I built and run a SaaS product on my own (full time). My service receives a lot of fake or abusive signups. In general, their end goal is usually to abuse the free tier/offering by creating multiple accounts.
I have added a captcha (hcaptcha) and I actively check/prevent sign ups from VPNs, VPSes, Tor and banned IP addresses. I also actively check and prevent signups from free email domains (gmail, hotmail, disposable email domains, etc).
I continue to get abusive signups. Is this typical? What else can you do?
Force them to enter a valid credit card and auth $1