Increase In Russian Hackers
Has anyone else noticed there is an increase in people / hackers from Russia signing up and exploiting their services? For one particular product of mine, I've been battling a hacker or more -- who keeps signing up with fake emails and exploiting my service.
As fast as I patch it up, they find additional exploits. I blocked almost all "fake email" or "temp email" service signups, and the moment I did that, they started creating Gmail accounts that look completely random. A verification of email is required. For that particular product, I gave away 5 of the product for free before the person must enter in a paywall. What they do is use the 5, then sign up for another email account. I'm at the point where I'm about to eliminate the free tier and just charge.
In a way, I guess I'm grateful for them finding the exploits as I can patch them up and know what to look for, but it's not easy to stop them all, hence the Gmail account creations with random letters.
Anyone else run into these troubles and manage to fix it?
Try reCAPTCHA and SMS verification.
At least you have got a product that people want to use..:) .
Try using clear-bit risk integration to find suspicious activity while signup.Here is the link: https://clearbit.com/risk.
Hope this works!!
With no details about the service provided or how it's being exploited, it's really hard to say. But when has that ever stopped someone on the internet from weighing in?
End the free plan or replace it with a "cheap first month" incentive.
It might be related to the service you're providing. And I wouldn't be surprised if it were bots or something - do you have any indication it is just one person? What are you providing (at least in a generic sense)?
If they get a benefit such as anonymously posting SPAM, storing pirated content, etc, it's probably ripe for abuse from free signups from bots.
I have 3 projects which all had free accounts, and not even the bots were interested ;-) My first app had about 25 signups over 4 years, and they seemed questionable, but nothing disruptive ever happened from them.
Could you require a social share to get free access? Problem Solution and marketing in one?
Question regarding temp emails. Did you use this of another service? https://github.com/wesbos/burner-email-providers
Does giving away your product cost you extra? Maybe stop worrying about one guy that either way won't pay for your product and instead focus on your paying customers.
You can also consider using social login as an alternative to an e-mail.
The issue with "not worrying" is what they are using it for -- the website was taken down because of how it was being used.
Have you considered an IP ban? Or also reach out to them and ask them what it would take to convert them?
Two issues:
they aren't going to respond to the email.
the IP ban is possible, but it it hard to detect the behavior and it would take too much time to monitor and ban manually.
Have you tried Cloudflare? You can do some IP based filtering to block access from some countries, platforms etc.
Not that it's a good strategy but you could blanket ban Russian IPs using the MaxMind GeoIP database.
then they'll VPN via another country