UGGHHH!! Thanks for the warning.
I knew it was quite a large industry, but I didn't realize they had the capability to get past every defense a forum could put up.
I've been noticing about 20-25 new registrations per day on the forum I admin. 99% of them never post. I've been wondering whether they were mostly spammers just waiting in the wings. If I have to, I will close the forum to ALL new registrants. I can't install mods myself (no server access), and getting the forum owner to do so is like pulling eyeteeth. I'm not going to babysit people on that forum to make sure they're on the up-and-up when they register. Our users are from literally all over the world, so banning IP ranges doesn't really do any good.
When I became admin (after having been mod for several years), the first thing I did was clean out our user database. I'm hoping that made the forum less of a target. We had almost 25,000 registered users (almost all of them registered before email authentication was required), but only about 3500 had ever posted (forum was started in 2009). I instituted a policy of deleting non-posting registrants after 60 days. I also closed the forum to guests (including viewing/reading), began requiring email authentication, and convinced the forum owner to install the registration security mod.