I have put in anti comment spam measures on my law school admissions social network site([url removed, login to view]) which has blocked 95% of spam. These measures are
1) Require registration to post on old profiles (from old admissions cycles that aren't active)
2) CAPTCHA image verification
3) Not allowing any comments posted with link HTML in the text.
Like I said, this stopped 95% of the spam but somehow a spammer or two has figured out how to bypass 1 and 3.
For example: Go to [url removed, login to view]
As you can see, there isn't even a space to post unless you're registered but somehow they've figured out how to pass comments to the SQL server. Also, even if they could figure out how to get the comment form to show, the script does not accept "a href" when you post normally, but somehow they've figured out how to bypass this as well.
I'm totally stumped - this could be a pretty quick fix or something more complicated, I don't know. I am open to ideas/suggestions.