Fixing WPMU 2.8.4 and the ignored Banned Email Domains option
BuddyPress and MultiDB
Stopping Spamblog Registration in WordPress MultiUser
I've been running a copy of WordPress MultiUser for over a year now. Comment spam hasn't been much of a problem, thanks to Akismet, but if I leave site registration open (so students and faculty can create new accounts and blogs), the evil spammers find it and start sending their bots en masse.
I tried a few plugins, with varying levels of success. There's an interesting one that attempts to limit registrations to a specific country, but it falsely reported some valid users as not being in Canada. Captchas work, but also block some valid users (and the signup captcha plugin I'd been using is possibly abandoned).
So, I did some quick googling, and came across the page on the WordPress Codex about using .htaccess files to stop comment spam. I made some modifications to the technique, and am now running it on UCalgaryBlogs.ca with apparent success. The apache logs show the bot attacks are still in full force, but not a single one has gotten through in order to register. And valid users have been able to get through. That's pretty promising.