I have suddenly been plagued by splog signups in the past week, mostly from 65.75.243.* and 75.127.*.* for "random" blog names of the form [random]blog[random_4_digits]. In order to temporarily combat this, I changed the signup question (some mu plugin) to more advanced human-testing questions.
When that didn't work, I tried limiting registrations to only a few domains, but I kept receiving the notifications of new blog registrations (all of which are clearly splogs).
When THAT didn't work, I tried to disable registrations altogether in the WordPress MU Admin Options page.
Why is it that I am STILL getting these splog signups, and what is an efficient way of blocking them? Could I use .htaccess to blacklist the suspect IP's?
EDIT: I EVEN changed my MySQL and admin passwords!