My site was recently suspended for the second time because I was over my bandwidth quota for the month. The issue is that spammers are eating the bandwidth to the tune of 2-2.5 gigs a month posting URL's to my contact form. The contact form is not actually delivering those to me because I have a captcha but that hasn't stopped the bots from posting roughly 500-1K times a day. I've since made a list of the worst offenders and denied them access altogether via the .htaccess file but I'm still noticing posts to the contact form (see below):
18.104.22.168 - - [23/Sep/2009:12:30:30 -0500] "POST /contact.php HTTP/1.1" 403 - "http://www.mysite.com/contact.php" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
Because this is a legitimate action (posting to the form) I don't know what I can do outside of blocking them via the .htaccess until it dies off and then wait for the next bot to find a new attack vector. I'm wondering what other techniques are others using to stop this type of abuse. Thanks in advance.
If you don't get legitimate users from the following areas, just block entire IP blocks for all of Russia and the former Soviet republics, as well as Asia, and Nigeria, and you should stop 95% of spam. If you eliminate those regions, spam from all the other parts of the world combined amount to a trickle. Unfortunately if you get a lot of legitimate users from those areas then you can't do that.