This is a problem for any web application. There are many solutions, none are perfect.
On some sites (like 4chan) you’re required to solve a captcha every single time you post, unless you pay a yearly fee not to.
To avoid it, you would need people actively monitoring, banning, and setting up bot detection patterns.
Then again, there are cheap services online where real people are hired to create human accounts and spam you anyway, so…
I would just have Postgres running statically on some solid hardware. It’s easy to configure permissions and connections, too.
Not too hard to set up streaming replication for a hot standby if you wanna be sure (or offload some reads).
I use Postgres btw