Spammers are always a problem. Until we treat them like the terrorists they are (by sending a cruise missile through their front door), we will have to come up with ways to prevent their spam. Here's one method to help you combat the spam submissions to your directory.

First, open include/functions.php and find the following (around line 114 in pld 2.xx and around line 806 in pld 3.xx):

function get_client_ip() {
  if (isset ($_SERVER['HTTP_X_FORWARDED_FOR']))
    $ipAddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
  else
    $ipAddress = $_SERVER['REMOTE_ADDR'];
  return $ipAddress;
}

Change this to:

function get_client_ip() {
  $ipAddress = $_SERVER['REMOTE_ADDR'];
  return $ipAddress;
}

Here's why:
X_FORWARDED_FOR can easily be spoofed by using a proxy server and a spoofed IP. By getting rid of this in favor of the proxy server's IP address (which will be reported by REMOTE_ADDR), we can ban it in our htaccess. Sure, we aren't banning the spammer, but we are banning the proxy server they are using. HTTP_X_FORWARDED_FOR should really only be used when you can be certain no one is spoofing IPs (only in an intranet maybe?)