@Jason404media I had a similar problem, and ended up using CloudFlare WAF to block the user agent until the attacker gave up:
It looks like the intent behind the spam signups you’re getting might be different, though.
In my case, my Nginx logs showed that the send-magic-link endpoint was being hit directly, without going through the Ghost frontend. Ghost is working on tightening up that endpoint, which should help.
I’d like it if there was an option to validate signups against a deliverability API like Reacher, before the confirmation email is sent.
In my case, the spam signups were hurting my email sending reputation, so the damage was done before a member created webhook would be run. But if you’re just trying to remove bad signups, you could probably use a custom integration to delete members that matched certain criteria.