Ask HN: Sign up form abuse – reasons for this and ways to prevent?
The sign up form for a service I maintain has received about 130 spammy submissions per day over the past 30 days.
Submitting the form sends a confirmation email; having this abused was something I needed to stop.
I'd like to figure out why it may have occurred and what I could do/could have done to prevent it.
The form has fields for email, choice of password and a choice of account plan. Minimal and pretty common.
My best guess as to why: malicious user(s)/bots are submitting stolen email/password credentials having mistaken the sign up form for a sign in form and are hoping to see if any credentials work.
Steps taken to mitigate: - honeypot form field for preventing bots (seemingly ineffective) - integrate with api.stopforumspam.com/api, reject IPs deemed untrustworthy (so far seems effective)
Any other thoughts on why this might happen and what can be done to prevent such abuse?
No comments yet.