
I've got a patch against 1.3.9 to prevent comment spam by counting the number of links in
anonymous comments and disallowing the comment if there are more than 2. Logged-in users aren't subject to this restriction. This seems like a very good strategy, and should work much better than IP banning.
http://www.jess2.net/code/geekplugs/antispam.patch.
The patch also enforces a user-configurable delay between hitting 'reply to this' and hitting submit.