No more than 1 or 2 registrations from the same IP address should generally be accepted from the same IP address, certainly within a small time frame like a couple hours. Could use rate limit API to accomplish this, storing in memory and not persisting is fine. This should make it more difficult for the same user to register multiple times in a row.
Additionally, we could store the IP address from which a user registered in the database (or just in memory, the most recent N)
You must be