|
|
|
|
|
|
by decremental
634 days ago
|
|
|
Use Cloudflare's Turnstile captcha. It's leagues ahead of Google's or hCaptcha. Users never have to click on stupid images, and it works great. You're not going to be able to stop people manually signing up but depending on how they're doing it, you might curb some of it. These guys have loads of email addresses and can just use a VPN to switch to a new IP in seconds. Often accompanied with a completely fresh browser session that you're going to have a hard or impossible time correlating with past attempts. Parse the domain portion of the email address and check that against a blacklist of throwaway and fishy email domains. Manually blacklist domains as needed. You can find blacklists hosted on GitHub. Use the Public Suffix List to parse the domain to make sure you don't accidentally ban an entire obscure TLD. Parse down the email domain to remove any subdomain when checking against the blacklist. If you're really serious, you can use an API provided by SendGrid to check for suspicious email addresses. You can also look into MaxMind minFraud. Ban IP addresses. Not every spammer is highly sophisticated and sometimes a single, fixed IP will be responsible for many spam attempts spanning months at a time. Devise a way to fingerprint browers. This can be as simple as a random hash set to some innocuous cookie name. Ban offenders by those too. It's not always going to work but a lot of spammers aren't terribly sophisticated and you'll be able to catch them even if they're IP hopping. |
|
|
Is that the one that sends you into an endless loop while on a 3g connection?