Enabling / Disabling Checks
The Http:BL, Stop Forum Spam and Honeypot checks can each be disabled independently if you wish. For the best results it’s recommended that all three are left enabled.
Type of filtering
Even if you intend to use the ‘block form submissions entirely’ approach, I’d recommend using ‘flag email subjects’ for a little while so that you can monitor submissions and tweak your settings as necessary. Once you’re happy that you have the optimum setup for your site then you can switch to blocking submissions, if preferred.
Days since last activity
This is the number of days since an IP address was last caught misbehaving. To avoid flagging IP addresses that are legitimate I’d recommend setting quite a low value, e.g. 7 days.
Http:BL Threat score
This will be a number between 0 and 255. You will probably want to set a low value for this as it is calculated on a logarithmic scale. A rating of just 50 equates to 10,000 spam messages. See the http:BL threat score page for more info.
Http:BL Visitor type
The visitor type refers to the type of activity that the IP has been associated with, using a numeric scale which goes from 0 (search engine) up to 7 (suspicious + comment spammer + harvester). I’ve found that the Comment Spammer setting works well.
Honeypot field names
If you choose to add a honeypot field to your forms then this setting will determine the name of said field. Although common field names may do a better job of catching spammers you should be careful as they are also more likely to trigger the autofill behaviour in a user’s browser, which would result in their submission being blocked. You mustn’t use a field name that any of your forms actually rely on!
If you specify a name that one of your forms actually uses then you’ll have all sorts of problems, including false positives. You can enter as many names as you like, separated by commas, and one will be chosen at random when your forms are generated.
The UCE Protect database is primarily intended for blocking spam email, but it works nicely for blocking spam form submissions too. No registration is required to use the system, but you should read up on the different blocking options to decide which one suits you best. You can choose from conservative, moderate or aggressive blacklists – it’s highly unlikely that you would want to choose the latter.
Once you’ve installed Omnilog simply enable logging in the FAS settings. By default FAS will only retain the 30 most recent blocked submissions, but you can tweak this value to suit your needs.