Spambots are very predictable. In the most basic sense, they are simple scripts, executed on either malware infested systems or webservers and serve the sole purpous of finding forms on websites (<form name....></form>) and fill them out, either with the goal to insert malicous (javascripts) scripts or to add urls to infected sites. Sometimes, they just exist for the pure sake of a bit of fun by the creator to see his little 'work of art populate the internet and spread the love...err message'.
Anyway, the most simple spam bot will simply look for <form> tags and fill out any inputfield it can find. More complex spambots have algorityhms to detect what kind of inputfield require which data, for example email fields that usually have some form of validation to check the validy of an email address. Even more complex bots can handle basic forms of captchas too.
Which brings me to the next point;
The easiest way to create a spam bot (one that works) is to target a specific platform. Why? Because regardless if its a f1 website, or a forum on girls-talk, dating etc - the common ground is that the platform behind it is the same application / board or website software. That means that all inputfield are named precisely the same in the HTML code, which makes it easy for a spambot programmer to target that specific platform. They also have the same captcha protection as a common-ground, and if the programmer can crack one, he cracked them all. When you have this, you have a dedicated spam-bot.
Unfortunately for those using purchased or downloaded platforms such as phpBB or others is that people who use these types of boards have zero programming expertice and simply rely on the software vendors updates to secure themselves against these types of attacks. So it's essentially hard to solve, unless you do have a bit of programming experience and are not shy of altering the software itself to make it differ from the rest. But then you can forget about all these comfortable updates.
Anyway, long point short - it's difficult to protect yourself against spam-bots if you are using generic software for your board or website. A easy example is Joomla, a CMS (content managment system) which allows many people to create complex websites through the use of the application. Easy and impressive, but they all suffer from the same security leaks. Hack one and the chance is you've hacked them all sort of speak. Same applies to forum software such as phpBB such as this one here.
Last point; How do you protect yourself from spam-bots?
There are a few techniques that work. Spam-bots are stupid - they are just a script by its creator that do what they were programmed for. If you add a hiddenfield - that is an inputfield that is within the html code but not visible through a browser because of its attribut (the property hidden through an external CSS attribut), a bot will likely still fill it out because it just assumes it's another field it can enter its rubbish into. If you then check upon submitting the form if that inputfield has data on it, simply discard it - it's likely originating from a bot. The other alternative is to use better captchas, but are a nuisance to legit board users.
How to solve it on this board? Make the registration step more difficult. For example; only allow new registrants to post on the site when they've been okayed by an administrator. Good because it avoids the crap being posted - but it wouldn't help with administrators having to do work and discard a list of new registrants that are all just bots.
Even better solution: if you have access to the php.ini file (essentially the php-config file), you can prepend a php-script to every page on this site - that checks every POST-Request-method (essentially, the request type that is used when a form is filled out and submitted) and do a bit of basic validation. If there is rubbish, simply throw an exit command to end the script and the data is never submitted into the database.
Easy as pie.
.