Applicants can flag posts v 2.1.10
Today, my forum was attacked by an unverified applicant using the "Flagging" feature. It was clearly some sort of script, as he flagged around 40,000 posts, which crippled our mail server from all of the notifications being sent.
There is nothing checked for the flagging plugin in the roles / permissions screen for applicants. However, he clearly used it. I set up a test account in the applicant usergroup, and sure enough - the "Flag" links show up and work.
How can I actually block applicants from using the "Flagging" feature?