There are some of the IP address was listed in Log Browsers but without User and User GUID...

37.59.129.119
192.210.214.208
23.27.131.179
173.234.226.197
199.180.128.235
198.175.124.209
176.9.198.237
67.209.190.29
37.203.214.241     
5.39.53.141
96.127.135.195
94.242.241.149
192.210.214.208
5.9.215.66
67.209.190.45
46.165.251.67
83.46.173.55
50.115.173.170
193.183.105.18
173.213.89.12
67.209.190.7
82.80.55.41
130.185.157.243
192.119.151.64
23.27.131.179
178.32.233.171
173.234.226.197
23.27.131.104
173.234.226.124
198.143.144.70 

1. Captchas don't work

2. use other spam control methods: spam login filter + spam throttle is a good combination

@ Matt Beckett, Captchas cannot stop human spammers from registering to a site but when used properly, Captchas can slow down the amount scam-bots (computer robots) auto registration tools out there or block automated scripts from abusing Elgg sites online Services. I am aware that even Google Captcha can be cracked within a few seconds with more than 99 percent accuracy by a good programmer. However, having Captcha on a site does not hurt…

@ cmsgalaxy, Even thought on earth there is no single site which is “secure against automatic attack" you can Try Matt Beckett's spam login filter + spam throttle + elgg-captcha+ honeypot-spam-catcher. Even so, your registrations spam rate will go down to almost zero!

The Elgg-Captcha system uses human voices changing sounds and background noises, making it impossible for scam-bots (computer robots) to isolate the correct words included in each sound Captcha.

Elgg-captcha System is far more better than other Captchas because it strikes the best balance with human usage and also, Elgg Captcha can be used in combination with other Captchas or anti-spam technologies.

You can find the latest Spam plugins in these addresses:

http://community.elgg.org/plugins/1172111/1.8.14/elgg-captcha
http://community.elgg.org/plugins/1131529/1.0/honeypot-spam-catcher

Hope this will slow down the spammers registration to your site hence the beginning of no nightmares! With good combination of this Plugins, your site can remain a powerful site and effective to fight abuse.

Let us know how it works for you.

I've given up on captchas because the cracking of them has become so good that they slow down real users much more than they slow down spammers.  At that point the detriment to UX is not outweighed by the very very minor % of spammers a captcha will stop.

@ Matt Beckett, Come on, do not give up on Captchas -- you might be right but the captchas can be tweaked to serve the interest of the Elgg site owners. Even though Captchas can be bombarded by spam boats, Captchas can play a role of slowing down the amount of robots registration success rate. Otherwise mega giant online networks could not be using Captchas. Remember whenever Google Captchas are cracked, google will always tweak or alters their Captchas to keep up with sophisticated spammers.  I do not support Captchas to be placed in every form of the site. It will be better to have few users who are determined to take their time and fill in the right Captchas than leaving the site without any speed governors that can slow down spam scripts from spammers.

Unfortunately I think in the past Elgg got a reputation among spammers as being easy to spam with a lot of potential rewards for doing so.  For instance the blog pages are/were almost perfect where a spammer could basically put up a full page ad on your site and have it rank in Google while helping them with SEO.  So they targeted Elgg and at one point were selling lists of Elgg sites on fiverr.com for spamming purposes.  As I understand it some changes have been made in Elgg 1.8.15 to reduce the incentive to spam somewhat but I'm not sure on the specifics besides that I think it involves the use of no-follow.

As for plugins spam-login filter is probably one of the betert anti-spam plugins for Elgg available.  Although it's not perfect.  The last I heard the submit capability to stopforumspam is not yet operational.  At least it wasn't for me.  Some other plugins which might help have already been mentioned: spam throttle, honeypot, a captcha plugin (many are available).  Also consider manually blocking some of the worst offenders right at the firewall. 

rel=nofollow for non-trusted links has existed since 1.8.1 Nov 2011.
the combined anti-spam plugins listed are pretty good at what they do;
htaccess deny also adds to work @ blocking+ effectively.
if site owners want to incorporate the open-source 'anti-hammer' package,
this will add even more stringent bot & hammering shields against spammers behaviour.

@ DrupeDescoop:Could you elaborate on the points you made from line 3 of your post to the end.e.g using .htaccess and anti-spammer package.

Captcha should not be made for registeration page only.Being able to add captcha on blogs pages, comments and even group registration would will help reduce the bots.

DhrupDeScoop, there was recently an improvement in 1.8.15 to close a big opening from what I understand https://github.com/Elgg/Elgg/issues/5244 and http://blog.elgg.org/pg/blog/cash/read/227/elgg-1815-released

Adding nofollow to auto linked URLs to discourage spammers (thanks to Hellekin Wolf for pointing that out)

url sanitizing is done via such code ~>
.    return "$urltext$punc";
    if (!isset($vars['rel'])) {
        $vars['rel'] = 'nofollow';
.    $htmlawed_config['anti_link_spam'] = array('/./', '');
.    }else{$a['rel'] = 'nofollow';}
in several different scripts
for the different situations. 
 

'anti-hammer' is open-source package and 
can be found at http://corz.org/serv/tools/anti-hammer/ 
matt has a plugin that implements something very useful &
similar at tke lower logic level within elgg's contexts itself.