But this hasn't helped much; I still get a few of them, though I can't figure out how they can be generated. Any advice?
Yeah... you could add a spam/bayesian filter to your form processing or use a web service like Akismet to see if it may be spam.
Another option would be to log the user-agent and ip address that was used so you can track down what the spider was using. You may get lucky and find that it's coming from a specific user-agent/ip and be able to easily throw away the form submissions from it (you don't want to block it outright because it might detect that it's being blocked and change its user-agent or something).
Of course, if I was a spammer, I'd use a normal user-agent and spoof a different ip each time... in which case a spam filter is your only defense (I think).
-Rob _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
