We’re running 3.1.1 multi-user with the latest BuddyPress plugin, but we’re having all sorts of issues with splog signups.
So far, we’ve started using Anti-Splog, Bad Behavior, ReCaptcha on the signup page and have changed our .htaccess as described here and elsewhere.
Is manually spotting and removing them a fact of life with open registration or are we missing something else that could help?
It is a fact of life that you will have to deal with some spam on any site. There are other ways of combating spam: such as a Q&A Captcha (the site asks the user a question such as “What is the name of the site?” and the user has to answer it correctly: very hard for spammers to get past), but they aren’t readily available for wordpress the last time I checked.
This isn’t a very good answer, but unless you make some custom plugins for wordpress, your going to be stuck with some spam. And if you make some custom plugins for wordpress, you are going to have less spam, but you still will have some. You can’t eliminate spam entirely, you can only reduce it’s numbers. The goal is to reduce the number of spam on your site to the point where you barely get any.
Not sure is this helps but there is a plugin called User Spam Remover which removes inactive accounts and looks for spam bots.
I also use Sabre (Simple Anti Bot Registration Engine) Which has a bunch of advanced options to prevent spam bots. I would look at the stealth options which allow you to set timeout and check against blacklist.
You might also be able to run the e-mail address though akismet using their PHP libraries and creating a custom plugin. Good luck!
A nice plugin that helps with this is Stop Spammer Registrations Plugin: