If it’s not one kind of spam, it’s another. A mouth breather recently figured out to spam WordPress-powered blogs via the trackback mechanism. The first spam trackback I got was a bunch of pseudo-random letters. The next ten or so were nasty porn spam. I had to temporarily rename the trackback script to stop the vermin.
If you don’t care about trackback, the easiest way to stop the spam is to delete wp-trackback.php or to rename it. Alternatively, you can moderate trackbacks using a hack posted at WordPress.org.
If I start getting a lot of moderation emails, though, I’m going to hack the scripts using the same technique that allows comments to work with a script file with a non-default name. So far, that technique has worked perfectly for me with respect to preventing spam comments.
Update: Perhaps I did something wrong, because trackbacks aren’t being moderated. So, I’ve reverted to disabling trackbacks all together. Of course, since I got 115 spam trackbacks in less than 24 hours, moderation wouldn’t have been a great solution, either.