Account Names Blacklist

I would save yourself the trouble and create a separate domain now for customer subdomains. The problem with your current path is that it is impossible to tell the difference between a 7sheep.net subdomain that is owned and operated by 7sheep and a subdomain that is owned and operated by a 3rd party.<p>For example, training.7sheep.net is an official subdomain, but I could create docs.7sheep.net and make it look like an official subdomain and request peoples account information or do other bad things. GitHub ran into the same problem when they started supporting GitHub pages. Originally these were subdomains off of github.com, but after all the spoofing and other issues they moved them all to github.io. This way you never need to create a list of &#x27;reserved&#x27; names and don&#x27;t need to worry about confusion down the road.<p>You can read about GitHub&#x27;s transition and reasoning at <a href="https://github.com/blog/1452-new-github-pages-domain-github-io" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;blog&#x2F;1452-new-github-pages-domain-github-...</a>.

What exactly did you try to google? &quot;username blacklist&quot; brings up some pretty good results for me. [1] It&#x27;s also worth searching github for similar blacklists. [2][3][4][5]<p>Overall, I&#x27;d advise against giving subdomains to users, too.<p>[1] <a href="http://www.quora.com/How-do-sites-prevent-vanity-URLs-from-colliding-with-future-features" rel="nofollow">http:&#x2F;&#x2F;www.quora.com&#x2F;How-do-sites-prevent-vanity-URLs-from-c...</a> [2] <a href="https://encrypted.google.com/search?hl=en&amp;q=search%20github%20by%20filename#hl=en&amp;q=subdomain+blacklist.txt+site:github.com" rel="nofollow">https:&#x2F;&#x2F;encrypted.google.com&#x2F;search?hl=en&amp;q=search%20github%...</a> [3] <a href="https://github.com/nccgroup/typofinder/blob/f0fe2ac4e5181746cf85412c39333be8a83f7896/TypoMagic/datasources/subdomains.txt" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;nccgroup&#x2F;typofinder&#x2F;blob&#x2F;f0fe2ac4e5181746...</a> [4] <a href="https://github.com/sandeepshetty/subdomain-blacklist/blob/master/subdomain-blacklist.txt" rel="nofollow">https:&#x2F;&#x2F;github.com&#x2F;sandeepshetty&#x2F;subdomain-blacklist&#x2F;blob&#x2F;ma...</a> [5] <a href="https://gist.github.com/artgon/5366868" rel="nofollow">https:&#x2F;&#x2F;gist.github.com&#x2F;artgon&#x2F;5366868</a>

The separation of domain names is a very good idea. Thanks for pointing that out.

There&#x27;s just too many you haven&#x27;t thought of:<p>login promotion promo secure legal terms bonus free contact<p>Or how about mispellings good for phishing?<p>biling biIIing<p>etc etc

It&#x27;s a noble effort, but malicious actors will always be more imaginative than you. Think about Unicode characters - there are all sorts of glyphs that <i>look</i> the same as, say, the &#x27;c&#x27; in &#x27;accounts&#x27; when presented in a user&#x27;s address bar.<p>Pay very great heed to the people advising a separate domain for user generated names.

Just to let you know that your feature section is really bad :( I was really interested in knowing what you offer best, but I lost track of the ones I already clicked and.. it&#x27;s boring to click so much.<p>Sometimes a scrolling page just works :)

bunkat is right, a blacklist approach is doomed to fail.<p>Amusingly, you missed &quot;www&quot; off your blacklist. I just created an account to test it. Luckily it hasn&#x27;t hijacked your main site - but I also can&#x27;t use my account :)

It may also be worth using a profanity filter - in multiple languages.<p>Or, depending on volume, having manual validation of names.<p>Do you really want porn.7sheep.net?

May I ask why github is blacklisted - what if github wants to sign up? I think git should be added to the blacklist however, maybe you got the 2 mixed up?

Why do users need their own subdomains at all?