Yes, they may or may not. Until it happens it’s just a theoretical problem. Most of the time this is all automated spam, so it’s unlikely to happen unless another bot targets you.
You may also disable email signup and restrict to social logins (Twitter, Facebook, Google, Github, etc) which doesn’t send emails for new accounts.
@codinghorror Yes, after blocking this mail address, the spamer will change to another address like @126.com, @gmail.com, @icloud.com and continue signup new users with bot.
Seems these signups are coming from the same IP address ? Something would probably need to be done there. Block an IP address after x signups during a certain time frame ? Or forbid another signup from an identical IP address for some time ?
Wow, seems they really want to create some accounts on your forum Are they using them ? Or keeping them to spam later ? What’s their goal here ? (just curious)
Then a CAPTCHA indeed seems what you need (I’m sorry, I cannot help you on that subject)
Sorry, we don’t see this severe of a problem with signups / registrations across any of our hosting, or any self-installed sites I know of? Is there something wrong with your configuration?
Not configuration issue. It’s a kind of spam by someone I think.
Discourse needn’t CAPTCHA before sending the verification email in sign up process. So everyone can generate many fake email addresses to auto signup with program and disrupt the community.
Right but these accounts are never activated (no user clicks the link in the email sent to verify the email address), and Discourse deletes unactivated accounts after 7 days by default. So ultimately this does nothing for the “spammer”.
Right. But they will fill up the email server. For example, I have a limited email server plan and I can only send 200 mails per day. The spam made me exceed the limited yesterday, so I have to pay a lot money to the email server.