I've been toying with the idea of creating a new plugin for Moodle that will...
- Block new user signups where there is a domain on a list like the one provided here... https://github.com/disposable/disposable-email-domains
- Check the project honeypot http blacklist for IP addresses and block users from signing up if the IP is on the list, or warn admins of suspicious signups.
- Same as above for stopforumspam based on the combination of username, IP and email address.
- Block new user signups where the email address can be found using something like the haveibeenpwned API or something similar, or warn the users at the point of signup.
- Have a scheduled task that could check user accounts periodically and either email the users reminding them to change their password or force them to change their password.
- Provide admin reports for the above, possible options to do things like reset users passwords who are on the list.
- Site admins should be able to enable the various options above depending on how strict they want to be.
Thinking this might be an admin tool and could implement the pre_signup_requests and/or check_password_policy callbacks maybe (not sure if there are any appropriate hooks yet.
I can't see anything that exists already to do all of the above, does anyone have any thoughts? Would this be something you'd find useful?
