I offered to help one recover from spammers (mostly spam registrations rather than posts, fortunately), and it's an uphill task.
It was running a vanilla 1.0.22 phpBB setup. I've added a MOD to make deleting users easier (as a result, it's gone from about 480 to 30 'real' users plus about 10 others I'm not sure about but which aren't doing anything naughty). I've made a couple of changes to the registration process to catch out stupid scripts. I've made registration spam pointless (now you don't even appear in the user list until an admin says so) but of course, they're still doing it... to the tune of about ten a day.
I'm about to do another tweak to catch out about half of those, but I'd like to get it down to a maximum of one a day.
I can see that the standard CAPTCHA has been completely cracked - is it worth changing to a more robust one? (Either something that's not OCRable or the 'here are 20 pictures, which ones are kittens and which cars?' type.)
Or do I just say 'sod it' and suggest they move to SMF?