@Tgr has installed some anti-spam extensions on https://wikispore-test.wmflabs.org/ now, and they seem to be working great to me.

Installed:

• ConfirmEdit (with the FancyCaptcha variant) which will hopefully prevent most spambots from registering
• SpamBlacklist which uses m:Spam blacklist to filter URLs
• TitleBlacklist which uses m:Title blacklist to filter page names and account names. I think the meta blacklist is more anti-abuse than anti-spam, but still better than nothing.
• Nuke for quick cleanup after spammers (although I'm not sure how useful it is when everyone shares the same IP)
• UserMerge in case someone wants to bother with cleaning up the spammer user accounts
• AbuseFilter and AntiSpoof. These are probably not super useful, they were part of one of the vagrant packages.

Things to try if this is not enough (these did not have out-of-the-box vagrant roles and I did not have much time):

• use QuestyCaptcha (security question, e.g. "what is the name of this site?") instead of FancyCaptcha. For tiny sites it probably works better.
• see if some of the alternative nuke extensions (e.g. BlockAndNuke) are more convenient
• set up StopForumSpam

The captcha images do not load for me (they give a "Requested bogus captcha image" error) but work for @Pharos. Given the error this cannot be a network or browser issue (also they worked from the same network/browser when I initially set things up). Weird. We should probably instrument the "Requested bogus captcha image" error.

@Tgr This is done now, right?

If you feel the captcha is working well enough then yes.