I'm inviting you separately. I'd like you to try implementing your solutions as we discussed via PM.:
1. i'll add same ip checking so we can limit user from the same ip to be online on the same time, most bot use very little variant ip
2. If you don't already have, i'll add ip checking from major black list, so when it signup it will check are the ip of the user from black listed ip or not, if it's it will denied the signup
3. if your comment doesn't have banned word checking already i'll add that too, most spam uses repeated word that we can banned from posting if it detected
For the auto blacklist checking i will use [url removed, login to view] and [url removed, login to view], and i see your login form are not protected by captcha?