Registrations temporarily disabled

[Red Squirrel]

We are being attacked by bots mass registering accounts, this is generating an influx in mail traffic which is starting to get us blacklisted. Disabling registrations until I can figure out a way to block these.

[drmrlordx]

Are new account registrations still disabled? Bot swarms suck.

[Red Squirrel]

Yeah it's still disabled for now. I need to completely redesign the registration process to have better validation steps before the email even goes out, so I can reduce mail traffic. Just been busy with other stuff, trying to race against time to finish lot of projects before winter comes.

I am looking at implementing a POW captcha that needs to be solved when submitting the initial form, something that is computational expensive that makes it harder for bots to mass register accounts.

I will also need to setup some sort of throttle on outgoing emails to ensure no event can cause a lot to go out at once to any given provider. I think these bots actually purposely do this so they can mess with IP reputation.

Worse case scenario I may look at geoblocking IP ranges, but I feel that's kinda futile as bots typically use proxies. I rarely see the same IP twice.