Forum spam

No, not on here, but we all hate them, wherever they are...

Seeing a lot in the last couple of weeks, leaving links to virtual servers on 208.116.31.140.

Nmap says:

nmap -A -P0 208.116.31.140

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-12-09 20:21 GMT
Warning: Giving up on port early because retransmission cap hit.
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
RTTVAR has grown to over 2.3 seconds, decreasing to 2.0
Interesting ports on 208.116.31.140:
Not shown: 1604 closed ports, 71 filtered ports
PORT     STATE SERVICE       VERSION
80/tcp   open  http          Apache httpd 1.3.33 ((Win32) PHP/4.4.4)
139/tcp  open  netbios-ssn
1025/tcp open  msrpc         Microsoft Windows RPC
3389/tcp open  microsoft-rdp Microsoft Terminal Service
8443/tcp open  ssl/http      Microsoft IIS webserver 6.0
No exact OS matches for host (If you know what OS is running on it, see http://www.insecure.org/cgi-bin/nmap-submit.cgi).
TCP/IP fingerprint:
SInfo(V=4.11%P=i686-pc-linux-gnu%D=12/9%Tm=475C545B%O=80%C=1)
TSeq(Class=TR%IPID=I%TS=0)

There's a Plesk login on 8443.

Yeah In this case the spam is promoting German websites hosted on a server in the US. What IP ranges the spam itself is coming from, is another matter of course.
Of course if you introduce human assistance there's not a lot you can do to stop it apart from wholesale blocking of large IP ranges. But I'd reckon that CAPTCHA is the biggest single improvement that one can make.

Current situation is that the forum receives about 50 new registrations per week of which recently about 20 are spam, and most of these promote the same site; it looks to me like a new bot has gone active.