Ask HN: Sign up form abuse – reasons for this and ways to prevent?
1 point by webignition 6 years ago | 0 commentsSubmitting the form sends a confirmation email; having this abused was something I needed to stop.
I'd like to figure out why it may have occurred and what I could do/could have done to prevent it.
The form has fields for email, choice of password and a choice of account plan. Minimal and pretty common.
My best guess as to why: malicious user(s)/bots are submitting stolen email/password credentials having mistaken the sign up form for a sign in form and are hoping to see if any credentials work.
Steps taken to mitigate: - honeypot form field for preventing bots (seemingly ineffective) - integrate with api.stopforumspam.com/api, reject IPs deemed untrustworthy (so far seems effective)
Any other thoughts on why this might happen and what can be done to prevent such abuse?