Admin JerryRiddle me this. How can a spammer start their account creation from /auth/confirmation? He does this every week. He never accesses /auth/sign_up. He always first shows up in the logs accessing /auth/confirmation.
I have his ASN blocked by the Cloudflare firewall from accessing /auth/sign_up. I see in the Cloudflare logs that he tried to access /auth/sign_up but got a 403 from Cloudflare. The request is nowhere in my logs. It was truly blocked by the proxy server.
But, then suddenly he's using /auth/confirmation with the same blocked ASN seconds later and creates the account. Today I added the same ASN restriction to /auth/confirmation to try to stop future sign-ups, but this is beside the point.
It's like he tries to go to sign_up, gets a 403, and then uses some alternative means to begin the signup process.
He's not getting in with an invitation code, either.
Can he be using an existing account in some way to get an access token for an API call of some type to begin registration?
How does he do this?
All GNU social JP content and data are available under the