In addition to cleaning up any spam posts and blocking (suspending) spammer accounts, the Sites team at Moodle HQ have been working on improving our spam defences as follows:
1) As suggested by Ken in the discussion SPAM from Moodle Forums? we have implemented a throttling feature preventing users with new accounts from making lots of posts in a short space of time (MDLSITE-3871). Previously spammers made 20 or more posts before being detected and blocked; now they can only post twice.
2) The moodle.org reCAPTCHA has been updated to use the 'No CAPTCHA reCAPTCHA' API from Google (MDLSITE-3878). Unfortunately though the new reCAPTCHA does not seem to have had any effect.
3) We have tried increasing the level of Cloudflare protection to block spammer IP addresses. However this resulted in many genuine posters reporting that they were blocked (MDLSITE-3873), and so Cloudflare has been reset back to its previous level.
4) Whilst blocking spammer accounts, we've been looking for patterns and have added many email domains to the denied email domain list. Obviously though we can't add gmail.com.
5) We have implemented Akismet filtering on posts made by users with new accounts (MDLSITE-3879). This feature seems to be working well, though there are further improvements still to be made (MDLSITE-3894).
Apologies if you have received any notifications of spam forum posts. To help us ensure that all spam is deleted and spammer accounts blocked, if you receive a spam forum post notification, please check if the post is still available on moodle.org, and if so, log in and click the 'Report to moderator' link.
Many thanks to Moodle HQ developer Dan for quickly developing more spam defences. If you have further suggestions for fighting spam on moodle.org, please let us know.