I have the options set: "anyone can register" and "users must be registered and logged in to comment", but I receive regularly bogus comments and they come from users that are surely NOT registered and thus cannot be logged in either.
I have version 2.1. If I try it myself, I am unable to comment, so there must be some kind of vulnerability in this version.
If you want to try it out: http://www.topsoft.be/weblog.
Is there a way I can find out how they could enter my blog?