We use Drupal as the content manager for the Healey Library website. For our contact forms, we use the Webform Contributed Module. We have gotten a lot of spam recently from bots that include BBCode in their submissions. Since we do not use BBCode on our site, I've taken the liberty of blocking all submissions that contain any BBCode. I've used the list of BBCode found on Wikipedia as a guide. Ever since, we no longer get any spam.
When you edit a Webform, there is a collapsible fieldset called Webform advanced settings. In the textarea labeled Additional Validation I include the following code:
<?php
foreach ($form_values['submitted'] as $field) {
if (preg_match('/(\[url\]|\[url=([^\]]*)\]|\[\/url\]|\[link\]|\[link=([^\]]*)\]|\[\/link\]|\[b\]|\[\/b\]|\[i\]|\[\/i\]|\[u\]|\[\/u\]|\[s\]|\[\/s\]|\[img\]|\[\/img\]|\[quote\]|\[\/quote\]|\[code\]|\[\/code\]|\[size\]|\[\/size\]|\[color=([^\]]*)\]|\[\/color\]|\[table\]|\[\/table\]|\[tr\]|\[\/tr\]|\[td\]|\[\/td\])/', $field)) {
form_set_error('', 'BBCode is not permitted. Please remove any BBCode from your submission and try again.');
}
}
?>
The code iterates through the $field array, checking if any of its values contains BBCode. If it does, the form throws an error. If not, nothing happens.
If anyone has any questions or suggestions for improvement, please let me know.