If you're running WordPress, run - don't walk - and install Spam Karma 2. Best spam killer I've ever seen. And it's transparent - no Captchas or false-turing-test-attempts involved at all. It's a work of art. Shared blacklists. Regular expression matching for blocked comments/trackbacks. And way more.

And, if you're running any PHP website (including WordPress), run - don't walk - and install Spam Karma's cousin: Referrer Karma. It works on any PHP-based website, and can share the blacklist with Spam Karma 2 for a nice integrated spamroach killing machine.

Referrer Karma is a bit more involved to install - you have to manually install the files and configure by hand, and edit your main index.php file yourself. But that's only so it can be as effective as possible - it triggers before any WordPress code is called, so it wouldn't work as well as a nice easy plugin. Trade-offs. I'd rather file referrer spam into /dev/null than have an easy install...

I'd installed SK2 at the suggestion of Alan Levine, and it's been 100% bulletproof since. RK has put a stop to to the annoying spamroach that was trying to game my non-existent referrer log to link to a fake pharmacy site. 1000 attempts in 12 hours. Good bye, spam roach bastage.

The pharmacy spamroach was hitting my blog repeatedly. See if you can see when I activated Referrer Karma in this screenshot:

Referrer Karma in action

It's the bottom 2 entries that are now blocked. As soon as I threw the switch on RK, the "real" referrers started showing up (or rather, the noise dropped out).

Update: To the spamroach that keeps trying to get around the blacklists: bring it on. In the mood I've been in lately I would love nothing more than to mix it up with some drooling cretin hiding behind IP proxies... If you think you can get in, go for it.