Captcha or similar

That's impressive results! Are you using custom filters in addition to the Bayesian filter? Any chance you could dump your spam_statistics and spam_custom tables and attach them to this issue? I'd be quite interesting in seeing more to understand how you're getting such good results. And I'm curious to see just how much spam you're actually dealing with.

As for captcha's ("completely automated public Turing test to tell computers and humans apart"), I don't think that would be a logical addition to the spam module. Instead, it would make more sense to expand the existing captcha module so that in addition to hooking into the user registration process, it could also hook into the anonymous comment submission process. Perhaps you should open up a feature request for that module?

A handful of custom ones - 'texas holdem', 'debt consolidation' and other particularly irritating ones that kept cropping up (phentermine notched up a pretty impressive 1960 matches on its own, although I've not seen it reappear for a few days) but that's it.

If you'll post a dump of your spam_custom table, I'd like to include it in contrib/custom. If it works for you, it might work for someone else, too.

I updated the filter the other day for the URL limiter, and there's eleven pages worth of automatically killed URLs.

Watch this closely for a while. It worked great in my test-lab, but I haven't given it any real-world testing yet. (I only added it to the 4.5 version of the module, but I'm still using Drupal 4.4. After yesterday's slam of 350 spam, I'm feeling the need to upgrade quickly. ;)

if only my actual hits were as good as all those blasted referrals keep making it look ;-)

I'm not sure what you're referring to here -- could it be related to this?

Spam_statistics is a little bit skewed at the moment - I had it do a rebuild after updating just to make sure everything had gone okay (a slight glitch in the install), and it's only listing about 44 spam posts instead of the hundreds it actually has, The tokens and actual spam posts it presents are correct though.

Have you been deleting spam, rather than just leaving it unpublished? If not, and the spam is still in your database, then something is wrong -- after a rebuild, the statistics table should have an accurate spam count.

Was the slight install glitch a problem with the spam module that should be fixed? Or documented?

"Sure thing. Dump attached. Not many entries in it, but they're absolutely destroying the current scripted spam-flood I think most people are being hit by."

Cool. Interesting that you're able to use simple text strings, not even needing to use regular expressions. I'll add your dump to the contrib directory soon.

"Nope, just unpublishing it to avoid having to make an new collection later. After the update, it went down from a few hundred to just over 40, but only on the status page - everything else has the full list."

Very odd. I'm testing a 4.4 to 4.5 upgrade currently, and this didn't happen to me. When I did a rebuild all, it worked as planned, currently showing:

learned_spam	402
rebuilt_tokens_all	3
spam	402
spam_comment	384
spam_forum	18

Offhand I don't have any ideas what might have gone wrong for you. Did you do a rebuild from administer >> spam by clicking "rebuild filter"?

BTW: The statistical collection code has some logical errors in it -- I was getting some negative counts prior to my rebuild. It's not a priority for me, but I'll look into it soon.

Actually, looking at your spam_statistics again, I don't see a "rebuilt_tokens_all" entry at all, suggesting you've not actually done a complete rebuild...

pinkblob has coded up preliminary support for anonymous commenter Captchas via a patched comment module:

http://drupal.org/node/14675

Try at your own risk.