Avoid spam on account signups

Singtah · July 13, 2019, 2:15pm

Hi,

Are there any practices that i can put in place in order to avoid spam account signups on my app ?
What i can imagine :

block ip address if signup attempts is > X
block certain email domain
add captcha
?

Thank you for your help

mathiasconradt · July 13, 2019, 2:44pm

Regarding the first two points: the right place to put your logic would usually be a Pre-User-Registration Hook Explore Flows and Triggers, however it should be noted that at the moment, the hooks do only return a generic error message only (“An error occured.”) upon failure (which your logic would trigger), thus it’s not possible to return a customized error message (at least not if using the standard Universal Login Page).
So you might need to use a custom UI with additional frontend validation as well.

Captcha is not supported (and not recommended) by Auth0 out of the box. See:

and this blog article (“Avoid CAPTCHAs”):

Singtah · July 13, 2019, 3:08pm

Hi @mathiasconradt
Thank you for your answer

Ok, so with Pre User Registration Hook, i would have to implement the logic/rules that i want
A default error message is fine for the moment

mathiasconradt · July 13, 2019, 3:19pm

Yes, that is right, you would add your logic in the hook, example:

module.exports = function (user, context, cb) {
  var response = {};
  
  if (user.email === "santa@claus.co" ) {
    cb('Invalid Signup.', response)
  } else {
    response.user = user;
    cb(null, response);    
  }
};

mathiasconradt · June 29, 2020, 7:14am

however it should be noted that at the moment, the hooks do only return a generic error message only (“An error occured.”) upon failure (which your logic would trigger), thus it’s not possible to return a customized error message (at least not if using the standard Universal Login Page).

Update on this: customizing the hook error messages is now possible, see Explore Flows and Triggers

v.dieppv1 · December 28, 2020, 11:32am

I tried Google Recapcha but It doen’t work, is there any advice? thanks
@mathiasconradt thanks,

mathiasconradt · December 28, 2020, 2:21pm

What exactly doesn’t work? How did you implement it, and any particular error message you’re getting?

By the way: since this original post is already >1,5 years old, note that ReCaptcha support is now available out of the box in Auth0, see Bot Detection

system · January 12, 2021, 2:21pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Surpressing “user_exists” response on signup Help auth0 , signup , security	4	3443	July 30, 2019
Validate user_metadata on signup Help	6	3670	August 26, 2019
Pre-registration hooks : send feedback to user Help signup , hooks	9	5455	January 8, 2024
How to return meaningful error after pre-user registration hook fail? Help signup , hooks , error , registration , pre-user-registratio	6	7659	July 1, 2020
Provide understandable errors in universal sign up / login forms Help error , new-universal-login	8	4196	July 18, 2022

Avoid spam on account signups

Related topics