One of the hazards of making registration easy is that you get spammers as well as the people you really want to connect to. Once moderation is set up, your site is a "honey pot". Sooner or later someone will post something objectionable.

You can easily check Content management - Moderated content (admin/content/modr8) and click on the user name then Track and Track page visits. Pick one and then click "details".  The "hostname" is the IP address of your spammer.

You can chase the IP address at https://ws.arin.net/whois and if it is not an "American" IP, find the "whois" server for the region associated with the IP. One recent case was IP 59.108.91.148 and I found the network information at http://wq.apnic.net/apnic-bin/whois.pl - Beijing Capital Telecom.

Now it is time for a judgment call. I can block the individual IP or the entire "Class B" block. I will choose the later even though that will poke the eyes out of potentially 65,535 IP addresses. This is a local site and I don't really expect Bejing Capitol Users will have much purpose in visiting to I opt for the latter.

User management - Access rules - Add rule (admin/user/rules/add), choose Hostname and enter 59.108.%, Add rule. Now it is time to clean up the post. Back to Content management - Moderated content (admin/content/modr8)  and choose Delete - Save. Then back to the user, Edit and Delete..

Tomorrow we can go after another spammer.