.htaccess spam bot protection incomplete?

Hi,

First of all, great plugin! Most of its functions work great. I was running into an issue with the spam bot protection. The specific website I was working on kept getting spam bots, even after activating all anti-spam features. After some searching I figured out that they were not going through the comment section form but directly addressing the wp-comments-post.php file. In the .htaccess file I noticed that you already have implemented the following code to cirmunvent this :

#AIOWPS_BLOCK_SPAMBOTS_START
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} ^(.*)?wp-comments-post\.php(.*)$
RewriteCond %{HTTP_REFERER} !^http(s)?://yourwebsitedomain\.com [NC,OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule .* http://127.0.0.1 [L]
</IfModule>
#AIOWPS_BLOCK_SPAMBOTS_END

Sadly this did nothing to prevent the bots from posting spam.
My internet search brought me to a piece of code which when implemented after all the AIOWPS code did the trick :

# Block spam that targets wp-comments-post.php & wp-login.php by denying access to no-referrer requests
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .(wp-comments-post|wp-login)\.php*
RewriteCond %{HTTP_REFERER} !.*yourwebsitedomain\.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule ^(.*)$ ^http://%{REMOTE_ADDR}/$ [R=301,L]
</IfModule>

The more I look at the code, the less I understand why this blocks the spammers and yours does not. I just thought it would be good to let you know so you could in some way figure out how to improve the plugin even more. (The added protection to wp-login.php would be a nice to have)

Kind regards