For what it's worth, on Drupal 6 I used .htaccess deny from rules to ruthlessly block networks with spammers... and oddly enough, that was effective. It took a couple weeks to build up a complete enough .htaccess block list. This is complete crap, but it might still be useful regardless of drupal version.
Here's the related excerpt from my current .htaccess. - Dan
Order allow,deny allow from all # AhrefsBot deny from 173.199.114 173.199.115 173.199.116 173.199.117 173.199.120 # webmeup.com / blexbot deny from 108.178.53.226 108.178.60.2 198.143.187.202 # Too-frequent registers #$ grep register www_logs/access_log | awk '{print $2}' | sort | uniq -c | sort -n | awk '$1 > 7 {print $2}' > bad.new #$ zcat www_logs/www.20130521.gz | grep register | awk '{print $1}' | sort | uniq -c | sort -n | awk '$1 > 7 {print $2}' > bad.old #$ fgrep -f bad.old bad.new # Aw, screw it, deny everybody who over-accessed the register page on 20130825. # First, class C or B network with multiple hits: deny from 5.135 deny from 5.39 deny from 23.19 deny from 37.59 deny from 46.105 deny from 50.115 deny from 50.117 deny from 93.182 deny from 94.23 deny from 96.127 deny from 108.178 deny from 151.237 deny from 173.0 deny from 173.236 deny from 176.31 deny from 178.32 deny from 178.238 deny from 184.154 deny from 188.165 deny from 192.95 deny from 198.143 deny from 199.180 # Then individual addresses. These probably aren't worth blocking. deny from 1.83.33.254 deny from 108.163.224.181 deny from 108.62.71.76 deny from 109.231.47.99 deny from 110.86.185.249 deny from 118.208.100.93 deny from 120.37.243.163 deny from 138.91.33.87 deny from 142.91.79.16 deny from 142.91.79.6 deny from 173.208.2.157 deny from 173.213.90.5 deny from 173.254.255.133 deny from 176.61.140.238 deny from 178.137.83.252 deny from 178.216.48.237 deny from 178.63.199.209 deny from 180.180.104.227 deny from 182.52.46.99 deny from 192.157.239.74 deny from 192.254.78.26 deny from 192.40.88.202 deny from 198.12.124.103 deny from 198.175.125.173 deny from 198.2.198.132 deny from 198.49.70.131 deny from 198.52.240.60 deny from 199.119.226.123 deny from 199.59.63.245 deny from 199.91.174.227 deny from 204.12.208.162 deny from 206.214.93.150 deny from 208.89.208.165 deny from 219.83.100.195 deny from 27.159.239.22 deny from 37.187.73.26 deny from 5.34.242.16 deny from 5.39.44.28 deny from 59.183.7.52 deny from 66.248.193.63 deny from 69.175.39.229 deny from 78.10.93.101 deny from 79.133.196.50 deny from 80.72.38.195 deny from 83.111.98.126 deny from 88.156.13.111 deny from 89.230.79.51 deny from 91.121.164.212 deny from 91.236.74.165
# Login attacks # grep 'POST /.q=user' www_logs/access_log | awk '{print $2}' | sort | uniq -c | sort -n deny from 188.143.233.136