They do hunt in packs. I have a daily special for that: once it is detected to be a a bot(various methods) the ACTION of the form is changed to random thisbutifulwebsitesisyourdistanation.tld/guestbook/ and let them eat the cake there, and get a free 2 litter Diet Doctor Pepper while they are at it.

On the other note just picked up a client (xcart) that has a Gardening site, they were working on the content for the past several years, over 1400 pages with really interesting info about Plants and such. Few months ago their developer installed/activated Review Product plug-in. With in days site was bloated with comments posted by bots. Site tanked in SERP. I have deleted over 20 Megs of spam comments from DB. Really a shame.

We seem to be fairly free of formspam now, partly due to obscure-ish sites and partly due to blocking certain countries from posting, but I think mainly from keeping forms out of SEs, where spammers seem to get a fair few URLs from, and killing baddies in general before they get that far.

The form submission system for complaints is something new on the server. It used to display an unlinked URL but a customer got feisty about his customers being too thick to understand how to complain (they use some very paranoid access methods and can't seem to understand simple instructions).

A few hours ago I had five submissions together, all from various internetserviceteam / NETDIRECT IPs - now there's a surprise!

These were not formspam - they were immediate submissions, not delayed like the earlier one - and had no content in the free-entry field. I'm rather at a loss as to what they were doing.

Oddly, they didn't invoke the Thanks page, which got me wondering. I think it's because there is a redirect within the form parser to send the browser to a different script - browsers are ok with this but some robots seem upset by it; although not the form spammer.

NETDIRECT IPs are, of course, all blocked but the point of a complaints tool in this scenario is that you have to let the jerks through. Well, maybe. Soon as I get time I'm adding a trap to the trap. :)

78.159.112.nnn
69.46.16.nnn
89.149.253.nnn
212.95.63.nnn
212.95.63.nnn

Forgot to mention:

All five postings were from the one original form access from 78.159.112.nnn, all posted within 8 seconds of the original access and all with the same (deformed and obsolete) UA:

Mozilla/4.0 (compatible; MSIE 5.0; Windows 98; DigExt\)

The site gets a lot of scrape and injection attempts.

dstiles, instead of all these complications, why don't you simply protect your forms? just use some basic html with stylesheets (not a captcha to waste your visitors time) and verify legitimate form submission when the form is processed. Right then, its easy to tell if it's a bot and so you reject the submission outright.

I do. As well. There are some forms you cannot protect and some people you cannot protect them from.

In this case the lack of protection is deliberate since it's designed as a method whereby people blocked from my server can bring legitimate complaints, so it has to be open - although not as open as it currently is: this is an opening from a previously closed system which for some reason complainers found difficult to comprehend.

This is only incidentally about forms: the complaints are about being blocked from sites in general, not from normal forms, which are seldom a problem since they have their own protection.

This is partially experimental anyway, and is producing some peculiar results and interesting insights.