Attack from anonymous proxy
[ not tested, just some thoughts ]:
what you can try to do is to check ips of posters against couple of rbl servers [ just as it is done with e-mail ]. list of some rbls that can help you: http://spamlinks.net/filter-dnsbl-lists.htm#proxies. problem is such approach will introduce significant delay and degrade user experience. you can combine it together with local geoip database [ eg from maxmind ] and apply the check only to those who are coming from 'suspicious' directions.
there are also paid services that will keep updated list of proxies - eg killabot. if you are willing to pay there should be no problem with modifying their wordpress protection script and using for your website.