Problem with spam comments and registrations

Akismet, Cookies for Comments, or this https://darcynorman.net/2009/05/20/stopping-spamblog-registration-in-wordpress-multiuser/

For registration I followed the steps on darcynorman.net, and for the comments I followed the steps on https://www.seobloggerstips.com/2012/07/16/how-to-stop-spam-comments-count-without-using-wordpress-plugin/

My multisite .htaccess is like that. Is everything ok now?

SecFilterEngine Off
SecFilterScanPOST Off
php_value memory_limit 1024M
#php_admin_flag safe_mode off

# BEGIN ANTISPAMBLOG REGISTRATION

RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} !^.*(FeedBurner|FeedValidator) [NC]
RewriteRule ^feed/?.*$ https://feeds.feedburner.com/mysite [L,NC,R=302]
RewriteRule ^home?.*$ https://feeds.feedburner.com/mysite [L,NC,R=301]
RewriteRule ^wp-content/uploads/(.*)$ https://mysite.com/files/$1 [L,R=301]
RewriteRule ^wp-content/gallery/(.*)$ https://mysite.com/files/$1 [L,R=301]
RewriteRule ^wp-content/uploads/jw-player-plugin-for-wordpress/player/player.swf$ https://mysite.com/files/jw-player-plugin-for-wordpress/player/player.swf$1 [L,R=301]
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-signup.php*
RewriteCond %{HTTP_REFERER} !.mysite.com. [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) https://die-spammers.com/ [R=301,L]
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post.php*
RewriteCond %{HTTP_REFERER} !.*mysite.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^https://%{REMOTE_ADDR}/$ [R=301,L]

# Prevent folder browsing
Options All -Indexes

<Files wp-config.php>
order allow,deny
deny from all
</Files>

RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]

# uploaded files
RewriteRule ^files/(.+) wp-includes/ms-files.php?file=$1 [L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule . index.php [L]

# BEGIN Watermark Hotlinked Images
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https://mysite.com  [NC]
RewriteCond %{HTTP_REFERER} !^https://www.google.gr  [NC]
RewriteCond %{HTTP_REFERER} !^https://www.facebook.com  [NC]
RewriteCond %{HTTP_REFERER} !^https://www.twitter.com  [NC]
RewriteCond %{HTTP_REFERER} !^https://www.google.com.tr  [NC]
RewriteCond %{HTTP_REFERER} !^https://www.google.co.uk  [NC]
RewriteCond %{HTTP_REFERER} !^https://www.bing.com  [NC]
RewriteCond %{HTTP_REFERER} !^https://www.google.pl  [NC]
RewriteCond %{HTTP_REFERER} !^https://www.google.com.sa  [NC]
RewriteCond %{HTTP_REFERER} !^https://images.search.yahoo.com  [NC]
RewriteCond %{HTTP_REFERER} !^https://ixquick.com  [NC]
RewriteCond %{HTTP_REFERER} !^https://www.google.hu  [NC]
RewriteCond %{HTTP_REFERER} !^https://www.google.co.kr  [NC]
RewriteCond %{HTTP_REFERER} !^https://www.google.nl  [NC]
RewriteCond %{HTTP_REFERER} !^https://www.google.se  [NC]
RewriteCond %{HTTP_REFERER} !^https://www.google.de  [NC]
RewriteCond %{HTTP_REFERER} !^https://www.google.ca  [NC]
RewriteCond %{HTTP_REFERER} !^https://www.google.it  [NC]
RewriteCond %{HTTP_REFERER} !^https://www.google.es  [NC]
RewriteCond %{HTTP_REFERER} !^https://www.google.com.cy  [NC]
RewriteCond %{HTTP_REFERER} !^https://www.google.ru  [NC]
RewriteCond %{HTTP_REFERER} !^https://www.google.com.br  [NC]
RewriteCond %{HTTP_REFERER} !^https://www.yahoo.com  [NC]
RewriteCond %{HTTP_REFERER} !^https://www.google.com  [NC]
RewriteCond %{HTTP_REFERER} !^https://www.google.co.in  [NC]
RewriteCond %{HTTP_REFERER} !^https://www.google.fr  [NC]
RewriteCond %{HTTP_REFERER} !^https://www.google.co.ve  [NC]
RewriteCond %{HTTP_REFERER} !^https://www.google.tt  [NC]
RewriteCond %{HTTP_REFERER} !^https://www.google.cl  [NC]
RewriteCond %{HTTP_REFERER} !^https://www.google.co.za  [NC]
RewriteCond %{HTTP_REFERER} !^https://www.google.co.th  [NC]
RewriteCond %{HTTP_REFERER} !^https://feeds.feedburner.com/mysite  [NC]
RewriteRule ^(.*\.(png|gif|jpe?g))$ https://mysite.com/wp-content/plugins/watermark-hotlinked-images/watermark.php?img=$1 [L]
</IfModule>

