Ahh, what fun times.
I’ve just logged into the blog admin area to moderate the 2,500+ comments that were waiting for me. Well, that’s a funny one! My browser fell over after a few minutes of trying to download hundreds of comments from Russia and China trying to sell me all sorts of merchandise. 
I managed to delete the comments 200 at a time via phpMyAdmin. Yes, I should’ve probably tried to delete them earlier, because some were from 2006, but better late than never.
I’ve also installed a plugin which closes the comments automatically after 14 days, which should stop spammers trying to auto-post to them. I do have a spam captcha, but no doubt it’s been hacked, or will be soon.
I’ve also made the blog commenting policy clearer by leaving instructions just above the blog comment form…
Please use your real name and your keywords in the name field. For example, “Neil Shearing – SEO Tips”.
Onwards and upwards!
Looks like supporting the dofollow movement has created quite a bit of problem for your blog. These spammers are causing a hell lot of trouble everywhere and there are really nothing much we can do to stop the spamming community out there. Respect your decision.
thats why i didnt make my blog dofollow
Good point!
Neil.
Hey Neil,
I don’t think its even vaguely safe to assume a graphic captcha works nowadays.
Eli at Blue Hat posted a full-blown python script to crack them a while back, and that’s just the first one that comes to mind.
I’ve had some success using reCaptcha, which seems to be keeping up in the arms race (at the cost of being pretty difficult to read even for a human with clean glasses..)
Perhaps more visual obfuscation is called for on your captcha?
Alex
It is wiser to make use of a combination of spam plugin to curb spamming. I have seen some blogs practicing this type of spam control and i can see it is working pretty well.
Seem like dofollow has caused quite a lot of spamming problem for your site. It is good that you implement stricter policy on commenting.
Captcha seems to work for me. Of course it won’t work against humans which I’ve resorted to moderated posts. I’m hearing now of a scheme in poor countries. Young gamers want time credits to play at Internet Cafes. So in order to get these credits, the operators make them work by posting spam on various sites. And after certain amount of time spamming, they get their respective time to play games thus getting humans to defeat captcha.