Ways to handle spam signups Answered
HI, we are currently experiencing a ton of spam on our site and was wondering if there was some sort of "strict" check for member signups, so that if the IP Address already exists in a signed-up member, it would not allow the user to signup. There are many emails (such as in the image) bypassing Memberstack's built-in filter. We are currently tracking IP Addresses for signed up members and all of these emails have the same, so these are people/bots signing up and verifying each email.
We’re using the built-in HCaptcha that Memberstack has, but it doesn’t seem to be cutting it. Would you recommend using the built-in Webflow Captcha? Will that still work with Memberstack sign-up forms?
Comments
7 comments
Uhm, I still haven't deal with persistent bots generating SPAM personally, but another member of the community has. Shadi null documented it in Slack.
You can read this thread and come back if you implemented this solution and still continue with your issue
https://memberstack.slack.com/archives/C033F0SLTLK/p1698348531134079?thread_ts=1698232225.870739&cid=C033F0SLTLK
https://memberstack.slack.com/archives/C05TR2MQ3PV/p1698278768907499
Thanks for the response, we can try implementing this, but we believe this issue is being caused by manual submissions, as our signup times have ~2-3 minute gaps between them. Memberstack doing ip address tracking would be big as we see many signups coming from the same one..
Has anyone else dealt with manual spam submissions?
Raquel Lopez unfortunately I haven’t experienced this sort of thing with memberstack signups 😱 Only in the form of support form submissions
Wish I had better news to share
I see. Well, for this particular issue we might have to bring out the big guns 🔫
Since you already send IP addresses, you might benefit to use a service that acts as a proxy before getting through Memberstack. So the user will send out the form, the form will point to this service. The service would process the ip filtering out if this has been used before, if it is, it can return an error to the form, if is not then it will continue with the signup process.
If you already use Make, I think you can create a scenario for it (that would act as a DIY proxy service). You can point the signup form to a custom Webhook and the IP data can be saved in Make's Data Store (that would act as a small DB). And send a webhook response depending the case
My advice would be to reset the collected ips every day. IPs are not static. A new user could obtain one of the blockedlisted ips 🙂 Let me know if you still have any doubts.
Another thing to consider, using Make is a DIY option to prevent unnecessary signups, BUT, processing each request cost x amount of operations in Make, potentially raising your monthly costs. The ideal scenario would be to build your own backend that can process multiple gazillion request for a fixed monthly price.
This was the solution we went with, we are currently blocking repeat signups if a similar IP recently signed up
Another cheap solution would be to eliminate password signups and use SSO only. Like Google, LinkedIn, and other providers that Memberstack has
that's a great alternative! So that you wouldn't have to setup a backend
Please sign in to leave a comment.