andris9
commented
2 years ago You can disable account creation by setting allowJoin to false here
Closed Bianconiglio closed 1 year ago
Bianconiglio
commented
2 years ago hello, thanks for the answer, I'm fine that users are created, but not automatically that is every 5-10 sec a user created and of the type myname01, myname02 ....
andris9
commented
2 years ago You can enable reCAPTCHA v3 to defend against bots. You need to register reCAPTCHA v3 keys and add this here
Bianconiglio
commented
2 years ago yes i did i enabled recaptcha v3 and i have enable cloudflare check for bot.
there is a system to block through nginx the number of requests on the registration page type 1 per hour from the same ip. I have seen that nginx has limit.
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/m;
location /account/create { limit_req zone=one burst=5 nodelay; }
andris9
commented
2 years ago Well, yeah, fake users are a big problem. That account creation form is there as a demo. In a real system, you should probably have your own account signup form and you'd create the user accounts via API calls.
Bianconiglio
commented
2 years ago you're right, a big problem
Hi, I have the problem that I find many fake accounts created automatically. I enabled the captcha and cloudflare side protections, but anyway they are created.
there is another way to block the creation of fake users.