Second this is a cut and paste from my guild message board on how the admin fixed the spam problems we were having seems relatively simple and should make it so you don't need to babysit the signups anymore.
Post mortem analysis of spam attacks on our boards:
Captcha was enabled. That was not the issue. The captcha solution used by phpBB was hacked around the 10th of February 2009 and spam posting bots started to use the new attack to break into any phpBB forum that could be breached. The common solution to this was to tighten the board security with two changes. Don't allow anonymous posts and add a custom user field to each account that is required at registration. Doing these two things forces everyone to register and changes the default fields needed to create an account, thereby, defeating the common spam bot attacks.
More attacks will happen in the future once the bot scripters figure out that they can create reactive solutions to the custom user fields.
There is a centralized captcha service called reCaptcha that records the IP of all requests for the captcha image, so it is able to start denying access by creating a blacklist of IPs from suspected bots. This will most likely be the next step once the spammers break the custom user field solution. This too can be broken but I don't want to give hints on how.
I'm going to consider the spam post issue closed at this time unless someone can point out new spam posts. There may be a few holes if some of the spam bots are smart enough to use existing users in the system that are already registered on a previous spam.