# END Watermark Hotlinked Images

#Begin gzip and deflate
<IfModule mod_deflate.c>
 AddOutputFilterByType DEFLATE text/html text/css application/x-javascript text/plain text/xml image/x-icon
</IfModule>
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType text/html M3600
ExpiresByType text/css M3600
ExpiresByType application/x-javascript M3600
ExpiresByType image/bmp M3600
ExpiresByType image/gif M3600
ExpiresByType image/x-icon M3600
ExpiresByType image/jpeg M3600
</IfModule>

Huh. No. But mostly because it’s all jumbled up and not optimized.

Rule 1: WordPress goes at the bottom
Rule 2: Inline comment your sections
Rule 3: Don’t mix them together – everything should be grouped logically
Rule 4: Regex is your friend ??

Try this:

# BASIC SECURITY

SecFilterEngine Off
SecFilterScanPOST Off
php_value memory_limit 1024M
#php_admin_flag safe_mode off

# Prevent folder browsing
Options All -Indexes

<Files wp-config.php>
order allow,deny
deny from all
</Files>

# BEGIN feedburner and uploaded files adjustments.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} !^.*(FeedBurner|FeedValidator) [NC]
RewriteRule ^feed/?.*$ https://feeds.feedburner.com/mysite [L,NC,R=302]
RewriteRule ^home?.*$ https://feeds.feedburner.com/mysite [L,NC,R=301]
RewriteRule ^wp-content/uploads/(.*)$ https://mysite.com/files/$1 [L,R=301]
RewriteRule ^wp-content/gallery/(.*)$ https://mysite.com/files/$1 [L,R=301]
RewriteRule ^wp-content/uploads/jw-player-plugin-for-wordpress/player/player.swf$ https://mysite.com/files/jw-player-plugin-for-wordpress/player/player.swf$1 [L,R=301]
</IfModule>

# BEGIN ANTISPAMBLOG REGISTRATION
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-signup.php*
RewriteCond %{HTTP_REFERER} !.mysite.com. [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) https://die-spammers.com/ [R=301,L]

RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post.php*
RewriteCond %{HTTP_REFERER} !.*mysite.com.* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^https://%{REMOTE_ADDR}/$ [R=301,L]
</IfModule>

# BEGIN Watermark Hotlinked Images
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?mysite.com  [NC]
RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?google.\ [NC]
RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?facebook.com [NC]
RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?twitter.com [NC]
RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?yahoo.\ [NC]
RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?bing.\ [NC]
RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?ixquick.com  [NC]
RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?feeds.feedburner.com/mysite  [NC]
RewriteRule ^(.*\.(png|gif|jpe?g))$ https://mysite.com/wp-content/plugins/watermark-hotlinked-images/watermark.php?img=$1 [L]
</IfModule>

# END Watermark Hotlinked Images

#Begin gzip and deflate
<IfModule mod_deflate.c>
 AddOutputFilterByType DEFLATE text/html text/css application/x-javascript text/plain text/xml image/x-icon
</IfModule>
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType text/html M3600
ExpiresByType text/css M3600
ExpiresByType application/x-javascript M3600
ExpiresByType image/bmp M3600
ExpiresByType image/gif M3600
ExpiresByType image/x-icon M3600
ExpiresByType image/jpeg M3600
</IfModule>

# BEGIN WordPress
RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ - [L]

# uploaded files
RewriteRule ^files/(.+) wp-includes/ms-files.php?file=$1 [L]

RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^ - [L]
RewriteRule . index.php [L]
#END WordPress

still have a lot of spam comments

Did you setup Akismet or Cookies for Comments?

no only the .htaccess rules

Then please setup Akismet and/or cookies for comments ??

btw what is the Regex?

RegEx – Regular Expressions: https://www.regular-expressions.info/