Forgive my cross posting, wasn't sure what category to put this in.
I have a private site where I have my own signup form that checks a white list of email addresses and only allows those on the list to proceed with the registration for site membership. That form is part of a landing page which comes up with just the domain name. For years that worked fine.
Then a couple of days ago some bot started requesting membership every hour or two with hello-world-xxxx@gmail.com where xxxx is a randomly changing number. This results in the pending members list getting filled and also filling the contacts list. To remove these is a long process. The three step process of deleting each pending member by hand, and the filtering the contacts and deleting them as well.
I determined a way my signup could be circumvented to bring up the default wix signup. Just go to an existing protected page in the site and wix redirects to the default login and signup forms.
I had already made a custom login form, but I discovered that it is now possible to make a Velo signup form. So I made one and added the whitelist check to it. I verified that it works.
However, that seems to have not solved the problem because I just got another pending member from the same bot.
Is there a way to prevent unfiltered signup requests?
I has just occurred to me that perhaps the bot had not reloaded the website when it sent that request that got through, thus not encountering my custom code.
Its now been 7 hours since without another one getting through. The problem might actually be solved. Will add a comment if more start coming in. Other wise assume the fix worked.