Stealth Forms:

One of the latest SPAMers' techniques is to use a web robot to send their "message" to the owner of the HTML FORM page. This method usually bypasses the form itself, with its limits on field's input lengths (MAXLENGTH), and sends its contents directly to the processing CGI script. You can tell that this is happening by examining the contents of the received fields and see if any of them have lengths that exceed your specified maximums.

Blocking the originating site or IP is of limited use, since these robots commonly spoof their IP's so that each time they attack, they appear to originate from a different site anywhere on the Internet. Blocking input to the CGI script that appears to be coming from an off-site source, not your HTML page, is of limited value, since they can also spoof the originating URL, making it look like the source is local to the script's website.

VerbaCom® has developed a "stealth form technique" for blocking these SPAMs by allowing none of the visible fields in your form to be available for direct SPAM transmission to your receiving script. This will prevent robot spam/hacking attempts by hiding the form transfer variables and thereby limiting the "Bad Guys" entry points to the script and potentially the server.