diff --git a/.env.example b/.env.example
index b9a00a7..d1a9246 100644
--- a/.env.example
+++ b/.env.example
@@ -6,4 +6,5 @@ SPOKEN_DB='13thJune'
 SECRET_KEY=''
 VIDEO_PATH=''
 DEBUG=True
-TEMPLATE_DEBUG=True
\ No newline at end of file
+TEMPLATE_DEBUG=True
+SPAM_LOG_FILE=''
\ No newline at end of file
diff --git a/forums/logs/spam_detection.log b/forums/logs/spam_detection.log
new file mode 100644
index 0000000..e69de29
diff --git a/forums/settings.py b/forums/settings.py
index 6c549d2..61230db 100644
--- a/forums/settings.py
+++ b/forums/settings.py
@@ -17,6 +17,11 @@
 # Build paths inside the project like this: os.path.join(BASE_DIR, ...)
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 
+SPAM_LOG_FILE = os.getenv("SPAM_LOG_FILE")
+
+# reCAPTCHA Settings
+RECAPTCHA_SITE_KEY = os.getenv("RECAPTCHA_SITE_KEY")
+RECAPTCHA_SECRET_KEY = os.getenv("RECAPTCHA_SECRET_KEY")
 
 # Quick-start development settings - unsuitable for production
 # See https://docs.djangoproject.com/en/1.11/howto/deployment/checklist/
@@ -108,8 +113,8 @@
         'ENGINE': 'django.db.backends.mysql',  # Add 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'.
         'NAME': os.getenv("SPOKEN_DB"),                      # Or path to database file if using sqlite3.
         # The following settings are not used with sqlite3:
-        'USER': os.getenv("DB_USER"),
-        'PASSWORD': os.getenv("DB_PASSWORD"),
+        'USER': os.getenv("SPOKEN_DB_USER"),
+        'PASSWORD': os.getenv("SPOKEN_DB_PASSWORD"),
         # Empty for localhost through domain sockets or '127.0.0.1' for localhost through TCP.
         'HOST': '',
         'PORT': '',                      # Set to empty string for default.
@@ -150,7 +155,7 @@
 
 LANGUAGE_CODE = 'en-us'
 
-TIME_ZONE = 'Asia/Calcutta'
+TIME_ZONE = 'Asia/Kolkata'
 
