Spambots Bypassing Application Process
I'm the owner of the site wyomingbronies.com. Unfortunately we've been a huge target of spambots lately. I disabled all external methods of authentication and only allow users to apply for membership. Unfortunately it seems there's a bug somewhere as the spambots are still bypassing the authentication process and are able to register. They then use their profile page to paste links for SEO. I've tried CloudFlare to try and mitigate these attacks, but unfortunately around 15 new accounts are made per day regardless and my list of banned IPs is growing every single day. All the users created by the spambots still need their emails confirmed, but can still post to their profile page. I'm left there wondering why I don't have permission to disable users from posting stuff on their profile until their email is confirmed. I'm seriously considering switching off of Vanilla if there isn't a solution to these problems.
I'm running Vanilla Version 184.108.40.206