When I started having issues with bloggspammers on this blog away back when, I started requiring registration to comment. Registration with email confirmation. That pretty much seemed to do the trick for a long time. But earlier this week there was a new registration, confirmed by email, and they started adding spam to a bunch of posts. I caught it within 15 minutes, deleted the account and deleted the spam comments. Then the same guy (or robot, or whatever) registered under a slightly different email a few minutes later and I just blocked the IP it was coming from. Since then nothing more.
Annoying though. This was the first one that has bothered to register with the email confirm though. If I start getting more I'll have to add a capcha or something. But I hate those things. So I hope it won't become needed, but it probably will.
Of course, if it wasn't a robot but was actually a human, that won't help. But hopefully the volume actual humans could do would be small enough I could handle it by hand.
Unfortunately, captchas don't seem to help. I finally pulled mine after I seemingly got more spam posts past my captcha than legitimate posts. I'm assuming (perhaps incorrectly) that there is no Akismet module available for your software. (There is for ExpressionEngine, but I can't recall if this is EE or a precursor.) I've had very good luck with Akismet so far, and but for one false positive (and nearly 1400 spam filtered) I'd let it just trash automatically.
I've been farily lucky I guess. Requiring registration by email pretty much killed the comment spam (at least so far). This guy last week was the first to actually go through that step anyway. I gave up on the pingbacks and trackbacks though, I just turned those off.
My wiki is also getting hit several times a minute by people trying to do "bad things" (and failing). Since I run that off my main desktop machine I actually use, the extra load is kind of annoying, especially when it spikes up in volume.