How are people posting questions even after I've made it compulsory to verify their emails?

Question

Here's what I've done:

And also over here:

In spite of this, I see that users are posting spam questions on my forum. How is it possible? They're doing it without confirming their email address!

Spam users are able to directly post questions in spite of these settings. And yes, I've enabled captchas. 

Does anyone know what settings to use enforce email verification or to moderate the first few questions until one is accepted?

Comments

@pupi1985 Nope. No other login. I'm also not able to do a "direct call".

---

By a direct call, I meant submitting the form data directly to the server. The UI doesn't allow the user to access the question page. But I'm guessing that these spammers might be submitting the form data directly to the form's submit URL. I'm not sure. If it's not this then I don't know how else they're creating their spam questions. They're clearly doing it without verifying their emails (which the UI doesn't allow - I've checked).

---

Sorry, I cannot replicate this in a clean Q2A installation. You'll have to provide step by step instructions on how to replicate this scenario immediately after installing Q2A.

---

@pupi1985 That is exactly what I'm saying! I CANNOT replicate it either. However, the spam users ARE able to do it. I repeat, I CANNOT do it. Even on a fresh install, I CANNOT do it! That's not what I"m asking. I'm asking HOW the hell are spammers still doing it on my site, and what can I do to stop them.

Answer 1

Is your site https? When I did htttps, I got rid of all the spam

Comments

Yes. My site has been https from the start. Even if someone types http then it automatically goes to the https site.

---

Are you in cloudfire? Inmunify360? Do do you have URL htccaces config?