Effective SPAM block?

[bjlolmaugh]

I am looking for some suggestions on effective ways to stop spamming.
I just implemented some forms, using the built-in PHP processor.
I am using a Honeypot field, and I have a Validation field on the form that requires an exact match.
I believe the main issue is these are more than likely humans spamming the forms, not a spambot, so getting past a validation field, or a captcha code is no obstacle.

Is there anything else I can use to help block these?

[wwonderfull]

When an actual person is doing it there is nothing much which can be done about this.

But from my perspective making it difficult for bots or spammers also makes it difficult for average humens. But if you still want top security then a server sided otp verification for any emails submitting form can be an option. But that would require custom codes but possible.

[Pablo]

Maybe this is helpful?
https://www.wysiwygwebbuilder.com/forms_antispam.html

However, if the spam is submitted by a human then it will be difficult to block it.

[BaconFries]

You can also use the likes of a .htaccess to prevent a range of ip addresses the downside of this is that you can also block legitimate users from using the form to make contact or even access the site or sites.

There is also the possibility to block spam/offensive words phrases being entered into the textarea and they won't be submitted. One method is just javascript the other is using php and having the words stored in a database and called when the form is submitted and blocked. Neither is available and would require a custom solution to work.
Here is an example from codepen.io
https://codepen.io/mcfan/pen/xVVNwy
Another example from jsfiddle test with one or all of the following words crap, ugly, brat, basterddouch
https://jsfiddle.net/raam86/QZW7K/2

[bjlolmaugh]

But if you still want top security then a server sided otp verification for any emails submitting form can be an option. But that would require custom codes but possible.

Unfortunately, the hosting company that I use does not support server side verification.

[bjlolmaugh]

You can also use the likes of a .htaccess to prevent a range of ip addresses the downside of this is that you can also block legitimate users from using the form to make contact or even access the site or sites.

I am currently doing this. I always look up the IP Address to see where it is located. If outside the US, I block that IP (all my clients/customers are in the US and do not have an outside of US audience.