I've got a small web app that's still in its early stages with low traffic, and it uses only Google OAuth for login—no traditional email/password setup at all. Lately, I've noticed a trend of new sign-ups with Gmail accounts that have patterns like firstnamelastname + digits @gmail.com. So far, there hasn't been any suspicious activity after the sign-ins—no writing, no spam, just the accounts successfully logging in and then going quiet. I understand that Google has robust protections in place for account creation and that I'm not storing any passwords or sensitive data. The app is open to anyone and not restricted to invites. I'm trying to figure out what kind of risks I should realistically be concerned about with this setup. Is this just typical behavior for a public web app, or should I be alert to any specific abuse patterns? I'd like to strike a balance between keeping things secure and understanding when to take action.
2 Answers
It sounds like your main concern is figuring out what risks to watch out for. Are you worried about bots scraping data, people misusing a free trial, or just driving up your hosting costs? Since there's no actual abuse happening—like traffic spikes or spam—I think you're mostly seeing curiosity sign-ups, which is pretty common for new public apps. Just keep an eye on how things evolve and you should be fine.
The similar email patterns you mentioned can be normal; Gmail users often have variations like that. But, the key thing to look at is what those accounts do once they're logged in. If they don't do anything—no writings or repeated logins—that could just be normal traffic, not a threat. Just make sure that if you allow certain actions or resource usage, you have some basic limits in place. For now, I'd say your setup looks low-risk, but stay vigilant about logging and monitoring for any spikes in activity.
Thanks for that perspective! It helps to know that the patterns could be harmless. I wasn't seeing any post-login activity, which seemed odd, but it makes sense now. I'll definitely keep monitoring for any unusual activity.