Last days I received lots of spams comments, about ~100 per day. I run Pluxml on my own server so I decided to blacklist their source IPs, with the following method :

1. Make sure that all the spam comments are offline (waiting for moderation), make sure to validate all legit content.
2. Exctract the IPs from the .xml files in the server (each comment has its own .xml, with a _ prefix if offline) with a script.
3. DROP these IPs in iptables.

This is not really clean but it's a fast solution. Just be careful, don't drop legit IPs.

get-ips.sh

#!/bin/sh
#
awk '/<ip>/ {gsub("<[^>]*>", ""); print}' /path/to/pluxml/data/commentaires/_* >> ./ip.txt

Execute ./get-ips.sh you will get a ip.txt file.

blacklist-ips.sh

#!/bin/sh
#
IP="./ip.txt"
if [ -f $IP ]; then
        while read BLOCKED; do
                iptables -I INPUT -s $BLOCKED -j DROP
        done < $IP
fi

This script will read /root/ip.txt and will blacklist the content in iptables.

This is volatile so don't forget to save your iptables configuration or your blacklist will be lost if you reboot your server.