Hello, it looks like the spammers have finally been stopped(so far).
- nofollow on links - spam classifier for comments - check new signups against spam black lists - cloudflare web app firewall in front - limit number of signup attempts to 4/hour at flask level - better email validation - block repeated failed attempts at iptables level. - bounce email processing That's without enabling 'newbies can not post for two hours'. I'll see how this goes over the next week. Fingers crossed it's mostly automated. cheerio,