I recently redesigned my wordpress theme for iOS Icon Gallery and Mac Icon Gallery.
The old themes provided the ability to comment through the interface. Due to a lack of real comments and a surplus in spam comments, I decided to entirely remove the ability to comment from the interface.
Once my theme went live, I was still getting spam comments in the Wordpress backend. I asked myself, "how are comments still appearing in the Wordpress backend when I don't have a single comment form on my website?" After some Googling, I discovered this was due to spambots posting data directly using wp-comments-post.php.
Further Stopping Spambots
To prevent spambots from posting to Wordpress via a URL, you can block access to wp-comments-post.php via the .htaccess file. Simply include these rules in your .htaccess file (thanks to catswhocode)
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post.php*
RewriteCond %{HTTP_REFERER} !.*yourdomainname.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
</IfModule>
Note: Be sure to change the yourdomainname part!
That Doesn't Help You?
If this doesn't seem like the best fix for you, try looking at this article from WP Tuts+ detailing easy and efficient ways to combat spam comments.