After running WordPress MultiUser for more then a year the biggest problem wasn’t the comment spam , but the fact that if I leave the site open for registration of new accounts the spam bots find it and start the attack.
I have tested a few plugins with different levels of success , all have a high level of false positive which didn’t satisfied me.
And so , I have turned to google to search a better solution for my problem and find this page about using .htaccess files to stop comment spam. After some modification now running it on with success with the apache logs showing that the bots are still attacking but they are not able to register and the positive fact is that valid users don’t encounter any problems on registration.
What is nice about this technique is that you don’t need anything from WordPress , no plugins or mu-plugins or some anti-hacker core files, the Apache steps in and kick spammers out.
Check this example:
# BEGIN ANTISPAMBLOG REGISTRATION
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-signup\.php*
RewriteCond %{HTTP_REFERER} !.*yourdomain.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) http://myfastblog.com/ [R=301,L]
# END ANTISPAMBLOG REGISTRATION