My website has recently been getting ~100-200 new signups a day. This is high for me.
A user emailed me that they received a confirmation email for signing up to my site, but they never created the account themselves. I question whether a malicious actor is spamming my sign up form with random emails.
Is it possible to check which IP address sign ups are coming from, or other steps I should be taking to verify account legitimacy?
Malicious actors can’t actually do anything since they aren’t verifying the email addresses associated with the accounts, but if nothing else this inflate my Auth0 sign up quota.
Thank you for posting your question. To check the IP address and the request details generally, you can check the logs in the Auth0 Dashboard → Monitoring → Logs. You’ll be able to see the details of the request. Depending on what you want to achieve, you have different ways to handle this issue; I will share a few resources that you can utilize to try to reduce the impact of this malicious actor.