First thing to look at is whether the spammer's IP is consistent.

If so, you can probably block it with impunity.

If not, he either has a dynamic IP or you have attracted a botnet.

I would check carefully that your form is secure and all inputs are properly validated.

...

another option might be to analyze the input, if he is putting the same data all the time then you might have something else to ban on

any pattern to any data about him would help

I think the real point here is that your form should be spamproof regardless of IP.

There are various methods to lock it down, details all over WebmasterWorld.

A spammer is unlikely to be sending email only to you from your form.

...

>> A spammer is unlikely to be sending email only to you from your form

that's possible but definitely not guaranteed. We can't assume to know how well locked up this form is.

We can't assume to know how well locked up this form is

Point taken, but that is of course the reason why I posted the cautionary note.

...

Try this function it returns an IP. But like stated earlier you can't do anything if he is spoofing his IP.
//this function return the client's ip address.
function ipAddress(){

if (isset($_SERVER["REMOTE_ADDR"])){

return $_SERVER["REMOTE_ADDR"];

}//if

elseif (isset($_SERVER["HTTP_X_FORWARDED_FOR"])){

return $_SERVER["HTTP_X_FORWARDED_FOR"];

}//else if httpx

elseif (isset($_SERVER["HTTP_CLIENT_IP"])){

return $_SERVER["HTTP_CLIENT_IP"];

}//else if http client

}//ipAddress

Also try this captcha script
<?PHP
// Adapted for The Art of Web: www.the-art-of-web.com
// Based on PHP code from: php.webmaster-kit.com
// Please acknowledge use of this code by including this header.

// initialise image with dimensions of 120 x 30 pixels
$image = @imagecreatetruecolor(120, 30) or die("Cannot Initialize new GD image stream");

// set background and allocate drawing colours
$background = imagecolorallocate($image, 0x66, 0x99, 0x66);
imagefill($image, 0, 0, $background);
$linecolor = imagecolorallocate($image, 0x99, 0xCC, 0x99);
$textcolor1 = imagecolorallocate($image, 0x00, 0x00, 0x00);
$textcolor2 = imagecolorallocate($image, 0xFF, 0xFF, 0xFF);

// draw random lines on canvas
for($i=0; $i < 6; $i++) {

imagesetthickness($image, rand(1,3));
imageline($image, 0, rand(0,30), 120, rand(0,30), $linecolor);

}//for

session_start();

// add random digits to canvas
$digit = '';

for($x = 15; $x <= 95; $x += 20) {

$textcolor = (rand() % 2) ? $textcolor1 : $textcolor2;
$digit .= ($num = rand(0, 9));
imagechar($image, rand(3, 5), $x, rand(2, 14), $num, $textcolor);

} //for

// record digits in session variable
$_SESSION['digit'] = $digit;

// display image and clean up

header('Content-type: image/png');

imagepng($image);

imagedestroy($image);
?>
in your form set an img tag like this
<img src = "whateverYouSaveThatScriptAs.php">
<input type = 'text' name = 'captcha'>
then in your php check to see if $_POST['captcha'] == $_SESSION['digit']

Thanks for the input everybody.

I have tried the consistent data submitted approach, the bot, I am quite sure it is, has now gone from every drug you can think of to casino and gambling type spam. So now my list of words to ban is getting a bit big.

The form only mails to me through the script. It can only be called from my url. It's decently locked down.

Will have a look at the Captcha.

Thanks everyone.

I had the same problem and that captcha script worked for me. It's not hack proof but that's not what it's about. It's all about making your form hard enough to hack that they just go somewhere else.

....every drug you can think of to casino and gambling type spam.

These kind of people do not have enough time to do things manually, and it simply isn't "worth it" for them to keep trying to break your stronger and stronger security. I am 100% sure its coming from their bot (i know allot of such people) and putting a captcha will realy help allot.

The other thing they do is that when their post succeedes on any form on your site, they will record that url and will keep the url for other posts and also share it within their network, Put a Captcha and its bound to reduce to a huge huge extent. I would assume this specific bot will stop coming back (they also keep a list of failures and dont go back) but then i dont want to take any bets.

And trust me allot of us start concluding about these things as "hacking" or "targetted attempts", they usually are not. Just add a little bit more security and you are good, Don't need to be foolproof.

[edited by: Anyango at 2:33 pm (utc) on Nov. 13, 2008]