no need, just keep trying until they go.  In the 360 sec it's churning away it's deleting all of the users content.

As far as spam goes - use spam_login_filter and spam_throttle and make sure your core version is up to date.

The IP tracker needed for the spam_login_filter sounds dodgy so I never installed it and I've always had trouble with API-key stuff (they never seem to work for me).

I've got honeypot that might help a litte. The basic captcha didn't do much. The textcaptcha with foreign language questions seemed to be perfect until some of them got through. Probably I need to make questions with very long answers (might make cracking it more difficult). I'll try spam_throttle next.

Honepot does work good, just keep trying different ones until you get the issue fixed, there is plenty of them out there, but as the bots get smarter, we need new ones to defend the attacks. To me this is a never ending thing since these bots get more sophisticated we just gotta stay 1 step ahead of em.

Captchas are a waste of time, spammers have them beat now, all they do is inconvenience your real users.

Honestly, spam_login_filter and spam_throttle together is your answer.

http://community.elgg.org/discussion/view/603247/captcha-and-spammers

I've been using this captcha for 2 or 3 years on numerous Contact pages and with no problems. Not sure if it could be incorporated into a plugin or be effective for a log-in...

http://www.tagmail.co.uk/contact/index.htm

@Burgs: there already is an "image captcha" plugin available for Elgg: http://community.elgg.org/plugins/721250/2.0/image-captcha

It seems it quite similar to the captchas shown on the site you linked.

@Darth Vader: have you made any progress? I've posted a reply to your comments on the Userpoints plugin page yesterday.