How to prevent registration spam

I used to have this spam signup problem on my personal forum too but it has slowed down quite a bit. Now I only get one or two or max (like today) 5 a day. Diligently deleting spam accounts and adding to block lists seems to do the trick. I have “Staff must approve all new user accounts before they are allowed to access the site.” enabled which puts the new users in the handy new review queue so it takes just a moment to jam through them. Adding a custom question helps too in order to identify the obvious spammers.

On my work forum I use wp-discourse wordpress plugin and SSO, and have a very long signup form. We very rarely get spam signups that way.


Is the new sign-up / login plugin a solution to prevent spamming ?

1 Like

Can I know how to extra data like that?

Out of curiosity, how these can pass Captcha? how the signup process can be completed without solving the Captcha?

You should also just remember that in such a case your own mail server can end up on a blacklist if too much form spam is distributed.

If the bot uses real addresses for registration, this can happen very quickly.
I have solved this by using an external nginx as a proxy for my discourse docker instance and monitoring the log file with fail2ban, i. e.:


failregex = ^<HOST>.*"GET /u/account-created HTTP/2.0" 200.*$


enabled = true
port = http,https
filter = nginx-discourse
logpath = /var/log/nginx/your.discourse.access.log
bantime = 43200
findtime = 3600
maxretry = 3
banaction = ufw

This example means if anybody tries 3 times a registration within an hour from the same IP, then this IP is blocked for 12 hours.
Adjust this values for your purpose and system environment!