The best way to avoid this is to leverage the post queue. Sadly, spammers always find creative ways to bypass filters, but the post queue will stop them dead.
Check out the event lot page in the ACP (under advanced). The user's deletion event should have been logged, and the IP address should have been saved.
... as long as your NodeBB is new enough, that is 🙂
NodeBB core doesn't have anything to prevent this. But plugins can be made to prevent multiple accounts from the same IP etc although it can be easily by passed.