Avoid spam on account signups

Singtah · July 13, 2019, 2:17pm

Hi,

Are there any practices that i can put in place in order to avoid spam account signups on my app ?
What i can imagine :

block ip address if signup attempts is > X
block certain email domain
add captcha
?

Thank you for your help

mathiasconradt · July 13, 2019, 2:45pm

Regarding the first two points: the right place to put your logic would usually be a Pre-User-Registration Hook https://auth0.com/docs/hooks/concepts/pre-user-registration-extensibility-point, however it should be noted that at the moment, the hooks do only return a generic error message only (“An error occured.”) upon failure (which your logic would trigger), thus it’s not possible to return a customized error message (at least not if using the standard Universal Login Page).
So you might need to use a custom UI with additional frontend validation as well.

Captcha is not supported (and not recommended) by Auth0 out of the box. See:

and this blog article (“Avoid CAPTCHAs”):

Singtah · July 13, 2019, 3:08pm

Hi @mathiasconradt
Thank you for your answer

Ok, so with Pre User Registration Hook, i would have to implement the logic/rules that i want
A default error message is fine for the moment

mathiasconradt · July 13, 2019, 3:27pm

Yes, that is right, you would add your logic in the hook, example:

module.exports = function (user, context, cb) {
  var response = {};
  
  if (user.email === "santa@claus.co" ) {
    cb('Invalid Signup.', response)
  } else {
    response.user = user;
    cb(null, response);    
  }
};