I am running a LAMP web app where registered users can post classifieds, similar to craigslist. Recently I discovered that there seems to be a bot which is frequently posting fraud classifieds and I somehow can not get hold of it. The bot seems to only do a form post as the tracking log does not show any "thank you page" after posting or "entry page" before posting:
The PHP file that posts the classified verifies for certain keywords (similar to spam assasin) and by using the browser to create classifieds one can not create any with the text he is posting.
I am wondering how I could prevent him from posting. There is captcha, email and even SMS verification before he get's an account but once he has a verified account there is no captcha anymore but text recognition which somehow failes.
What would be a good strategy from preventing the bot from posting again? I seem to run out of options.