 USE_I18N = True
 
@@ -267,29 +272,54 @@
 except ImportError:
     pass
 
-
 LOGGING = {
     'version': 1,
     'disable_existing_loggers': False,
+
     'filters': {
         'require_debug_false': {
             '()': 'django.utils.log.RequireDebugFalse'
         }
     },
+
+    'formatters': {
+        'verbose': {
+            'format': '[{asctime}] {levelname} {name}: {message}',
+            'style': '{',
+        },
+    },
+
     'handlers': {
         'mail_admins': {
             'level': 'ERROR',
             'filters': ['require_debug_false'],
             'class': 'django.utils.log.AdminEmailHandler'
-        }
+        },
+
+        # New handler for spam detection
+        'spam_file': {
+            'level': 'INFO',
+            'class': 'logging.handlers.RotatingFileHandler',
+            'filename': SPAM_LOG_FILE,  # create logs/ dir
+            'maxBytes': 1024 * 1024 * 5,   # 5 MB
+            'backupCount': 5,              # keep 5 old logs
+            'formatter': 'verbose',
+        },
     },
+
     'loggers': {
         'django.request': {
             'handlers': ['mail_admins'],
             'level': 'ERROR',
             'propagate': True,
         },
+
+        #  New dedicated logger
+        'spam_detection': {
+            'handlers': ['spam_file'],
+            'level': 'INFO',
+            'propagate': False,
+        },
     }
 }
-
 VIDEO_PATH = os.getenv("VIDEO_PATH")
\ No newline at end of file
diff --git a/requirements.txt b/requirements.txt
index 08937ec..27abac0 100755
--- a/requirements.txt
+++ b/requirements.txt
@@ -15,3 +15,4 @@ django-debug-toolbar==1.4
 python-dotenv==0.10.3
 nltk==3.5
 sklearn==0.0
+requests>=2.25.0
diff --git a/seed_spam_rules.py b/seed_spam_rules.py
new file mode 100644
index 0000000..3e393b0
--- /dev/null
+++ b/seed_spam_rules.py
@@ -0,0 +1,116 @@
+# Script to seed the database with predefined spam rules
+import os
+import django
+
+os.environ.setdefault("DJANGO_SETTINGS_MODULE", "forums.settings")
+django.setup()
+
+from django.db.models import Q
+from website.models import SpamRule
+
+
+
+def seed_spam_rules():
+    rules = {
+        # Certification/Exam dump patterns
+        "Certification/Exam Spam": {
+            "score": 30,
+            "type": SpamRule.KEYWORD,
+            "patterns": [
+                r"exam\s+dumps?", r"braindumps?", r"practice\s+test",
+                r"certification\s+exam", r"test\s+preparation",
+                r"exam\s+questions?", r"study\s+guides?",
+                r"pdf\s+\+\s+testing\s+engine", r"testing\s+engine",
+                r"exam\s+prep", r"mock\s+exam", r"real\s+exam",
+                r"dumps\s+pdf", r"braindump"
+            ],
+        },
+
+        # Promotional spam
+        "Promotional Spam": {
+            "score": 25,
+            "type": SpamRule.KEYWORD,
+            "patterns": [
+                r"click\s+here", r"join\s+now", r"limited\s+time",
+                r"discount", r"coupon\s+code", r"20%\s+off",
+                r"free\s+download", r"get\s+certified",
+                r"unlock\s+your\s+career", r"master\s+the",
+                r"boost\s+your\s+career", r"cert20",
+                r"at\s+checkout", r"special\s+offer",
+            ],
+        },
+
+        # Suspicious domains
+        "Suspicious Domain": {
+            "score": 35,
+            "type": SpamRule.DOMAIN,
+            "patterns": [
+                r"dumpscafe\.com", r"certsout\.com", r"mycertshub\.com",
+                r"vmexam\.com", r"kissnutra\.com", r"dumps.*\.com",
+                r"cert.*\.com", r"exam.*\.com",
+            ],
+        },
+
+        # Generic business language
+        "Business/Career Spam": {
+            "score": 15,
+            "type": SpamRule.KEYWORD,
+            "patterns": [
+                r"attests\s+to\s+your\s+proficiency",
+                r"esteemed\s+(?:accreditation|certification|credential)",
+                r"valuable\s+asset\s+to\s+companies",
+                r"demonstrates\s+your\s+ability",
+                r"comprehensive\s+study\s+(?:tools|materials)",
+                r"interactive\s+practice\s+tests",
+                r"real\s+exam\s+questions",
+                r"actual\s+exam\s+questions",
+                r"validated\s+by\s+.*certification",
+                r"urgently\s+need\s+experts",
+            ],
+        },
+
+        # Gaming content
+        "Gaming Spam": {
+            "score": 20,
+            "type": SpamRule.KEYWORD,
+            "patterns": [
+                r"spacebar\s+clicker", r"clicker\s+game",
+                r"addictive\s+game", r"upgrades\s+available",
+                r"instant\s+rewards",
+            ],
+        },
+
+        # Health/Supplement spam
+        "Health Spam": {
+            "score": 22,
+            "type": SpamRule.KEYWORD,
+            "patterns": [
+                r"vitalit[äa]t", r"nahrungserg[äa]nzungsmittel",
+                r"libido", r"fruchtbarkeit", r"energie",
+                r"hormonelle\s+balance", r"perforan",
+            ],
+        },
+    }
+
+    inserted, skipped = 0, 0
+    for note, config in rules.items():
+        for pattern in config["patterns"]:
+            exists = SpamRule.objects.filter(
+                Q(pattern=pattern) & Q(type=config["type"])
+            ).exists()
+            if not exists:
+                SpamRule.objects.create(
+                    type=config["type"],
+                    pattern=pattern,
+                    score=config["score"],
+                    notes=note,
+                )
+                inserted += 1
+            else:
+                skipped += 1
+
+    print(f"✅ Inserted {inserted} new rules, skipped {skipped} existing ones.")
+
+
+# Run it
+seed_spam_rules()
diff --git a/static/website/templates/index.html b/static/website/templates/index.html
index 71554a1..c6e1ae0 100755
--- a/static/website/templates/index.html
+++ b/static/website/templates/index.html
@@ -93,6 +93,7 @@ <h3 align="center">Answers</h3>
             <ul class="nav nav-tabs">
                 <li class="active"><a data-toggle="tab" href="#recent_question">Recent questions</a></li>
                 <li><a data-toggle="tab" href="#most_active">Most active questions</a></li>
+                <li><a data-toggle="tab" href="#spam_pending">Spam Pending-Approval</a></li>
             </ul>
         </div>
         <div class="panel-body">
@@ -114,6 +115,7 @@ <h3 align="center">Answers</h3>
 							</thead>
 							<tbody>
                 {% for question in questions %}
+                {% if 'test-' not in question.category %}
                 <tr>
                     <td>
                         <span href="#" class="category" data-toggle="tooltip" data-placement="top" title="{{ question.category}}">
@@ -177,6 +179,7 @@ <h3 align="center">Answers</h3>
                         </span>
                     </td>
                 </tr>
+                {% endif %}
                 {% endfor %}
                 </tbody>
             </table>
@@ -279,7 +282,45 @@ <h3 align="center">Answers</h3>
                         </tbody>
                     </table>
             </div>
-        </div>
+            <div id="spam_pending" class="tab-pane fade">
+                <table id="spamTable" class="tablesorter-blue">
+                    <thead>
+                        <tr>
+                            <th>FOSS</th>
+                            <th>Tutorial</th>
+                            <th>Min</th>
+                            <th>Sec</th>
+                            <th>Question</th>
+                            <th>Date</th>
+                            <th>User</th>
+                            <th>Actions</th>
+                        </tr>
+                    </thead>
+                    <tbody>
+                        {% for question in spam_questions %}
+                        <tr id="spam-row-{{ question.id }}">
+                            <td>{{ question.category|truncatechars:12 }}</td>
+                            <td>{{ question.tutorial|truncatechars:12 }}</td>
+                            <td>{{ question.minute_range }}</td>
+                            <td>{{ question.second_range }}</td>
+                            <td>
+                                <a href="{% url 'website:get_question' question.id %}{% prettify question.title %}">
+                                    {{ question.title|truncatechars:40 }}
+                                </a>
+                            </td>
+                            <td>{{ question.date_created|date:"d-m-y" }}</td>
+                            <td>{{ question.user|truncatechars:10 }}</td>
+                            <td>
+                                <button class="btn btn-xs btn-success spam-approve" data-qid="{{ question.id }}">Approve</button>
+                                <button class="btn btn-xs btn-danger spam-reject" data-qid="{{ question.id }}">Reject</button>
+                            </td>
+                        </tr>
+                        {% empty %}
+                        <tr><td colspan="8">No spam questions pending approval.</td></tr>
+                        {% endfor %}
+                    </tbody>
+                </table>
+            </div>
         </div> <!-- /.panel-body -->
     </div> <!-- /.panel -->
 {% endblock %}
@@ -324,6 +365,41 @@ <h3 align="center">Answers</h3>
             }
             e.preventDefault();
         });
+
+        // Spam approval handlers
+        $('.spam-approve').click(function() {
+            var qid = $(this).data('qid');
+            var row = $('#spam-row-' + qid);
+            
+            $.post('/ajax-spam-approve/', {
+                question_id: qid,
+                csrfmiddlewaretoken: $('[name=csrfmiddlewaretoken]').val()
+            }, function(response) {
+                if(response.success) {
+                    row.fadeOut(function() { $(this).remove(); });
+                    alert('Question approved!');
+                } else {
+                    alert('Error approving question: ' + (response.error || 'Unknown error'));
+                }
+            }, 'json');
+        });
+
+        $('.spam-reject').click(function() {
+            var qid = $(this).data('qid');
+            var row = $('#spam-row-' + qid);
+            
+            $.post('/ajax-spam-reject/', {
+                question_id: qid,
+                csrfmiddlewaretoken: $('[name=csrfmiddlewaretoken]').val()
+            }, function(response) {
+                if(response.success) {
+                    row.fadeOut(function() { $(this).remove(); });
+                    alert('Question rejected as spam!');
+                } else {
+                    alert('Error rejecting question: ' + (response.error || 'Unknown error'));
+                }
+            }, 'json');
+        });
     });
     $('span').tooltip();
 </script>
diff --git a/static/website/templates/new-question.html b/static/website/templates/new-question.html
index c088447..78dea29 100755
--- a/static/website/templates/new-question.html
+++ b/static/website/templates/new-question.html
@@ -54,6 +54,13 @@ <h4>
                 <label for="id_body">Question:</label>
                 {% render_field form.body class+="form-control" %}
             </div>
+
+            <!-- reCAPTCHA widget, only for users without a role -->
+            {% if require_recaptcha %}
+            <div class="form-group" style="margin-top: 20px; margin-bottom: 15px;">
+                <div class="g-recaptcha" data-sitekey="{{ recaptcha_site_key }}"></div>
+            </div>
+            {% endif %}
         </div>
     </div>
     <input class="btn btn-success" type="submit" value="Submit Question"> 
@@ -76,6 +83,7 @@ <h4 class="modal-title" id="myModalLabel">Similar Questions</h4>
     </div><!-- /.modal -->
 
