One thing I noticed by spammer when register.
They use one name to fill in all the fields in the form, so I created a rule on the registration page that is lastname == firstname get the ip, added into the database in the ban list table, stop the registration and redirect to a 404 page, send myself an email with all the fields value to check it out, making sure I was right for blocking him and don't allow that ip access anylonger.
I already have few in the database and some of them even came back, but because is on the ban list they get the nice 404 page.
Some of them are using the search facility to send email so in this case I get the search string lenght, remove popular letters used to send emails like:
PHP:
"\\", "@","x-mailer:","subject:","bcc:"
stop the search and show a nice message:
PHP:
if(strlen($sq) > 50){
$_SESSION['sKeyword'] == "";
// search words to long probably x-mailer stop the code from executing
echo "<fieldset><legend style='color:red;background-color:yellow'>Attention</legend>
You need to enter a search word/s to get some sort of results<br />
or you are using too many words. Probably you are an automated x-mailer, so keep away. Thanks
</fieldset>";
require_once "1_footer.php";
die();
}