Hi,
Are there any practices that i can put in place in order to avoid spam account signups on my app ?
What i can imagine :
- block ip address if signup attempts is > X
- block certain email domain
- add captcha
- ?
Thank you for your help
Hi,
Are there any practices that i can put in place in order to avoid spam account signups on my app ?
What i can imagine :
Thank you for your help
Regarding the first two points: the right place to put your logic would usually be a Pre-User-Registration Hook Pre-User Registration, however it should be noted that at the moment, the hooks do only return a generic error message only (“An error occured.”) upon failure (which your logic would trigger), thus it’s not possible to return a customized error message (at least not if using the standard Universal Login Page).
So you might need to use a custom UI with additional frontend validation as well.
Captcha is not supported (and not recommended) by Auth0 out of the box. See:
and this blog article (“Avoid CAPTCHAs”):
Hi @mathiasconradt
Thank you for your answer
Ok, so with Pre User Registration Hook, i would have to implement the logic/rules that i want
A default error message is fine for the moment
Yes, that is right, you would add your logic in the hook, example:
module.exports = function (user, context, cb) {
var response = {};
if (user.email === "santa@claus.co" ) {
cb('Invalid Signup.', response)
} else {
response.user = user;
cb(null, response);
}
};
however it should be noted that at the moment, the hooks do only return a generic error message only (“An error occured.”) upon failure (which your logic would trigger), thus it’s not possible to return a customized error message (at least not if using the standard Universal Login Page).
Update on this: customizing the hook error messages is now possible, see https://auth0.com/docs/hooks/extensibility-points/pre-user-registration#sample-script-customize-the-error-message-and-language-for-user-messages
What exactly doesn’t work? How did you implement it, and any particular error message you’re getting?
By the way: since this original post is already >1,5 years old, note that ReCaptcha support is now available out of the box in Auth0, see https://auth0.com/docs/attack-protection/bot-detection
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.