I regged specially to comment here.
There are a couple of automated ways to prevent stuff like this to happen besides the captcha and other stuff people suggested here. And as this forum is in php there are some well documented ways to fix this from happening again.
I guess when securing the forum a bit more we want to have the least impact on the users (us
) so captcha and such can be a bit anoying when there are other simpler ways still available
There are 2 most common attacks that I've seen , spambots and x-site scripting.
Sometimes the bots use X-site scripts to spam , but as I don't know how the httpd access logs look to know how the spam happens I'll give ways to fix this as well ;
I'll list them up (first == easiest to implement , last == most difficult)
1) restrict access via .htaccess file in the document root
ref link with example : http://www.spanishseo.org/block-spam-bots-scrapers
2) geoip module , restrict entire country's or ip-ranges from countrys (if spammers come from a few country's this is an easy fix :
ref link http://www.maxmind.com/app/php
3) Depending how the forum is coded , it might be interesting to use DNSBL and writeup a module or extention .
ref link : http://www.dnsbl.info/dnsbl-database-check.php
4) cross-site scripting is the most difficult to fix because php tends to be very flexible. So if the spammers use this kind of exploit the only solution is to check the values of every POST/GET request in the form fields. .. .... indeed a lot of work
ref link: http://en.wikipedia.org/wiki/Cross-site_scripting