Fake sign ups from the sign up page

We are getting sign ups from fake accounts.

First, we installed Clarity to see if we can capture such recordings. These sign ups don’t show up in recordings.

Next, we even unpublished the sign up page.

The sign ups from fake accounts still keep happening.

Is there anything we can I do?

These always happen directly and from the sign up page (even when it is unpublished).

I wonder if they’re really coming from your sign-up page, or if the spammers are hitting your magic-link endpoint directly, and just spoofing the referrer. If the sign up page is unpublished, then you should not be getting traffic from it… in fact, it seems like you might be able to safely discard traffic with a referrer that doesn’t exist…

1 Like

I’ve noticed this trend as well. I’ve had my blog on line for almost 2 years without any signups at all, and then I’ve had 7 in the last 3 weeks. All of the e-mail domains are from companies with seemingly legitimate companies and websites, but they have nothing to do with what i blog about. They seem highly suspect, plus they’ve all signed up in the last three weeks.

Not sure what the incentive would be for a bad actor to sign up for my blog. Perhaps they are compromised e-mails from a data breach. But even then, what would be the incentive to sign them up for my blog?

I’m wondering whether to delete them or not.

1 Like

I am hoping for some form of official response from Ghost team. It’s an unrealistic to either unpublish sign up page or delete all members that sign up directly.

Wondering if there is a way to confirm sign ups via email click or captcha?

So now I’m really confused. Because the ONLY way to sign up to Ghost natively is to receive a magic link in email and click it. Literally. Users don’t show up in Ghost (unless you created them via API or ran an import or something) without clicking a link.

So… what version of Ghost are you running? Do you have any integrations active? Using Zapier to sync members from somewhere else?

1 Like


If you look at the members one at a time, is there any pattern in where they’re coming from? Seven sign-ups doesn’t sound like all that many - it could be someone shared a link on social media or a forum or sent it to a few friends. This doesn’t sound all that nefarious… I think in your shoes, I’d send them each an email welcoming them to the site and asking how they found you, what their interests are, etc. Maybe you’ll learn something!

I check my members page daily. I delete about 5 to 10 new members per week, and yes, there has been an uptick lately. They’re spammers looking to post SEO links in comments. I check my comments daily as well for comments from new members in case I missed one.

For me, it’s easy to find them because the accounts are usually from Pakistan, India or Vietnam and I know they aren’t looking for my content.

There are pages on the internet – a lot on Medium – of hundreds and hundreds of links to blog signup forms for SEO spammers. That’s where they come from. If you see a signup directly to your signup page, it’s almost certainly safe to delete the account. Real people signup from actual pages on your site.

Thanks for sharing your experience with the fake acounts. Are you determining that they are from India, Vietnam, or Pakistan because of the domain name or is there some other way? I haven’t had any signups post comments so I wonder if there is another motivation for them to signup?

What is the best way you’ve found to moderate comments. There doesn’t seem to be a way in the ghost backend to review comments in a convenient view. Thanks for the help.

We’re having the same problem at our site, and it is baffling. Members are showing up in Ghost so clearly they’ve clicked a link somewhere but they’re certainly spam and I get dozens of spam email responses a week. About 1800 spam Members in the last month.

Using Ghost Pro, not self hosted with no integrations or Zapier sync. Does anyone have advice or do we need to figure out adding in a captcha?