You guys are talking like we block TOR in general, we don't. The blacklists in use contain major exit-nodes most commonly used by bot-nets as they are fast. I do not like the idea of a limited node on our infra, but how about an onion route to tmo? Block registration from within tor? Then as soon as you log in to a site you authenticate your tor connection to be one of our members which is as stupid as it sounds... you can track single IDs within a browsing history even if the browsing was from different devices and with different cookie settings. For some IDs it is enough to determine the kind of searches they do on google as they can be reverse engineered to be lined up to your "put public accounts here"

How do we measure that the blacklist is actually working?
How about that as soon as we activated we have 90% less registrations of sleeper accounts, they get active after exactly 31 days to circumvent a basic 30day grace period of most forum software - we even filter that to some extend but the plug-in we use is failing too.

All those single-link-spam-posts are a mystery. There is no filter or any plug-in that detects them properly.

If anything, we should think about if it is time to get a new forum and use something that is state of the art in any aspect, incl. using garage accountsDB, replacing the wiki software and midgard all at once.