Most people are being hit with a lot of spam these days. Some things you can do to reduce this are:

1. Moderate new registrations
Admin CP -> vBulletin Options -> User Registration Options -> Moderate New Members -> Yes2. Activate email verification
Admin CP -> vBulletin Options -> User Registration Options -> Verify Email address in Registration3. Upgrade to the latest version of 3.7. In 3.7 there are 3 separate Human Verification Options.
Admin CP -> vBulletin Options -> Human Verification Manager ->

Image Verification:
This is the same Images Verification Captcha as in older versions of vB, except that this now requires both GD and Freetype 2 to be installed in PHP.

Question and Answer Verification
This allows you to set up a Question and Answer verification during registration. If done correctly it will be almost impossible for bots to enter the correct answer.

reCAPTCHA™ (http://recaptcha.net/) Verification
This uses the reCaptcha (http://recaptcha.net/) service. You will need to register with them and get both a Public and Private key.
Afeter you have chosen the method you want to use and have set this up, then make sure the correct Human Verification options are set here:

Admin CP -> vBulletin Options -> Human Verification Options
And if you have chosen the Image Verification option then you need to choose either GD or ImageMagick here:Admin CP -> vBulletin Options -> Image Settings
You can go back to the Human Verification Manager to make sure the image is showing correctly.

Note: Both are equivalent. These are also required if you use thumbnails for attachments or wish to automatically resize pictures that are too large.
4. Ban 'free' email domains many spammers use.
Admin CP -> vBulletin Options -> User Banning Options -> Banned Email Addresses

See this thread for a list of commonly banned email addresses:
http://www.vbulletin.com/forum/showthread.php?t=148061
5. Set these options to 'No' for the Unregistered, Users Awaiting and COPPA usergroups.
Can Use Email to Friend
Can Email Members6. Add a new required question to registration.


Although there is a Q&A option in the Human Verification Manager, at this time these is no way to use this in conjunction with Image Verification or reCaptcha. However there is a workaround for this. You can create a required profile field to add Q&A to the registration process. To do so, follow these instructions: Add an extra question to the registration to prevent bot registrations (http://www.vbulletin.com/forum/showthread.php?t=205214).

7. Restrict Email to Friend to Registered Users.


Some people have reported that spammers are using the 'Send Email to Friend' function to spam others from your forums. To reduce this make sure that your Unregistered, COPPA and User's Awaiting groups have the 'Can Use Email to Friend' option set to 'No'.

8. Stop bots spamming through the Contact Us link.
Admin CP -> vBulletin Options -> Site Name / URL / Contact Details -> Allow Unregistered Users to use 'Contact Us' -> Yes, but Verify Image

9. Enabling Spam Management.


vBulletin supports managing spam through the Akismet and Typepad Anti-spam services. Both services require an API key to use. Here is how to obtain those keys.

Akismet -
To obtain an Akismet key, you need to sign up for a Wordpress.com account. This will give you a key to use within vBulletin. After signing up please see this page for instructions on retrieving your key:
http://faq.wordpress.com/2005/10/19/api-key/

Typepad -
Typepad also requires a key to be used. To get one go to this link here:
http://antispam.typepad.com/info/get-api-key.html

Once you have your key, you need to enter it into your vBulletin Options under:
Admin CP -> vBulletin Options -> vBulletin Options -> Spam Management -> vBulletin Anti-Spam Key Powered by Akismet

Note: Either key goes into the same spot. On the same page set 'Anti-Spam Service' to the appropriate service. You can only use one service at a time.

Note: Because of recent spam attacks, we strongly recommend that you combine one of the Image Verification options along with a Q&A as described in item #6 above.

In addition banning free email accounts (#4) will be a major help as well.

From this post (http://www.vbulletin.com/forum/showpost.php?p=1632025&postcount=97):

It does appear that a certain spam program has released an update in the last few days that is able to decipher the image captchas of gmail, Invision, PHPBB, and vBulletin. Since gmail is broken, the script can automatically create email addresses for email verification.

The update for this program states that it hasn't broken recaptcha, but it is only a matter of time (short time at best) before it is broken as well.

To continue to devise an image captcha, that is increasingly difficult for humans to decipher, leads to a captcha that only a computer can decipher. This is why I built the image captcha to be configurable by the end user.

If you are using the image captcha, change the fonts and the backgrounds. In your forums/images/regimage directory, you will find a fonts/ and a backgrounds/ directory. Remove all of the default fonts in the fonts directory and add a collection of your own .ttf fonts. You can get freeware fonts all over the web. Pick some that are a bit strange but still readible and stick them in the directory. The backgrounds are 201x61 jpg images. Create your own, I suggest putting some text on them, that will really confuse the script, just do it so that when the captcha text is added to it by vBulletin, it doesn't confuse your registrees. The system will automatically use the fonts and images that you add to the appropriate directories.

When using the QA system, don't create questions like these:

What is 2 + 2?
Please enter the word "brown".

The nefarious script at work here can most likely handle those questions. You must ask a question that doesn't give the answer in the question. I suspect something like "If you have three apples and eat one, how many do you have left?" would work.

Adding required fields will also no longer work. The script can handle the "required field missing" errors and resubmit with those fields filled in.
__________________

From the feedback from our customers it appears the Question & Answer option is blocking the spam for 99% - If you are not using it, I recommend to switch to it and give it a go.

A bad question: What is 2+2?
A bad question: Color of sky?

The Q+A Human Verification System Allows you to be creative with your questions and answers, a few examples:

Some good questions:

If one is actually five, and you add three, how much do you have? (8)
If you eat half a dozen of apples, but put three back, how many do you have left? (9)
What would my fathers' brother be to me? (uncle)
What is the third letter from the left in the logo of this web site? (u)
Which letter from alphabet can you drink? (t)

We have had confirmation from one forum that a human registered, then turned over the Q&A info to a bot which then rapidly added new registrations to began spamming.

At this time I recommend using the Q&A verification with as many different Q&As as possible which will be randomly applied for each registration.

Meanwhile the Devs are looking at stronger measures but unfortunately when you have a person doing something like this, then there is no easy way to stop this. If you are being hit, you should consider moderating new members.

More information is here: Right back at ya, CAPTCHA: bad guys crack Gmail, Hotmail
(http://arstechnica.com/news.ars/post/20081002-right-back-at-ya-captcha-bad-guys-crack-gmail-hotmail.html)

(http://arstechnica.com/news.ars/post/20081002-right-back-at-ya-captcha-bad-guys-crack-gmail-hotmail.html)

How to automatically moderate the posts and threads from new users:
http://www.vbulletin.com/forum/showthread.php?t=248832

While we can not provide support or suggest unofficial modifications to vBulletin, we do want to give you the options. If you are on vBulletin 3.6 and can not upgrade (yet) to 3.7, you could get some 3.7 functionality via product/plugins; or if you are on 3.7 and wish to extend anti spam functionality: You could consider some vBulletin.org releases - again - I want to stipulate that we do not recommend any unofficial release, and will not support it. So make a 100% backup of your database and files before customizing your board, so you can revert back to a working instance if you run into problems.

Here is an announcement with some information about the issue relating to the vBulletin software: http://www.vbulletin.com/forum/showthread.php?t=288234

Obtaining an Akismet or Type Anti-spam Key.

Akismet -

To obtain an Akismet key, you need to sign up for a Wordpress.com account. This will give you a key to use within vBulletin. After signing up please see this page for instructions on retrieving your key:
http://faq.wordpress.com/2005/10/19/api-key/

Typepad:
Typepad also requires a key to be used. To get one go to this link here:
http://antispam.typepad.com/info/get-api-key.html