 <script src="{% static 'website/js/nicEdit.js' %}" type="text/javascript"></script>
+<script src="https://www.google.com/recaptcha/api.js" async defer></script>
 <script type="text/javascript">
 bkLib.onDomLoaded(function() {
 	new nicEditor({
diff --git a/website/forms.py b/website/forms.py
index 4a41b7e..38211e5 100755
--- a/website/forms.py
+++ b/website/forms.py
@@ -69,4 +69,4 @@ def __init__(self, *args, **kwargs):
 
 class AnswerQuesitionForm(forms.Form):
     question = forms.IntegerField(widget=forms.HiddenInput())
-    body = forms.CharField(widget=forms.Textarea())
+    body = forms.CharField(widget=forms.Textarea())
\ No newline at end of file
diff --git a/website/helpers.py b/website/helpers.py
index 5db0a53..b9839dc 100755
--- a/website/helpers.py
+++ b/website/helpers.py
@@ -1,9 +1,34 @@
 import re
-from website.models import Question
-from nltk.corpus import stopwords 
+import json
+import logging
+from datetime import datetime
+from typing import Dict, List, Tuple, Optional
+from website.models import Question, User
+import nltk
+from nltk.corpus import stopwords
 from nltk.tokenize import word_tokenize
+from website.templatetags.permission_tags import can_edit, can_hide_delete
 from sklearn.metrics.pairwise import cosine_similarity
-sw = stopwords.words('english')
+from django.conf import settings
+from django.utils import timezone
+from django.db.models import Q
+import re
+from .models import SpamRule, SpamLog   # assuming app is `forum`
+
+def _load_stopwords():
+    try:
+        return stopwords.words('english')
+    except LookupError:
+        nltk.download('stopwords', quiet=True)
+        return stopwords.words('english')
+
+
+sw = _load_stopwords()
+
+# Configure logging for spam detection
+import logging
+spam_logger = logging.getLogger('spam_detection')
+
 
