Please. Captcha by default. Email domain filters. Auto-block federation from servers that don’t respect. By default. Urgent.
And yes, to refute some comments, this publication is being upvoted by bots. A single computer was needed, not “thousands of dollars” spent.
If someone really wants to attack the network, they’ll attack it with custom software, not just by clicking on a lot of buttons in the web UI.