Hello Mark,
I made similar experience with spam comments. With an update and captcha code you make it more difficult to spam your gallery but not impossible at all.
I go different ways now. On my website I have the gallery and also a forum. Inside the forum php code I implemented a direct spam checker. It means the user name, e-mail and IP is compared with a black list. But this prevent only the forum....
So I created by my own a .htaccess file which refuse all "black list" IP's in general. If they try to open the website they receive the Error Code 403, Forbidden! So the spammer (hacker) have no access to the domain/website at all.
In another thread I already offered this solution, but Joachim does not see the sense why to do it in this way....
I use the new .htaccess since a few days and Spam is going down to Zero.... but in my logfiles the Erorr Code 403 is recoreded very often
My file have around 5700 lines (140 kb) but this is no problem and doesn't increase the time to load the website. I even checked this with my provider. I blocked single IP's and even a range of IP's. Actually I blocked over 200.000 IP's. The Anti-Spam community is well organized and the IP's of possible spammers are submitted and available within hours in simple text listings which you can download and implement into your htaccess file.
This is in my point of view the most effective way to "kill" the spammers before they can open your website. If you like to know more, then please contact me by PM.
Regards
Anderl