Possibly before your time, but in days of XF 1.1.3 and below it was pretty bad here. It was really bad here until they moved from reCAPTCHA to Q&A and until 1.1.4 introduced the registration form timer.
And of course anti-spam has gone from strength to strength in subsequent versions so it has got better.
Even if it has increased over the last few days, it's nowhere near as bad as it used to be. Testament to how strong the anti-spam measures are now
We have a big problem with human spammers at ValveTime.net. Nothing filters them out automatically, not even Fool Bot Honey Pot, because, by nature, that targets bots. It's always going happen with humans.
I don't know whether XenForo.com uses Akismet scanning. I do on Xen Media Gallery and it has worked quite well in catching the dodgy content before it is made visible.
Yeah, lately I've only been discovering them about a day after they register on the Latest Member field on the forum list. I think I'm just not paying enough attention or the cron job runs sometime after I see that area.
Nothing new here. Forums have been dealing with spam since the days they were coded in Perl. As long as someone is making money they will find a way. If you are looking to completely wipe it out that will never happen on your forum or anyone else's.
I have been using the default Recaptcha and it stops most of them. If you are using questions and answers i would switch. I dont know why but with questions and answers spammers get out of control on my forums.
We got hit recently from Pakistan IP's mostly registering as 24 year old females. After an update to 1.3.3 and I updated FoolBotHoneyPot which we use and takes care of 99% of our spam, things went back to normal. Not sure if they stopped or a change in FoolBotHoneyPot stopped them. Based on the logs from that plugin they seemed almost like human registrations but still had suggestions of automation.
We put all new users' posts into a moderation queue for x number of posts. So, almost no spam has made it through to the forum. (Had a moderator goof and approve some, but eh, we're human. )
All users are also manually approved, so we also weed out janky looking profiles before they even post. Here, we watch for obvious clues (profile says New York, IP address says Pakistan, for example). I also keep an eye on the StopForumSpam thingy--if that shows up, we always click the IP address and more often than not, it's from countries that have no legit visitors to our forum.
The manual approvals and moderation queue take time, but we have the staff to stay on top of it.