The Web-based contact form on my site has been under distributed spamming attacks for nearly a month already. Obviously, a spammer has tried to generate HTTP requests containing ads to male drugs and all sorts of similar stuff directly to the form mail processor script on my site using a robot, as I can see from my logs that dozens of them were being recorded nearly every hour.

Although I have programmed some trickeries with the form processor way back in 2006 that was sufficient to prevent those spam mail from actually being sent to my mailbox at all, the attacks are filling up my log files and I think I should do something to stop that, as they are also wasting my bandwidth and processing power having to serve them.

The spammer has apparently been able to attack hundreds of hosts and launch the attacks through them, as nearly all spam were originated from different IP addresses and thus far I have been able to capture several hundreds IP addresses of those initiating those requests over just a couple of weeks. However, the design of my form allows me to find out the original IP address from which the form used in the attacks was initially captured, which resolves to an IP address from a netblock owner in New Jersey, who captured the form in mid March 2007 which was then used in all attacks thereafter.

As I know you all are seasoned sysadmins, what should I do now? And have you all experienced similar issues, and how did you go about that?