The absolute most affect that I have had to wipe out spammers is adding a security question in the join form. The English language is not easily understood by those who don't have it as their first language and there are some unusual quirks. My security question is this "What is 3 plus 2" the answer of course is 5 but for non english speaking people or robots even understanding the question is impossible. It is important to have the question in this form. If you said "Add 3 + 2" see more or "3 +2" the question could be easily understood. I have not had a single spammer since implementing this security question and the backend security (file access) has been faultless after having a complete review of file permissions and changing those where they were not secure.I do manual approval of all profiles to cover those few english speaking people who manage to create a spammer profile.
Of course I use auto blocklists as well and every now and then do a review of geo locations accessing my server and do some manual blocking of persistent IPs using up server resources trying to get in.
All in all I have no issues any more with spammers.
We use a security question and it certainly helped before we went to 7.1 from what I can see now the current tools make the question unnecessary. We may try removing it, or possibly using such a question in the content submission workflow.
This might sound daft but we are happy to have genuine looking sign ups but we don't like their less genuine, spammy, content submissions.
This might sound daft but we are happy to have genuine looking sign ups but we don't like their less genuine, spammy, content submissions.