Again, here's how I fixed it on my site. In general, so you know, as this isn't a step by step session.
First, add in the hack so that new blog registrations trigger an email to the site admin.
Things to look for and modify:
1) Site-wide feed: in the query that actually pulls the posts from the blog, add in another AND then (is it post_id or id?) whichever it is, make sure it's >=5.
2) Latest blogs, etc: find the queries that pull those things (somewhere in wpmu-functions.php) and do the same thing, to an extent. If it's checking posts or whatever, use a post id >=5. If it's for the actual most recent sign-up's/users, then add 24hours to the date it's checking for.
3) Pings... look up in wp-includes (can't remember all the exact files off the top of my head) find from post.php the actual part where it adds an action to ping a service when the post is set to publish. Add an if statement around it, where it only runs the ping if the post_id is >= 5.
Now, what these do.
Keeps new blogs out of lists for 24 hours.
Keeps posts with an id < 5 out of things like the site-wide feed, recent post lists, and especially important... from pinging pingomatic and having that post indexed. In other words, if some jackass gets by your sign-up precautions, then posts whatever, at least they won't be telling the world all about it and you will have time to remove their crap.