I used to have this spam signup problem on my personal forum too but it has slowed down quite a bit. Now I only get one or two or max (like today) 5 a day. Diligently deleting spam accounts and adding to block lists seems to do the trick. I have “Staff must approve all new user accounts before they are allowed to access the site.” enabled which puts the new users in the handy new review queue so it takes just a moment to jam through them. Adding a custom question helps too in order to identify the obvious spammers.
On my work forum I use wp-discourse wordpress plugin and SSO, and have a very long signup form. We very rarely get spam signups that way.
You should also just remember that in such a case your own mail server can end up on a blacklist if too much form spam is distributed.
If the bot uses real addresses for registration, this can happen very quickly.
I have solved this by using an external nginx as a proxy for my discourse docker instance and monitoring the log file with fail2ban, i. e.:
This example means if anybody tries 3 times a registration within an hour from the same IP, then this IP is blocked for 12 hours.
Adjust this values for your purpose and system environment!
I get constant spam registrations from verified bots using gmail (gmail!) accounts, all of them from India. A few other domains too, but the gmail accounts are surprising.
Same here.
If they don’t post, they are inoffensive. New accounts of inactive users aren’t visible to visitors or regular users, and users’ profiles aren’t indexed; So these spam accounts are basically invisible to everyone but admins/mods, and will be removed automatically after a while thanks to the periodic cleanup sidekick job.