 def get_video_info(path):
     """Uses ffmpeg to determine information about a video. This has not been broadly
@@ -67,4 +92,160 @@ def get_similar_questions(user_ques,question):
         if w in question: l2.append(1) 
         else: l2.append(0)        
     cs = cosine_similarity((l1,l2))
-    return cs[0][1]
\ No newline at end of file
+    return cs[0][1]
+
+
+# helpers.py
+
+MULTIPLE_URL_WEIGHT = 20
+MULTIPLE_URL_THRESHOLD = 3
+
+class SpamQuestionDetector:
+    def __init__(self):
+        # load only active + not expired rules
+        now = timezone.now()
+        qs = SpamRule.objects.filter(active=True).filter(
+            Q(expires_at__isnull=True) | Q(expires_at__gt=now)
+        )
+        self._compiled = []
+        for r in qs:
+            try:
+                cre = re.compile(r.pattern, re.IGNORECASE)
+            except re.error:
+                spam_logger.warning(f"Invalid regex in SpamRule id={r.id}: {r.pattern}")
+                continue
+            self._compiled.append({
+                'rule': r,
+                'compiled': cre
+            })
+
+    def extract_urls(self, text: str):
+        return re.findall(r'https?://[^\s)<>"]+', text)
+
+    def detect_spam(self,user,question, title: str, content: str, category: str = "", tutorial: str = "") -> dict:
+        combined_text = " ".join(filter(None, [title, content, category, tutorial])).lower()
+        spam_score = 0
+        matches = []
+
+        for entry in self._compiled:
+            rule = entry['rule']
+            cre = entry['compiled']
+            if cre.search(combined_text):
+                spam_score += rule.score
+                matches.append({
+                    'id': rule.id,
+                    'pattern': rule.pattern,
+                    'score': rule.score,
+                    'type': rule.type,
+                    'notes': rule.notes
+                })
+
+        # detect multiple URLs (we keep this behaviour from original)
+        urls = self.extract_urls(combined_text)
+        if len(urls) >= MULTIPLE_URL_THRESHOLD:
+            spam_score += MULTIPLE_URL_WEIGHT
+            matches.append({
+                'pattern': f'{len(urls)} URLs',
+                'score': MULTIPLE_URL_WEIGHT,
+                'type': 'urls'
+            })
+
+        # classification (same thresholds as earlier)
+        if spam_score >= 60:
+            confidence, action = 'HIGH', 'DELETE'
+        elif spam_score >= 30:
+            confidence, action = 'MEDIUM', 'REVIEW'
+        elif spam_score >= 15:
+            confidence, action = 'LOW', 'REVIEW'
+        else:
+            confidence, action = 'CLEAN', 'APPROVE'
+
+        result = {
+            'spam_score': spam_score,
+            'matches': matches,
+            'confidence': confidence,
+            'recommended_action': action,
+            'url_count': len(urls)
+        }
+
+        # debug log
+        spam_logger.info(
+            "SpamDetect result: question_id=%s user_id=%s score=%s action=%s matches=%s",
+            question.id, user.id, spam_score, action, len(matches)
+        )
+        return result
+
+
+def handle_spam(question, user, delete_on_high=True, save_question_metadata_before_delete=True):
+    """
+    Runs detection on a saved Question instance and logs/takes action.
+    - question: saved Question instance (has .id)
+    - user: Django user instance who created the question (for logging)
+    - delete_on_high: if True, HIGH confidence -> delete from DB; otherwise hide it (status=0)
+    Returns a status string: 'AUTO_DELETE', 'FLAGGED', 'APPROVED', 'HIDDEN'
+    """
+    detector = SpamQuestionDetector()
+    result = detector.detect_spam(
+        user=user,
+        question=question,
+        title=getattr(question, 'title', '') or '',
+        content=getattr(question, 'body', '') or '',
+        category=getattr(question, 'category', '') or '',
+        tutorial=getattr(question, 'tutorial', '') or ''
+    )
+
+    spam_score = result['spam_score']
+    confidence = result['confidence']
+    action = result['recommended_action']
+    details = result['matches']
+
+    # prepare log payload
+    log_payload = {
+        'question_id': question.id,
+        'user_id': user.id if user else None,
+        'category': getattr(question, 'category', '') or '',
+        'title': getattr(question, 'title', '') or '',
+        'content': getattr(question, 'body', '') or '',
+        'action': None,
+        'spam_score': spam_score,
+        'confidence': confidence,
+        'details': details
+    }
+
+    # TAKE ACTION
+    if action == 'DELETE' and confidence == 'HIGH':
+        log_payload['action'] = 'AUTO_DELETE'
+        SpamLog.objects.create(**log_payload)
+
+        if delete_on_high:
+            # mark as spam (status=2) after logging
+            spam_logger.info(f"MARK_INACTIVE: Question {question.id} by user {user.id} score={spam_score}")
+            question.status = 2
+            question.spam = True
+            question.save(update_fields=["status", "spam"])
+            user.is_active = 0
+            user.save(update_fields=["is_active"])
+            return 'AUTO_DELETE'
+        else:
+            # hide instead of delete
+            question.spam = True
+            question.status = 0
+            question.save(update_fields=['spam', 'status'])
+            return 'HIDDEN'
+
+    elif action == 'REVIEW':
+        # flag for admin review
+        log_payload['action'] = 'FLAGGED'
+        SpamLog.objects.create(**log_payload)
+
+        question.approval_required = True
+        question.spam = False
+        question.save(update_fields=['approval_required', 'spam'])
+        return 'FLAGGED'
+
+    else:
+        # APPROVE / CLEAN
+        question.spam = False
+        question.approval_required = False
+        question.save(update_fields=['spam', 'approval_required'])
+        return 'APPROVED'
\ No newline at end of file
diff --git a/website/migrations/0001_initial.py b/website/migrations/0001_initial.py
new file mode 100644
index 0000000..8c484ae
--- /dev/null
+++ b/website/migrations/0001_initial.py
@@ -0,0 +1,102 @@
+# Generated by Django 2.2.6 on 2025-09-12 11:42
+
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    initial = True
+
+    dependencies = [
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Answer',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('uid', models.IntegerField()),
+                ('body', models.TextField()),
