Anything Forums

We are being attacked by bots mass registering accounts, this is generating an influx in mail traffic which is starting to get us blacklisted. Disabling registrations until I can figure out a way to block these.

Are new account registrations still disabled? Bot swarms suck.

Yeah it's still disabled for now. I need to completely redesign the registration process to have better validation steps before the email even goes out, so I can reduce mail traffic. Just been busy with other stuff, trying to race against time to finish lot of projects before winter comes.

I am looking at implementing a POW captcha that needs to be solved when submitting the initial form, something that is computational expensive that makes it harder for bots to mass register accounts.

I will also need to setup some sort of throttle on outgoing emails to ensure no event can cause a lot to go out at once to any given provider. I think these bots actually purposely do this so they can mess with IP reputation.

Worse case scenario I may look at geoblocking IP ranges, but I feel that's kinda futile as bots typically use proxies. I rarely see the same IP twice.

I got lazy/busy with other stuff so did not look at this yet but I did not forget about it.

I still have not sent a mass email to all original members yet, but need to sort out email server reputation before I do that...

I fixed this by changing the captcha order and enabled registrations again. I don't remember why I had the captcha AFTER the email validation, but it probably makes sense to have it BEFORE. So when registering an account it submits, but requires to do a captcha separately after, before it sends the validation email. I'm hoping this step reduces the email traffic.

The captcha can be defeated by bots though so I have a few other ideas in mind that I will implement, but going to monitor this as-is just to see how well it works.