Ask HN: Is so much spam/abusive signups normal?
I built and run a SaaS product on my own (full time). My service receives a lot of fake or abusive signups. In general, their end goal is usually to abuse the free tier/offering by creating multiple accounts.
I have added a captcha (hcaptcha) and I actively check/prevent sign ups from VPNs, VPSes, Tor and banned IP addresses. I also actively check and prevent signups from free email domains (gmail, hotmail, disposable email domains, etc).
I continue to get abusive signups. Is this typical? What else can you do?
5 comments
[ 4.2 ms ] story [ 20.6 ms ] threadAt the moment your solution is broken, it's not stopping anyone and providing friction to your genuine users.
These people obviously want to use your service, so revise your pricing/tiers. Don't be so greedy. Find out their pain points, ask them, speak to them directly find out why they're not paying.
Maybe they want to pay you but your payment integration is broken or not supported in their country.
The origins of these people are often problematic countries (places I couldn't accept a payment from even if I wanted to).
Some of these individuals (~30%?) seem to be coming from legit domains and verify their email but don't appear to be the target audience. They often try to pay without using the service. I believe these people have compromised mail servers and are trying to test stolen credit cards.
I'm not greedy.
Force them to enter a valid credit card and auth $1
1) Adding a credit card after sign up as part of the flow.
2) Adding a mobile number and verifying via SMS.
I don't particularly want to do either as it's more friction up front for everyone... but seems like it's where it will lead.