+                ('date_created', models.DateTimeField(auto_now_add=True)),
+                ('date_modified', models.DateTimeField(auto_now=True)),
+            ],
+        ),
+        migrations.CreateModel(
+            name='Notification',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('uid', models.IntegerField()),
+                ('pid', models.IntegerField()),
+                ('qid', models.IntegerField()),
+                ('aid', models.IntegerField(default=0)),
+                ('cid', models.IntegerField(default=0)),
+                ('date_created', models.DateTimeField(auto_now_add=True)),
+            ],
+        ),
+        migrations.CreateModel(
+            name='Question',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('uid', models.IntegerField()),
+                ('category', models.CharField(max_length=200)),
+                ('tutorial', models.CharField(max_length=200)),
+                ('minute_range', models.CharField(max_length=10)),
+                ('second_range', models.CharField(max_length=10)),
+                ('title', models.CharField(max_length=200)),
+                ('body', models.TextField()),
+                ('date_created', models.DateTimeField(auto_now_add=True)),
+                ('date_modified', models.DateTimeField(auto_now=True)),
+                ('views', models.IntegerField(default=1)),
+                ('status', models.IntegerField(default=1)),
+                ('last_active', models.DateTimeField(null=True)),
+                ('last_post_by', models.IntegerField(null=True)),
+            ],
+            options={
+                'get_latest_by': 'date_created',
+            },
+        ),
+        migrations.CreateModel(
+            name='QuestionVote',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('uid', models.IntegerField()),
+                ('question', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='website.Question')),
+            ],
+        ),
+        migrations.CreateModel(
+            name='QuestionComment',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('uid', models.IntegerField()),
+                ('body', models.TextField()),
+                ('date_created', models.DateTimeField(auto_now_add=True)),
+                ('date_modified', models.DateTimeField(auto_now=True)),
+                ('question', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='website.Question')),
+            ],
+        ),
+        migrations.CreateModel(
+            name='AnswerVote',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('uid', models.IntegerField()),
+                ('answer', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='website.Answer')),
+            ],
+        ),
+        migrations.CreateModel(
+            name='AnswerComment',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('uid', models.IntegerField()),
+                ('body', models.TextField()),
+                ('date_created', models.DateTimeField(auto_now_add=True)),
+                ('date_modified', models.DateTimeField(auto_now=True)),
+                ('answer', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='website.Answer')),
+            ],
+        ),
+        migrations.AddField(
+            model_name='answer',
+            name='question',
+            field=models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='website.Question'),
+        ),
+    ]
diff --git a/website/migrations/0002_auto_20250912_1713.py b/website/migrations/0002_auto_20250912_1713.py
new file mode 100644
index 0000000..9dd45e8
--- /dev/null
+++ b/website/migrations/0002_auto_20250912_1713.py
@@ -0,0 +1,65 @@
+# Generated by Django 2.2.6 on 2025-09-12 11:43
+
+from django.db import migrations, models
+import django.utils.timezone
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('website', '0001_initial'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='SpamLog',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('question_id', models.IntegerField()),
+                ('user_id', models.IntegerField(blank=True, null=True)),
+                ('category', models.CharField(blank=True, max_length=200)),
+                ('title', models.CharField(blank=True, max_length=200)),
+                ('content', models.TextField(blank=True)),
+                ('action', models.CharField(choices=[('AUTO_DELETE', 'Auto Deleted'), ('FLAGGED', 'Flagged for Review'), ('APPROVED', 'Approved')], max_length=20)),
+                ('spam_score', models.IntegerField()),
+                ('confidence', models.CharField(max_length=20)),
+                ('details', models.TextField(blank=True, null=True)),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+            ],
+        ),
+        migrations.CreateModel(
+            name='SpamRule',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('type', models.CharField(choices=[('keyword', 'Keyword'), ('domain', 'Domain / URL')], max_length=10)),
+                ('pattern', models.CharField(max_length=500)),
+                ('score', models.IntegerField(default=1)),
+                ('active', models.BooleanField(default=True)),
+                ('notes', models.CharField(blank=True, max_length=200)),
+                ('expires_at', models.DateTimeField(blank=True, null=True)),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+                ('updated_at', models.DateTimeField(auto_now=True)),
+            ],
+        ),
+        migrations.AddField(
+            model_name='question',
+            name='approval_required',
+            field=models.BooleanField(default=False),
+        ),
+        migrations.AddField(
+            model_name='question',
+            name='approved_by',
+            field=models.IntegerField(null=True),
+        ),
+        migrations.AddField(
+            model_name='question',
+            name='date_approved',
+            field=models.DateTimeField(auto_now_add=True, default=django.utils.timezone.now),
+            preserve_default=False,
+        ),
+        migrations.AddField(
+            model_name='question',
+            name='spam',
+            field=models.BooleanField(default=False),
+        ),
+    ]
diff --git a/website/migrations/__init__.py b/website/migrations/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/website/models.py b/website/models.py
index 9dbf6f0..44a8093 100755
--- a/website/models.py
+++ b/website/models.py
@@ -1,6 +1,6 @@
 from django.db import models
 from django.contrib.auth import get_user_model
-
+import json
 User = get_user_model()
 
