I am trying out "botdetect", and the spam is actually increasing. What I found is that the captcha is working, but the registration still passes though without filling out the captcha stage. For example, the spam bots fills out only the username and email and not the captcha, our registration page displays the field of captcha is not filled in(which is good), but the spam user and email sends to my admin account with a user request in pending(which is bad).
What my wish list would be that if the captcha field is not filled out, the user and email should be rejected in that instant with out an email sent to my admin box nor a reply to the spammer. I will look forward to testing out this upgrade if possible.