BolverBlitz
commented
2 years ago This was already once discussed, as far as i remember the conclution was as follows: There is a IP check in place (Enable in configuration) that will prevent the avrage troll. Implementing some service dosn´t make a lot of sense, because if you already gone far enoth to bypass IP check + captcha its not that much more work to bypass such check.
The better solution would be to put monitoring in place to check how many servers are created per time, the server cpu/mem/disk and load usage, network usage, new users registering per time. That can be done via the APIs realy easily and then put into a software like grafana for graphs, it can also send notifications to a sysadmin or some staff to take action.
Real user IPs after Cloudflare should be in X-Forwarded-For Header. Cloudflare Help
SneakyHub
AVMG20
As hosts grow they slowly but surely become targetted by bad users. People could create multiple dashboard accounts with some sort of script and proxies to get a massive amount of credits for free or perhaps to potentially overload the system by creating tons of accounts that bypass googles captcha or the hcaptcha.
Register Check for new accounts:
Use a service like this https://www.ipqualityscore.com/ IPQS get 5,000 checks for free per month which is more than enough for most small hosts and it helps detect fraud and lots of other stuff when people attempt to donate or make an account. It's very worth while to look into.
Cloudflare IPv4 Transparency:
Allow for IP's to be passed through cloudflares proxy, this will allow for better checks before accounts are created. It'll also allow us to limit 1 account per IPv4.