Last year a bunch of people (including me) were followed by spam accounts from a very small server.
Ugly detail: These were Ukrainian servers, the admins at that time had no power and internet connection. The spammer misused that situation ...
Reducing (not preventing!) that sort of problem only could be done by a multi headed 24/7 mod team or by switching off instant sign up (which was the solution of the Ukrainian admins, IIRC, after they had internet access again).
You can't completely prevent spam in an open environment.
@unixwitch I am aware of that incident. And yes, switching off open registration if one's instance cannot handle moderation is a perfectly valid way to deal with this.