A spam bot has found my sign-up form and is filling my database with spam submissions. The form is a basic asp.net registration that creates a new membership user and captures account information such as name, address, phone, etc. Rather than implement a captcha I plan to try a honeypot field. However, my question is not about prevention* but rather about security. What potential risk does form spam pose? I already parameterize all of my SQL to handle the obvious SQL injection stuff. What are the other risks? Is anyone aware of how one might use a bot to attack a site through the site’s form(s)? When do spam submissions represent more than just spam?
**Here are some posts related to prevention for anyone who is interested:*
Any security risks you may have are completely independent of whether the form is being submitted in bulk.
The only new security risk relates to what happens if the bots fill up your disk.