 
@@ -18,6 +18,11 @@ class Question(models.Model):
     status = models.IntegerField(default=1)
     last_active = models.DateTimeField(null=True)
     last_post_by = models.IntegerField(null=True)
+    spam = models.BooleanField(default=False)
+    approval_required = models.BooleanField(default=False)
+    approved_by = models.IntegerField(null=True)
+    date_approved = models.DateTimeField(auto_now_add=True)
+ 
     # votes = models.IntegerField(default=0)
 
     def user(self):
@@ -88,3 +93,49 @@ def poster(self):
         return user.username
 
 # CDEEP database created using inspectdb arg of manage.py
+class SpamRule(models.Model):
+    KEYWORD = "keyword"
+    DOMAIN = "domain"
+    TYPES = [(KEYWORD, "Keyword"), (DOMAIN, "Domain / URL")]
+
+    type = models.CharField(max_length=10, choices=TYPES)
+    pattern = models.CharField(max_length=500)
+    score = models.IntegerField(default=1)
+    active = models.BooleanField(default=True)
+    notes = models.CharField(max_length=200, blank=True)
+    expires_at = models.DateTimeField(null=True, blank=True)
+    created_at = models.DateTimeField(auto_now_add=True)
+    updated_at = models.DateTimeField(auto_now=True)
+
+    def __str__(self):
+        return f"{self.type}: {self.pattern} ({self.score})"
+
+class SpamLog(models.Model):
+    ACTIONS = [
+        ("AUTO_DELETE", "Auto Deleted"),
+        ("FLAGGED", "Flagged for Review"),
+        ("APPROVED", "Approved"),
+    ]
+
+    question_id = models.IntegerField()
+    user_id = models.IntegerField(null=True, blank=True)
+    category = models.CharField(max_length=200, blank=True)
+    title = models.CharField(max_length=200, blank=True)
+    content = models.TextField(blank=True)
+    action = models.CharField(max_length=20, choices=ACTIONS)
+    spam_score = models.IntegerField()
+    confidence = models.CharField(max_length=20)
+    details = models.TextField(blank=True, null=True)
+
+    def set_details(self, data):
+        self.details = json.dumps(data)
+
+    def get_details(self):
+        try:
+            return json.loads(self.details)
+        except Exception:
+            return {}
+    created_at = models.DateTimeField(auto_now_add=True)
+
+    def __str__(self):
+        return f"Q{self.question_id} - {self.action} ({self.spam_score})"
diff --git a/website/urls.py b/website/urls.py
index 08decec..3b7533b 100755
--- a/website/urls.py
+++ b/website/urls.py
@@ -38,4 +38,6 @@
     url(r'^ajax-time-search/$', views.ajax_time_search, name='ajax_time_search'),
     url(r'^ajax-delete-question/$', views.ajax_delete_question, name='ajax_delete_question'),
     url(r'^ajax-hide-question/$', views.ajax_hide_question, name='ajax_hide_question'),
+    url(r'^ajax-spam-approve/$', views.ajax_spam_approve, name='ajax_spam_approve'),
+    url(r'^ajax-spam-reject/$', views.ajax_spam_reject, name='ajax_spam_reject'),
 ]
diff --git a/website/views.py b/website/views.py
index c40fce4..3fdf5b8 100755
--- a/website/views.py
+++ b/website/views.py
@@ -1,4 +1,5 @@
 import json
+import requests
 
