Jump to content
TheTechLounge

Subdomain Registration Issue

Recommended Posts

Hi,

We have had a couple of people attempt to buy a hosting package with a subdomain of our domain.

Example: We own domain.com, two people have attempted to sign up for a package and register subdomain.domain.com.

Now this obviously fails as they don't pay for the package and we cancel the order, but how do I prevent them from doing it in the first place.


The only way I have been able to replicate this behaviour in WHMCS is if I select the I will use my existing domain and update my name servers option and enter the subdomain there.

We have Blocked the registration of existing domains within the ordering section and in WHM > Tweak Settings >  Allow users to park subdomains of the server’s hostname and Allow resellers to create accounts with subdomains of the server’s hostname are all disallowed.

Share this post


Link to post
Share on other sites
52 minutes ago, TheTechLounge said:

The only way I have been able to replicate this behaviour in WHMCS is if I select the I will use my existing domain and update my name servers option and enter the subdomain there.

well if that's how they're doing it, you might need to add some validation to the TLD field that prevents them from entering your domain in that box...

G9hooLn.png

<input type="text" id="owndomaintld" value="{$tld|substr:1}" pattern="^((?!thetechlounge.co.uk).)*$" oninvalid="this.setCustomValidity('Do not enter thetechlounge.co.uk')" oninput="setCustomValidity('')" placeholder="com" class="form-control" autocapitalize="none"/>

i'm assuming you're using a modified Modern orderform template... though that pattern validation technique should work on any recent template.

if they try to use a dot in the sld section, existing validation should already prevent that.

1 hour ago, TheTechLounge said:

We have Blocked the registration of existing domains within the ordering section

that's a flaky function at the best of times - though wouldn't be relevant in this case as they are not registering a domain, but using an existing one.

  • Like 1

Share this post


Link to post
Share on other sites

Not alone, we had the same thing the other day.

 

Someone buying a subdomain of our domain... 

 

As you say not paid for. Ip Blocked and order deleted. Not seen another one since. 

Share this post


Link to post
Share on other sites

A very good and valiable tip from Brian which works also into new 7.4.2.

but brian it's not wotking when fraud client set this case

if he try this option system proceed to next step

 

Screenshot-2018-2-13.png

Edited by ody
add more text

Share this post


Link to post
Share on other sites
55 minutes ago, ody said:

A very good and valiable tip from Brian which works also into new 7.4.2.

which is what I tested it on. :idea:

55 minutes ago, ody said:

but brian it's not working when fraud client set this case

that's correct - the above code only checks the TLD... which in your case is fine as .net is legit.

if you wanted to prevent them attempting to use unwanted characters in that box (e.g  adding . to use a subdomain of "their" domain), and only allow letters, numbers _ and - in the SLD, then you could use the code below...

<input type="text" id="owndomainsld" value="{$sld}" placeholder="{$LANG.yourdomainplaceholder}" class="form-control" pattern="[a-zA-Z0-9_-]+" oninvalid="this.setCustomValidity('Do not use subdomains')" oninput="setCustomValidity('')" autocapitalize="none" data-toggle="tooltip" data-placement="top" data-trigger="manual" title="{lang key='orderForm.enterDomain'}" />

57H0ex5.png

just remember to adjust the error message to something more appropriate. :idea:

 

Share this post


Link to post
Share on other sites

As far we've check this also works but as we test it we can't cover both cases

as we test you have to choose one of them 1. MasterDomain or 2. Subdomain

Share this post


Link to post
Share on other sites
5 minutes ago, ody said:

As far we've check this also works but as we test it we can't cover both cases

as we test you have to choose one of them 1. MasterDomain or 2. Subdomain

i'm not sure I follow - the above will prevent them from entering dsafs.masterdomain .... are you saying you want them to be able to enter subdomains of their domain in that box ?

Share this post


Link to post
Share on other sites

No we don't mention that,

you give a solution to TheTechLounge for to avoid clients to do not create-orders with Masterdomain which works

then we add our query for how to avoid also (fake subdomain or onto MasterDomain) in which you add your new code which also works

what we mention is that,

we try to create one code for both cases but only one works as like

Quote

<input type="text" id="owndomaintld" value="{$tld|substr:1}" value="{$sld}" pattern="^((?!masterdomain.net).)*$" pattern="[a-zA-Z0-9_-]+" oninvalid="this.setCustomValidity('Do not use subdomains Or Do not enter masterdomain.net')" oninput="setCustomValidity('')" placeholder="com" class="form-control" autocapitalize="none"/>   

 

Edited by ody
add text

Share this post


Link to post
Share on other sites

Sorry It works, we try to solve with one only code entry

Thank you Brian

Share this post


Link to post
Share on other sites
1 hour ago, ody said:

you give a solution to TheTechLounge for to avoid clients to do not create-orders with Masterdomain which works

then we add our query for how to avoid also (fake subdomain or onto MasterDomain) in which you add your new code which also works

but they're two separate form fields, so the above masterdomain code handles the first, the techlounge code handles the second...

<div class="col-xs-7">
<input type="text" id="owndomainsld" value="{$sld}" placeholder="{$LANG.yourdomainplaceholder}" class="form-control" pattern="[a-zA-Z0-9_-]+" oninvalid="this.setCustomValidity('Please use valid alphanumeric characters')" oninput="setCustomValidity('')" autocapitalize="none" data-toggle="tooltip" data-placement="top" data-trigger="manual" title="{lang key='orderForm.enterDomain'}" />
</div>
<div class="col-xs-3">
<input type="text" id="owndomaintld" value="{$tld|substr:1}" placeholder="{$LANG.yourtldplaceholder}" class="form-control" pattern="^((?!3-www.net).)*$" oninvalid="this.setCustomValidity('Do not enter 3-www.net')" oninput="setCustomValidity('')" autocapitalize="none" data-toggle="tooltip" data-placement="top" data-trigger="manual" title="{lang key='orderForm.required'}" />
</div>

HjWujQm.png

OLHSL17.png

Share this post


Link to post
Share on other sites

Yes, It's all works FINE!

we had a fraud case today.

Thank you, again!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.

×

Important Information

By using this site, you agree to our Terms of Use & Guidelines