Avoid spam on account signups

Singtah · July 13, 2019, 2:15pm

Hi,

Are there any practices that i can put in place in order to avoid spam account signups on my app ?
What i can imagine :

block ip address if signup attempts is > X
block certain email domain
add captcha
?

Thank you for your help

mathiasconradt · July 13, 2019, 2:44pm

Regarding the first two points: the right place to put your logic would usually be a Pre-User-Registration Hook Pre-User Registration, however it should be noted that at the moment, the hooks do only return a generic error message only (“An error occured.”) upon failure (which your logic would trigger), thus it’s not possible to return a customized error message (at least not if using the standard Universal Login Page).
So you might need to use a custom UI with additional frontend validation as well.

Captcha is not supported (and not recommended) by Auth0 out of the box. See:

and this blog article (“Avoid CAPTCHAs”):

Singtah · July 13, 2019, 3:08pm

Hi @mathiasconradt
Thank you for your answer

Ok, so with Pre User Registration Hook, i would have to implement the logic/rules that i want
A default error message is fine for the moment

mathiasconradt · July 13, 2019, 3:19pm

Yes, that is right, you would add your logic in the hook, example:

module.exports = function (user, context, cb) {
  var response = {};
  
  if (user.email === "santa@claus.co" ) {
    cb('Invalid Signup.', response)
  } else {
    response.user = user;
    cb(null, response);    
  }
};

mathiasconradt · June 29, 2020, 7:14am

however it should be noted that at the moment, the hooks do only return a generic error message only (“An error occured.”) upon failure (which your logic would trigger), thus it’s not possible to return a customized error message (at least not if using the standard Universal Login Page).

Update on this: customizing the hook error messages is now possible, see https://auth0.com/docs/hooks/extensibility-points/pre-user-registration#sample-script-customize-the-error-message-and-language-for-user-messages

v.dieppv1 · December 28, 2020, 11:32am

I tried Google Recapcha but It doen’t work, is there any advice? thanks
@mathiasconradt thanks,

mathiasconradt · December 28, 2020, 2:21pm

What exactly doesn’t work? How did you implement it, and any particular error message you’re getting?

By the way: since this original post is already >1,5 years old, note that ReCaptcha support is now available out of the box in Auth0, see https://auth0.com/docs/attack-protection/bot-detection

system · January 12, 2021, 2:21pm

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.