 from django.http import HttpResponse, HttpResponseRedirect, HttpResponseForbidden
 from django.shortcuts import render, get_object_or_404
@@ -8,16 +9,18 @@
 from django.core.mail import EmailMultiAlternatives
 from django.core.paginator import Paginator, EmptyPage, PageNotAnInteger
 from django.contrib.auth import get_user_model
-
+from django.contrib.auth.models import Group
+from django.contrib import messages
 from website.models import Question, Answer, Notification, AnswerComment
 from spoken_auth.models import TutorialDetails, TutorialResources
 from website.forms import NewQuestionForm, AnswerQuesitionForm
-from website.helpers import get_video_info, prettify, clean_user_data, get_similar_questions
+from website.helpers import get_video_info, prettify,clean_user_data, get_similar_questions, SpamQuestionDetector, handle_spam
 from django.conf  import settings
 from website.templatetags.permission_tags import can_edit, can_hide_delete
 from spoken_auth.models import FossCategory
 from .sortable import SortableHeader, get_sorted_list, get_field_index
-
+from forums.views import user_logout
+from website.permissions import is_administrator
 
 User = get_user_model()
 categories = []
@@ -37,7 +40,17 @@ def home(request):
     slider_questions = Question.objects.filter(
             date_created=Subquery(subquery), status=1
     ).order_by('category')
-
+    
+     # Add spam questions only for admin users
+    spam_questions = []
+    is_admin = False
+    if request.user.is_authenticated and is_administrator(request.user):
+        # Show both: status=2 (auto-detected spam) and approval_required=True (flagged for review)
+        spam_questions = Question.objects.filter(
+            Q(status=2) | Q(approval_required=True)
+        ).order_by('-date_created')
+        is_admin = True
+        
     # Mapping of foss name as in spk db & its corresponding category name in forums db
     category_fosses = {val.replace(" ", "-") : val for val in categories}    
 
@@ -62,7 +75,9 @@ def home(request):
     context = {
     'questions': questions,
     'active_questions':active_questions,
-    'category_question_map': category_question_map
+    'category_question_map': category_question_map,
+    'spam_questions': spam_questions,
+    'is_admin': is_admin,
 }
     return render(request, "website/templates/index.html", context)
 
@@ -70,9 +85,9 @@ def home(request):
 def questions(request):
     questions = Question.objects.filter(status=1).order_by('category', 'tutorial')
     questions = questions.annotate(total_answers=Count('answer'))
-
+        
     raw_get_data = request.GET.get('o', None)
-
+    
     header = {
                 1: SortableHeader('category', True, 'Foss'),
                 2: SortableHeader('tutorial', True, 'Tutorial Name'),
@@ -318,6 +333,50 @@ def filter(request, category=None, tutorial=None, minute_range=None, second_rang
 def new_question(request):
     context = {}
     if request.method == 'POST':
+        # check if user has a role 
+        user_has_role = request.user.is_authenticated and request.user.groups.exists()
+        
+        # only require captcha for users without a role
+        if not user_has_role:
+            
+            recaptcha_response = request.POST.get('g-recaptcha-response', '')
+            
+            if not recaptcha_response:
+                messages.error(request, "Please complete the reCAPTCHA verification.")
+                form = NewQuestionForm(request.POST)
+                context['form'] = form
+                context['recaptcha_site_key'] = settings.RECAPTCHA_SITE_KEY
+                context['require_recaptcha'] = True
+                return render(request, 'website/templates/new-question.html', context)
+            
+            # verify with google
+            recaptcha_verification_url = "https://www.google.com/recaptcha/api/siteverify"
+            recaptcha_data = {
+                'secret': settings.RECAPTCHA_SECRET_KEY,
+                'response': recaptcha_response
+            }
+            
+            try:
+                recaptcha_result = requests.post(recaptcha_verification_url, data=recaptcha_data, timeout=5)
+                recaptcha_result.raise_for_status()
+                recaptcha_json = recaptcha_result.json()
+            except requests.RequestException as e:
+                messages.error(request, "Error verifying reCAPTCHA. Please try again.")
+                form = NewQuestionForm(request.POST)
+                context['form'] = form
+                context['recaptcha_site_key'] = settings.RECAPTCHA_SITE_KEY
+                context['require_recaptcha'] = True
+                return render(request, 'website/templates/new-question.html', context)
+            
+            # check if verification was successful
+            if not recaptcha_json.get('success', False):
+                messages.error(request, "reCAPTCHA verification failed. Please try again.")
+                form = NewQuestionForm(request.POST)
+                context['form'] = form
+                context['recaptcha_site_key'] = settings.RECAPTCHA_SITE_KEY
+                context['require_recaptcha'] = True
+                return render(request, 'website/templates/new-question.html', context)
+        
         form = NewQuestionForm(request.POST)
         if form.is_valid():
             cleaned_data = form.cleaned_data
@@ -331,47 +390,66 @@ def new_question(request):
             question.body = cleaned_data['body']
             question.views = 1
             question.save()
+            # Run spam detection
+            action = handle_spam(question, request.user)
+
+            if action == "AUTO_DELETE":
+                messages.error(request, " Your question is being marked as spam and your account has been deactivated.")
+                user_logout(request)
+                return HttpResponseRedirect('/')
+
+            elif action == "FLAGGED":
+                messages.warning(request, " Your question is pending moderator review.")
+                # Don’t send email for flagged content
+                return HttpResponseRedirect('/')
+
+            else:  # APPROVED
+                
+                subject = 'New Forum Question'
+                message = f"""
+                    The following new question has been posted in the Spoken Tutorial Forum: <br>
+                    Title: <b>{question.title}</b><br>
+                    Category: <b>{question.category}</b><br>
+                    Tutorial: <b>{question.tutorial}</b><br>
+                    Link: <a href="http://forums.spoken-tutorial.org/question/{question.id}">
+                        http://forums.spoken-tutorial.org/question/{question.id}
+                    </a><br>
+                    Question: <b>{question.body}</b><br>
+                """
+                email = EmailMultiAlternatives(
+                    subject, '', 'forums',
+                    ['team@spoken-tutorial.org', 'team@fossee.in'],
+                    headers={"Content-type": "text/html;charset=iso-8859-1"}
+                )
+                email.attach_alternative(message, "text/html")
+                email.send(fail_silently=True)
+                return HttpResponseRedirect('/')
 
