" autocapitalize="none"/> i'm assuming you're using a modified Modern orderform template... though that pattern validation technique should work on any recent template. if they try to use a dot in the sld section, existing validation should already prevent that. 1 hour ago, TheTechLounge said: We have Blocked the registration of existing domains within the ordering section that's a flaky function at the best of times - though wouldn't be relevant in this case as they are not registering a domain, but using an existing one. 1 Link to comment Share on other sites More sharing options...
andrew_ct Posted February 3, 2018 Share Posted February 3, 2018 Not alone, we had the same thing the other day. Someone buying a subdomain of our domain... As you say not paid for. Ip Blocked and order deleted. Not seen another one since. Link to comment Share on other sites More sharing options...
ody Posted February 13, 2018 Share Posted February 13, 2018 (edited) A very good and valiable tip from Brian which works also into new 7.4.2. but brian it's not wotking when fraud client set this case if he try this option system proceed to next step Edited February 13, 2018 by ody add more text Link to comment Share on other sites More sharing options...
brian! Posted February 13, 2018 Share Posted February 13, 2018 55 minutes ago, ody said: A very good and valiable tip from Brian which works also into new 7.4.2. which is what I tested it on. 55 minutes ago, ody said: but brian it's not working when fraud client set this case that's correct - the above code only checks the TLD... which in your case is fine as .net is legit. if you wanted to prevent them attempting to use unwanted characters in that box (e.g adding . to use a subdomain of "their" domain), and only allow letters, numbers _ and - in the SLD, then you could use the code below... <input type="text" id="owndomainsld" value="{$sld}" placeholder="{$LANG.yourdomainplaceholder}" class="form-control" pattern="[a-zA-Z0-9_-]+" oninvalid="this.setCustomValidity('Do not use subdomains')" oninput="setCustomValidity('')" autocapitalize="none" data-toggle="tooltip" data-placement="top" data-trigger="manual" title="{lang key='orderForm.enterDomain'}" /> just remember to adjust the error message to something more appropriate. Link to comment Share on other sites More sharing options...
ody Posted February 13, 2018 Share Posted February 13, 2018 As far we've check this also works but as we test it we can't cover both cases as we test you have to choose one of them 1. MasterDomain or 2. Subdomain Link to comment Share on other sites More sharing options...
brian! Posted February 13, 2018 Share Posted February 13, 2018 5 minutes ago, ody said: As far we've check this also works but as we test it we can't cover both cases as we test you have to choose one of them 1. MasterDomain or 2. Subdomain i'm not sure I follow - the above will prevent them from entering dsafs.masterdomain .... are you saying you want them to be able to enter subdomains of their domain in that box ? Link to comment Share on other sites More sharing options...
ody Posted February 13, 2018 Share Posted February 13, 2018 (edited) No we don't mention that, you give a solution to TheTechLounge for to avoid clients to do not create-orders with Masterdomain which works then we add our query for how to avoid also (fake subdomain or onto MasterDomain) in which you add your new code which also works what we mention is that, we try to create one code for both cases but only one works as like Quote <input type="text" id="owndomaintld" value="{$tld|substr:1}" value="{$sld}" pattern="^((?!masterdomain.net).)*$" pattern="[a-zA-Z0-9_-]+" oninvalid="this.setCustomValidity('Do not use subdomains Or Do not enter masterdomain.net')" oninput="setCustomValidity('')" placeholder="com" class="form-control" autocapitalize="none"/> Edited February 13, 2018 by ody add text Link to comment Share on other sites More sharing options...
ody Posted February 13, 2018 Share Posted February 13, 2018 Sorry It works, we try to solve with one only code entry Thank you Brian Link to comment Share on other sites More sharing options...
brian! Posted February 13, 2018 Share Posted February 13, 2018 1 hour ago, ody said: you give a solution to TheTechLounge for to avoid clients to do not create-orders with Masterdomain which works then we add our query for how to avoid also (fake subdomain or onto MasterDomain) in which you add your new code which also works but they're two separate form fields, so the above masterdomain code handles the first, the techlounge code handles the second... <div class="col-xs-7"> <input type="text" id="owndomainsld" value="{$sld}" placeholder="{$LANG.yourdomainplaceholder}" class="form-control" pattern="[a-zA-Z0-9_-]+" oninvalid="this.setCustomValidity('Please use valid alphanumeric characters')" oninput="setCustomValidity('')" autocapitalize="none" data-toggle="tooltip" data-placement="top" data-trigger="manual" title="{lang key='orderForm.enterDomain'}" /> </div> <div class="col-xs-3"> <input type="text" id="owndomaintld" value="{$tld|substr:1}" placeholder="{$LANG.yourtldplaceholder}" class="form-control" pattern="^((?!3-www.net).)*$" oninvalid="this.setCustomValidity('Do not enter 3-www.net')" oninput="setCustomValidity('')" autocapitalize="none" data-toggle="tooltip" data-placement="top" data-trigger="manual" title="{lang key='orderForm.required'}" /> </div> Link to comment Share on other sites More sharing options...
ody Posted February 13, 2018 Share Posted February 13, 2018 Yes, It's all works FINE! we had a fraud case today. Thank you, again! Link to comment Share on other sites More sharing options...
Recommended Posts