Thread:Project:Support desk/$wgGroupPermissions not preventing spammers creating new pages/reply (2)

I wonder if edits through the api could be circumventing this.

Do you have access to the access_log of the server to see what URLs are they using to edit pages, and see if they're using the api to edit?