November 30, 2019

Added a blocker for sign-up spam

Frank @ThePass

Does anyone experience sign-up SPAM? I noticed many 'empty' sign-ups where new users joined but did not take any action, whatsoever. It became obvious that bots are running fake sign-ups.

Sharing a short description how to block the bots:

  1. 1

    Integrate Google captcha is as simpler to integrate (mostly the invisible captcha v3 that doesn't even display the button to check)

  2. 1

    Thanks so much for sharing you experience. I've noticed a lot of bot/fake/empty sign ups recently on SaaSHub, and a lot of SPAM on LibHunt. I will implement both techniques this week. I feel like that could easily eliminate a lot of the buggers.

    Timing the user input sounds so simple and smart! Kudos.

  3. 1

    Good to see more people avoiding the dreaded and user-hostile Captcha. :) ARE you human, dear visitor?

    The honeypot field technique tends to work exceedingly well. I've used it in the past for newsletter signups and it basically eliminated 99% of all bot spam submissions.

    A third method that can help, if you are ok with breaking regular form submission behavior, is to handle your form submissions with JS to an API endpoint (since bots are again more unlikely to execute JS on these pages). Of course, that would also break form submissions for people with JS disabled by default, so that may not be advisable for everyone. :)

  4. 1

    Honeypot technique seems promising , thanks for write-up.

  5. 1

    Trick #1 does not work afaik. For example, I use Dashlane to handle all signup, registration and login forms. If Dashlane is not able to figure out how to fill the registration form, it's already a hard pass for me. Why? Because if it ain't able to fill the signup form, I can already assume the login form is coded in a really obscure and non-standard way. I have 4000+ accounts stored, all with different 16-21 character passwords. I will not handle my login for one site manually.

    And do you go through all your signups manually? Is 500ms too fast? When do you start counting? At document ready? That could be 4 seconds in? Dashlane halts the dom and asks me what to do ... So most of the time my registration would be below 50-80ms ...

    1. 1

      A workaround could be to store the page render start time in the user session (on the backend) and then check it again after submit, it wouldn't matter if Dashlane halts the DOM as there would be no JS involved.

      1. 1

        didn't think of that before. I like it! :)

    2. 1

      Of course, I would not go through all signups manually. Why on earth would anyone do that? The point is to have an automated approach. Whether 500ms is too fast anyone can decide specific to the website/service. Using a password manager to generate the password will smoothly work, it's an all-standard approach.

      1. 1

        You'd be surprised on how many websites do signup and login forms in non-standard ways. :)

  6. 1

    This comment was deleted 4 months ago.

Today's Top Milestones
  • Reached $1000 on Plant My Forest
    We just plant more than 333 trees ! with 28 customers :) ---- Plant My Forest, a place where you plant a forest, for real! 🌳 Plant trees to stop clim
  • Same names. New look.
    Product Names looks different!? For those following the project, I recently updated the color scheme and logo. I wanted more simplicity in the design
  • Interview on Indie Hackers
    We did a text interview with Indie Hackers today! We talked about how we got started, what our journey has been like, and our goals for the future, as
  • 2nd Birthday & Launched New SaaS Boilerplate
    I'm super excited to be celebrating Gravity's second birthday today with the launch of v6. I launched Gravity as a side-project two years ago today ri
  • Released version 1.2
    For various reasons, I neglected Estipad for well over a year. I’m very excited to announce v1.2, which includes many improvements. They’re mainly foc
  • Best Booking Forms Templates For your Business
    Booking forms are one of the most resourceful forms you can have on your business. They are practical and can collect any essential information you ne
  • Beta-launched
    I have launched the Beta version of KitDB ( with its bare minimal functions. I hope to complete building the database within the ne
  • 200K podcast downloads in 5 months
    This morning I checked my analytics and saw that Creative Elements broke 200K downloads! It took a little over four months to break 100K, and then tha
  • 1st paying member of Recoon!
    Yes, we did it, we got the first paying member in Recoon community. Also a small retrospective on our Producthunt launch yesterday. - we went to 10th
  • Launched on No Code Founders
    I launched on No Code Founders in two ways... - Added a startup listing to the site's directory. - [I