How to avoid multiple registrations of a malicious "person"? [closed]

1

How can I prevent or make it as difficult as possible for a person or a malicious machine to make multiple entries on my site?

My form consists of 5 fields, which are:

  • Name
  • Surname
  • E-mail
  • Password
  • Sex

Only email can not be repeated (2 people do not have the same email).

If you were a person performing manually for example, she could simply type +1 characters or slightly change the email and would already make a second registration (if the email is no longer being used).

If it were a robot, the situation would be even worse. I could fill out the form several times very quickly, not to mention that I could make direct requests (I'm using CSRF / XSRF protection from ASP.NET Razor Pages, but I do not know if it protects against it).

I thought about creating a cookie with the number of registrations that were made and then blocking, but it would not make much difference since it can be easily deleted by the malicious user.

If you help with anything, I'm making a request via Ajax with JQuery and validating the form on the server with a controller - Language: C #.

$.ajax({
    type: 'POST',
    url: '@Model.Swenity.Request.Address.ToString()request/register/registerAccount',
    data: frmRegister.serialize(),
    dataType: 'json',
    beforeSend: function () {
        // ...
    },
    success: function (response) {
        // ...
    },
    error: function (request, status, error) {
        // ...
    }
});
    
asked by anonymous 07.03.2018 / 22:36

1 answer

0

There are two different situations:

Prevent a Malicious User

You can hardly stop a user from doing something wrong without endangering the experience of other users.

A solution could be to prevent more than one IP-based registration, but this would hinder any access from more than one person within a company or connected to the same wifi network, for example. >

Depending on the flow of your application, you could block an IP for a certain amount of time to prevent more than one registration / submit in a short time, so the person would eventually give up.

Prevent some robot

It is not a solution for all cases, but most of the time it will work:

  • Add a field that will be invisible to users
  • Validate to verify that this field is filled out
    • If it is filled, prevent the form from being sent

I did this once on a contact form and stopped receiving spam:

<div style="display: none; opacity: 0">
   <label for="txtCaptcha">
      Esse campo serve apenas para validação de spam.<br>
      <strong>Se você preencher esse campo, seu contato não será enviado</strong>
   </label>
   <input name="txtCaptcha" type="text" id="txtCaptcha">
</div>
    
14.03.2018 / 18:52