That doesn't seem right.
It's the iframely plugin, I don't know why it's using window.open instead of just target=_blank. Maybe some kind of tracking thing?
Well I don’t use that plugin. So, not sure where to look to isolate for a bug report.
I looked into the spam blocking set, yet most of them block signups (I'm using sso from my own site, so that's not it). And I just learned I'm not allowed to use akismet because i technically have ads on my site, despite only earning $100 a month (which is far less than my expenses). I can't afford $10 a month.
There has to be another way to block spammers. Perhaps require moderation when someone includes a link in their first post? I do not want to use reputation.
@jim-bridger How about something like 2FA ? Not ideal, but it'd work. Or, nodebb-plugin-math-captcha ?
Depending on how many moderators you have and how much traffic you have, you can use the post queue.
Uhhmmm.... have you looked into stopforumspam?
Not a silver bullet but never hurts to have one more arrow in yer' quiver, eh?
Might be worth a gander?