Nice choice on using SMF for the forum software. I've always liked it better than PHP. That said, with the lack of at least email authentication you can guarantee spam floods. I use the software for pretty much a nothing site, hidden in a sub-directory and I had to resort on using Member Approval (aka, every member had to be manually approved by me) and High Complexity on the visual verification.
Though honestly I don't think the visual verification stops anything other than people with bad eyes because I'm convinced the bots find a loophole around them. At the very least I'd require e-mail activation. But that's just me.
I've ran my own forums on and off over the years and for some reason I can not grasp, spammers still think that flooding forums is a good way to sell their cra....products....