-            # Sending email when a new question is asked
-            subject = 'New Forum Question'
-            message = """
-                The following new question has been posted in the Spoken Tutorial Forum: <br>
-                Title: <b>{0}</b><br>
-                Category: <b>{1}</b><br>
-                Tutorial: <b>{2}</b><br>
-                Link: <a href="{3}">{3}</a><br>
-                Question: <b>{4}</b><br>
-            """.format(
-                question.title,
-                question.category,
-                question.tutorial,
-                'http://forums.spoken-tutorial.org/question/' + str(question.id),
-                question.body
-            )
-            email = EmailMultiAlternatives(
-                subject, '', 'forums',
-                ['team@spoken-tutorial.org', 'team@fossee.in'],
-                headers={"Content-type": "text/html;charset=iso-8859-1"}
-            )
-            email.attach_alternative(message, "text/html")
-            email.send(fail_silently=True)
-            # End of email send
+        # If form not valid -> re-render with errors
+        context['form'] = form
+        context['recaptcha_site_key'] = settings.RECAPTCHA_SITE_KEY
+        # check if user needs to complete captcha
+        user_has_role = request.user.is_authenticated and request.user.groups.exists()
+        context['require_recaptcha'] = not user_has_role
+        return render(request, 'website/templates/new-question.html', context)
 
-            return HttpResponseRedirect('/')
     else:
-        # get values from URL.
+        # GET request -> render empty form
         category = request.GET.get('category', None)
         tutorial = request.GET.get('tutorial', None)
         minute_range = request.GET.get('minute_range', None)
         second_range = request.GET.get('second_range', None)
-        # pass minute_range and second_range value to NewQuestionForm to populate on select
-        form = NewQuestionForm(category=category, tutorial=tutorial,
-                               minute_range=minute_range, second_range=second_range)
+        form = NewQuestionForm(
+            category=category, tutorial=tutorial,
+            minute_range=minute_range, second_range=second_range
+        )
+        context['form'] = form
         context['category'] = category
-
-    context['form'] = form
-    context.update(csrf(request))
-    return render(request, 'website/templates/new-question.html', context)
+        context['recaptcha_site_key'] = settings.RECAPTCHA_SITE_KEY
+        # check if user needs to complete captcha
+        user_has_role = request.user.is_authenticated and request.user.groups.exists()
+        context['require_recaptcha'] = not user_has_role
+        return render(request, 'website/templates/new-question.html', context)
 
 # Notification Section
 
@@ -727,3 +805,47 @@ def unanswered_notification(request):
     if total_count:
         forums_mail(to, subject, message)
     return HttpResponse(message)
+
+
+@login_required
+def ajax_spam_approve(request):
+    """Admin approves a spam-flagged question"""
+    if request.method == "POST" and is_administrator(request.user):
+        question_id = request.POST.get('question_id')
+        try:
+            question = get_object_or_404(Question, pk=question_id)
+            question.spam = False
+            question.approval_required = False
+            question.status = 1
+            question.save(update_fields=['spam', 'approval_required', 'status'])
+            
+            from website.models import SpamLog
+            SpamLog.objects.filter(question_id=question_id).update(action='APPROVED')
+            
+            return HttpResponse(json.dumps({'success': True}), content_type='application/json')
+        except Exception:
+            pass
+    
+    return HttpResponse(json.dumps({'success': False}), content_type='application/json')
+
+
+@login_required
+def ajax_spam_reject(request):
+    """Admin rejects a spam-flagged question"""
+    if request.method == "POST" and is_administrator(request.user):
+        question_id = request.POST.get('question_id')
+        try:
+            question = get_object_or_404(Question, pk=question_id)
+            question.spam = True
+            question.approval_required = False
+            question.status = 2
+            question.save(update_fields=['spam', 'approval_required', 'status'])
+            
+            from website.models import SpamLog
+            SpamLog.objects.filter(question_id=question_id).update(action='AUTO_DELETE')
+            
+            return HttpResponse(json.dumps({'success': True}), content_type='application/json')
+        except Exception:
+            pass
+    
+    return HttpResponse(json.dumps({'success': False}), content_type='application/json')