Spam at 1.6.2 site

We are using elgg in an educational setting (as part of a research experiment) and spam (especially prono) would be disastrous. We got 3 cases lately (email type .ru and @mailforspam...) even though self-registration is disabled. We are using 1.6.2 and upgrading to more secure later versions is not an option for us.

Any ideas how to fix this? Your help will be very appreciated.