For those of you who control your Apache server driving your blog and who would like to easily block the incoming tide of spam with the fake user-agent “
-- WordPress/2.1-alpha3” then all you need to do is to add the following to your .htaccess or central Apache configuration.
BrowserMatchNoCase "-- WordPress/2.1-alpha3" spambot=1
deny from env=spambot
allow from all
That should then cause the spammers to bounce off with a 403 “go away” error. You can also lather, rinse, repeat for other spam user-agents you would prefer not to let into the house..
On another point, a couple of them (one each in Brazil, Holland and Israel) had a fake SMTP server listening on port 25:
220 ESMTP service ready
Update: Also see Fight Blog Spam with Apache.