Well. I have the captcha in place... (Give it a go at my site if you want... If you'd be friendly enough to include the word WROX as a start of your secret question, so I'll be able to recognise you just tested, and aren't a user intending to stick around, that'd be great). The only reason I'm not sharing the code is that Jim hinted Marco will be including Captchas in the next version, and if I'd just post the code here, that'd kind of shoot Marco in the foot.
Other ways to keep things user-friendly would be generating a question that's easy for people to answer. I.e. "How much is a dozen?". "What's the last name of the giant ape called King?", or in the case of (for instance) the opera site, questions about Opera (Who composed Aida?), etc.
By the way, even IP bans won't suffice, I'm afraid. There's always anonimizers, proxies, etc. And if someone is determined enough, they will be able to cause trouble. Unfortunately every single restriction against these dingleberries you implement might potentially hurt real customers. (captchas might be hard for visually impaired people, ip-bans might affect innocent people surfing from the same network, etc).