Form "Spam" issues

I've got a simple form that that sends results via email; all fields are required, using "phone" validation for phone number field, "email" for email field, etc, including a capcha field

http://baydosrvs.com/popup-trailers/new/112-flagstaff-205-mac

there is some custom code that inserts the page title:

<?php
if ( !$mainframe->isSite() ) { return; }
$article_id = JRequest::getInt('id', 0, 'get');
$title = '';
if ( $article_id ) {
  $db =& JFactory::getDBO();
  $query = "
    SELECT `title`
      FROM `#__content`
      WHERE `id` = ".$db->quote($article_id)." ;
  ";
  $db->setQuery($query);
  $title = $db->loadResult();
}
?>
<input type='hidden' name='title' id='title' value='<?php echo $title; ?>' /><div 

We're getting huge numbers garbage submissions - most, but not all from non-us ip address blocks:

Model	 2009 Shock Wave 23FL	 
Name	 Naseef	 
Phone	 PboGzGLONfTpsD	 
Email	 diannep@gwiz.org	 
Notes	 It's much easier to unerdastnd when you put it that way!	 


Submitted by 122.1.23.66

It appears these submission are machine generated!

1) the phone validation doesn't appear to work
2) how would a machine get past the capcha field?

4.0 RC3.5.2

Hi john.murray,

JavaScript validation if only really useful to help users complete the form correctly, most spammers will browse with JavaScript off so completely by-pass it.

Also human spammers and some of the brighter bots can find their way past Captchas :-(

I'd add Serverside validation on a couple of the inputs and maybe block some IP addresses if they are used repeatedly. There are FAQs with more info.

Bob

I'm totally impressed! Check the FAQ's and turned on Server Side Validation

Beer on the way.....

Hi john.murray,

Thank you :-)

Bob