Yeah, same here. Usually it’s not even “smart” spam, just some dumb wave hammering the same reg form with slightly different junk. I’d look at the logs before changing too much. If the same IP ranges / ASNs are hitting it, you can usually tell pretty quick whether it’s bot churn or actual humans abusing throwaway accounts. We had one forum where the spam spike was basically all coming from a couple of hosting providers in bursts every few minutes. What’s annoying is the ones that get past the obvious stuff because they look “normal” enough on signup, then post some half-baked nonsense a day later. That’s where a little more friction helps more than a giant wall. Honeypot + rate limit + email verification is usually enough in my experience, but if you’ve already got that, the next step is typically tighter first-post moderation or new-user post limits. I wouldn’t go full lock-down unless it’s really bad. That usually just shifts the pain onto legit users and then you’re stuck undoing it later.
ToolDecision
Tools, compared and explained
ToolDecision
Tools, compared and explained