Lots of signups (account request or creation depending on setup).
Deny Signups from blacklisted IPs.
Deny Signups with blacklisted URLs in the content of cards included on Account Request+*tform.
Where would blacklists be put in a maintainable way?
A card is the most obvious choice, and the edit permission (and possibly view permission as well) should be restricted to either the Administrator role, or a role shared by a team of moderators. *blacklisted-ips and *blacklisted-urls, perhaps?
--Ariel Millennium Thornton.....Mon May 25 20:58:16 -0700 2009
recommend looking over security checklist on wikimatrix.org
--Ethan McCutchen.....Tue Jun 16 11:59:55 -0700 2009