The only thing you can do -since you're into core modification- is to introduce multi-factor authentication. What I mean is have reCAPTCHA during signup and an ad-hoc CAPTCHA (something like "Enter the result of two plus five" works nice) at user login. If you want to go very deeply into core modification, you can compile a list of potential spam words, rate the "spaminess" of the post based on them and when the score is over a threshold (think of what SpamAssasin does) ask the user to fill in a reCAPTCHA before accepting the post. Yes, the false positives will be irritating, but that's the compromise you have to live with.
Nicholas K. Dionysopoulos
Lead Developer and Director
π¬π·Greek: native π¬π§English: excellent π«π·French: basic β’ π My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!