One-stop-mod: http://www.vbulletin.org/forum/showthread.php?t=248042

Probably the best modification that is highly effective against spammers.

The built-in anti-spam tools in vBulletin are a good start, but something like this really keeps the the trouble away.

Oh, and we *ALL* get hit by spammers/bots -- no one is immune, unless you have a invite only board!

The above modification, IMHO, is useless. All that does is help with a user spamming your forum. I am getting bombarded with new registrations that are managing to get through all of the Human Verifications at registration. All new registrations are held in que for approval before allowing them to post. So I'm not having a problem with spam posts...I'm having a problem with spammers trying to get in.

The incoming registrations look like:

I've tried blocking whole IP ranges, but then some of my legitimate members can't log into the forums.

At this point, I don't know what else to do but temporarily shut down new registrations on my site.

If you set up Spam-O-Matic well, then you will be able to block spam registrations. Let me know if you want help with this.
Another very important addon is Bad Behavior, which greatly compliments SOM. It deals with spam bots, content scrapers, vulnerability scanners and other malicious bots, even before the registration process. Saves bandwidth costs, adds security and greatly lowers spam registrations.

Here is what I do, I've never had a spammer get past my checks.

Then you must have it configured incorrectly or you're attracting a new breed of spammers that haven't been caught yet. 95% or better of the registration attempts from spammers are blocked on the boards that I have this installed on. It doesn't even allow them to get through the registration process. The only negative side I've had is false positive from users that happen to be using a dynamic IP that was once reported and blocked as a spam source.

So how do I set this up properly to stop them at the registration level?

For Bad behavior: upload the files and import the product. Then you need to get a key from projecthoneypot. You sign up here: http://www.projecthoneypot.org/create_account.php
After that you will find a key in your account on that site. Enter that key into your admincp.

Spam-O-Matic requires some configuration. The support thread on vb.org is quite informative.
Spam-O-Matic - Askimet:
Most people would not agree with me, but I always disable askimet.

Spam-O-Matic - Automoderation
Auto-moderation should be turned on.
I do not allow any links to be posted if the user has under 50 posts.
Review the posts of your spammers and make a list of all words that frequently appear in spam posts. Add these words to the auto-moderation keywords.
Set auto-moderation URL count to: 0
Set 'Auto-Moderation: Post Action' to 'moderate post'
Over time you will need to keep adding keywords and removing keywords that cause false positives.

Spam-O-Matic - Stopforumspam
For StopForumSpam enable the IP check, username check and email check.
Desired action = log and block registration
Query Connection Errors: This is a tricky one. If you set this to block then you will block legitimate users. If you set it to allow, then spam bots may register when the service is off line
Remote expiry: 60
Data Fetching and Parsing - CURL: enable CURL if your PHP server has that.
proxy address and proxy port are not needed.
Data Fetching - Cache: 30
API Key: make sure to get a API key from SFS. Go to the forum here: http://www.stopforumspam.com/forum/ and register an account. Once you have a forum account you can log in and get a API key there. Enter that into your admincp
Auto-submit from Moderation Tools: YES. Not only does this protects other sites from the spammer, but it also prevents the spammer from trying again at your site.

Newbie usergroup
Make sure that the first usergroup that newly registered members are in, has very limited permissions. If your site has reputation on and your members are actively giving it out, then this will help. You can add an automatic usergroup promotion after a few reputation points. The next usergroup can have more liberal permissions.

Moderating registrations
Then there is another possibility: moderating new members. I always thought this was way to labor intensive. But on my big board it turned out to reduce workload, because you stop the nonsense right at the door. For this to be successful you will need to add a number of profile fields where new members will need to fill in answers to questions that are relevant to your site. This allows you to easily spot if the applicant is seriously interested or not. Most spam bots will add links everywhere, so that easy.

Banning fake email domains
In 'admincp > settings > user banning options > banned email' enter this list of temporary & fake email domains:
Does that help?

What Alfa1 said above, that's basically it...

Good points on all areas of the anti-spam tool.

Thank you Alfa. It helps somewhat. I still believe that the Spam-O-Matic is great for spammers that get into your forums first. I want to try to prevent them from registering period.

Obviously, there really isn't an easy way to do this. The spammers are able to answer the questions in the registration form, they're coming from AOL, gmail and Yahoo email addresses....and half of them are valid email addresses because they're getting the email verifications. The other half, are junk email addresses, and I'm getting the bounceback emails.

All of the above measures, except the newbie usergroup and automoderation, prevent the registration of forum accounts by spammers.

Bad behavior blocks bots even before they get to the registration form.

You could say that users awaiting moderation are already in your system. Though registration was not completed before approval.

Stopforumspam compares the details of new users against the SFS database and denies registration if it finds a match.

Adding the above list of fake email domains to your banned email addresses, will block any new user from signing up with those domains. So this too prevents spammers from signing up.

I've registered with projecthoneypot, and I'm logged into my account, but I see nothing about an API key. I see manage honey pots, manage quick link, Manage MX entries

I use the API from StopForumSpam which I think is integrated into spa o matic. It checks username, IP and email address at registration. Just checked my logs and it's nailing close to 1000 would be registrations a day...

Go here to get your http:BL Access Key: http://www.projecthoneypot.org/httpbl_configure.php

This is what I need and I will come back for another forum.