Add me to the "me too" list. I've been getting form-spammed for 3 days now. The problem is my form emails me and only me. 20+ submissions in intervals somewhere between 8 and 12 hours apart. I've looked into various attack methods and my code is clean, but it sure is annoying.
Same thing has been happening to a form on a site of mine. Thanks for the code, hopefully it works tomorrow.
If Just check the value of the sumbit button, if It is not what you expected , don't send the mail...
instead of using image verification, there are other easier-to-implement methods that work well too (to counter bots)... e.g. think of 30 really easy to answer questions... e.g. how many fingers does a normal person have; or how do you spell hello backwards... put these questions as part of the form... if the answer is wrong, don't proceed...
Hitting guestbooks is a popular blackhat spamming technique, usually with the aim of creating backlinks. Candidates for spamming can easily be found with a bit of "Google hacking" ... one thing that can be done to lessen the volume is remove the tell-tale signature from the bottom of your guestbook script (eg something like "Powered by PHP Guestbook 1.2.3"). This is how large numbers of sites are automatically harvested for spamming. A tool such as CURL then allows spammers to easily create a bot that submits data to a form. Other than that, image verification/challenge systems can also slow most bots down.