You can prevent some hits by blocking bots before akismet catches them, these plugins can be very effective.
Plugins:
- Bad Behavior plugin: http://wordpress.org/extend/plugins/bad-behavior/
- Honeypot Traps: http://wordpress.org/extend/plugins/project-honey-pot-spam-trap/
- WP-Hashcash http://wordpress.org/extend/plugins/wp-hashcash/
- Zig Trap http://wordpress.org/extend/plugins/zigtrap/
Stop bots with no user agents from posting and directory browsing (this goes in your .htaccess)
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule .* - [F]
Options All -Indexes
Options +FollowSymLinks
If it’s still a problem consider contacting your host and using a firewall to block persistant bots or IP ranges ( for instance here is a list of bad bots, http://www.wpsecure.net/bad-bot-list/ ). This is not super effective as is, but an example of what your logs can tell you ( most bad bots use common browser user-agents).
Check out services like Cloudflare.