>New kind of spammer – one spammer with same ID many times posting fast
Have CM write a little JavaScript to terminate their actions. Either they have a script or a macro. A script is done by code, a macro is software that records keyboard and mouse clicks. If they are using a macro, after captcha they launch it sending hundreds of posts at a time. Most likely this is what is happening. Scripts will read the html nodes, find the messagebox, enter text and resources, then submit the reply button.
There are many solutions for these types of attacks. Put a timer and count in a session with a callback function to terminate if thresholds are met.