Warning to users posting their URLS on here

Is it your "old buddies" URL (which I'm not going to mention if there is a possible security issue)?

If so, that's not the only place it's showing up. It's also here. It also looks like someone owned it and apparently on more than one occasion.

I'm not saying you're wrong...some idiot could have just as easily come on here, gotten the URL and launched an attack for no reason. Dumber things have happened. And I'm not condoning someone taking down forums or overloading databases with fake registrations (I've seen enough of that fake registration crap from Nigeria to last me a lifetime). I'm just saying that there are other ways this loser could have found out about your site, and if I were to guess at the most likely culprit, I'd say it's your SMF post that triggered it, through no fault of your own. "Hey look. New guy's using Simple Machines Forum. I wonder how much of a douchebag I can be to a stranger who did nothing to deserve it."

There's spam prevention tools for that. Look for ones that hook into www.stopforumspam.com.

Sad, isn't it?
I call it "the fall of the internet".

You'll have to make your forum so anyone who registers must
visit their email client and "confirm it" before they can login.
That still won't stop people from registering and not confirming it.

Spammers especially like new sites and new forums. They can get
more exposure and take control over it. Your heart is in your project,
but perhaps you should scrap the idea and use FaceBook or some other
social network.

Even on this forum, we are constantly deleting and fighting spammers.
It's a never-ending battle. The fault actually lies in the people that are
buying (and spending money) on the spam. They do it because they make
a lot of money, without much work.

Another thing I've noticed as a mod and a forum owner...they like forums that allow you to register without a CAPTCHA.

That might solve the problem by itself.

CAPTCHA was broken ages ago, and spam farmers get around it just fine anyway. Human questions in registration targeted at your audience are the best bet for now.

Yeah, that's a good way to do it too. I guess I misworded my point...my point was that it's easier for spam farmers to get at registrations that have no blocks at all than the ones that have some blocks.

We dropped CAPTCHA here and now use question based verification. Its not foolproof but certainly stops the bots!