Doesn't block direct POST spam

I’ve got latest version of your plugin installed and it works, users have to solve the equation to post the comment. However I still see that some spammers pass the protection.

In apache logs I see that the use direct POST, for example:
37.115.198.33 – – [19/Oct/2013:16:26:27 +0200] “POST /wp-comments-post.php HTTP/1.0”

Could you please advise how to stop such a spam? Maybe you are already working for the solution in your plugin?

http://ww.wp.xz.cn/plugins/wp-math-captcha/