dcmorse
commented
4 years ago It looks like somehow the config/initializers/devise.rb config.secret_key got deleted in production, which maybe facilitated spam user creation. I'm gonna keep an eye on our users, but not implement captchas for now.
Perhaps by forcing users to complete a captcha during account creation to reduce fake accounts