I would like to include BotScout to my custom php contact form, but i'm not sure where to call the BotScout.php file. The form fields are populated from a database. The BotScout.php file set to check the email and ip. Do I use

// BotScout.com "BotBuster" check
 include('/path/to/my/directory/BotScout.php');

If yes, where can I include it to function?

<?php
if (!empty($_SERVER['HTTP_CLIENT_IP']))
    {
      $ip=$_SERVER['HTTP_CLIENT_IP'];
    }
    elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']))
    {
      $ip=$_SERVER['HTTP_X_FORWARDED_FOR'];
    }
    else
    {
      $ip=$_SERVER['REMOTE_ADDR'];
    }
?>

<div class="<?php echo $form_details['form_style'] ?>">
    <?php
    //load page helpers and libraries
    if (isset($form_details['form_helpers'])) {
        foreach (explode(' ', $form_details['form_helpers']) as $helper) {
            $this->load->helper($helper);
        }
    }
    if (isset($form_details['form_libraries'])) {
        foreach (explode(' ', $form_details['form_libraries']) as $library) {
            $this->load->helper($library);
        }
    }
    ?>
    <?php echo form_open($this->site->uri_string() . '#' . $form_details['form_name']) ?>
    <?php echo form_hidden('form_id', $form_details['form_id']) ?>
    <?php echo form_hidden('form_name', $form_details['form_name']) ?>
    <?php echo form_hidden('request_ip', $ip) ?>
    <?php echo form_hidden('request_agent', $_SERVER['HTTP_USER_AGENT']) ?>
    <?php echo anchor('', ' ', array('id' => $form_details['form_name'])) ?>
    <h2><?php echo $form_details['form_title'] ?></h2>
    <h3><?php echo $form_details['form_instructions'] ?></h3>
    <?php foreach ($form_details['fields'] as $field): ?>
        <?php if (isset($this->site->customer_info[$field['name']])): ?>
            <?php if ($this->site->customer_info[$field['name']]): ?>
                <?php $field_value = $this->site->customer_info[$field['name']] ?>
            <?php else: ?>
                <?php $field_value = $field['label'] ?>
            <?php endif; ?>
        <?php elseif (set_value() == TRUE): ?>
            <?php $field_value = set_value($field['name']) ?>
        <?php else: ?>
            <?php $field_value = $field['label'] ?>
        <?php endif; ?>
        <?php if ($field['type'] == 'input'): ?>
            <input class="<?php echo $field['style'] ?>" type="text" <?php if(!empty($field['max_length'])) :?>maxlength="<?php echo $field['max_size'] ?>"<?php endif; ?> name="<?php echo $field['name'] ?>" value="<?php
            if (($this->input->post('name_first')) == '') {
                echo $field['label'];
            } else {
                echo set_value($field['name']);
            }
            ?>" onfocus="if (this.value == '<?php echo $field['label'] ?>') this.value = ''" onblur="if (this.value == '') this.value = '<?php echo $field['label'] ?>'" />

        <?php elseif ($field['type'] == 'textarea'): ?>
            <textarea name= "<?php echo $field['name'] ?>" onfocus="if (this.value == '<?php echo $field['label'] ?>') this.value = ''" onblur="if (this.value == '') this.value = '<?php echo $field['label'] ?>'" class="<?php echo $field['style']; ?>"><?php echo $field_value ?></textarea>

        <?php elseif ($field['type'] == 'select') : ?>
            <?php echo form_dropdown($field['name'], states_dropdown_abbr(array('' => 'State')), set_value($field['name']), 'class="required_input state_input"') ?>

        <?php elseif ($field['type'] == 'radio') : ?>
            <?php echo form_label(form_radio($field['name'], $field_value, FALSE) . $field['label']); ?>

        <?php elseif ($field['type'] == 'label') : ?>
            <?php echo $field['label']; ?>
        <?php elseif ($field['type'] == 'submit') : ?>
            <div class="clear"></div>
            <?php echo form_submit($field['name'], $field['label'], 'class="' . $field['style'] . '"') ?>

        <?php endif; ?>
<?php endforeach ?>

<?php echo form_close() ?>
    <div class="clear"></div>
</div>
Thank you for any help.

Many of the IP addresses of these bots are NOT showing up in the Botscout database.

That's because new IPs are constantly being used and discarded; it's literally impossible for anyone or any service to keep up with it 100% because there is no way to predict in advance what IP or IP range the spammers will use next.

I suspect that they're being used only to create accounts, so they're not triggering the honeypots.  The botters presumably use other bots to attempt to create the spam.

That's also possible.

Some samples of these registration bots:  113.212.71.10, 86.178.209.126, 188.126.69.148 (in DB), 66.249.73.237, 198.167.239.164, 188.142.16.131 (in DB), 108.20.177.249. 192.95.38.127.

As you can see, only a quarter of the bots are in the Botscout database.

Yes, please see above. As new IPs are caught they're added, but there will always be a lag regardless of how you do it or what service you use. It's simply not always possible to tell if a given registration event is from a bot or a real person (who may in fact be a spammer).

This isn't going to stop the spammers from clogging my user database with their crap.  Any idea what's going on here?  Is a honeypot based on user registrations a good idea?

Nothing will prevent all bots or humans acting in concert with bots. You may want to add some additional layers of spam or bot protection (hidden fields, time-gating, stronger CAPTCHAs, etc). But nothing will completely stop spam registrations, the best you can hope to do is reduce it radically. In some cases manual validation of registrations may be necessary.

Is reporting the IP addresses at http://www.botscout.com/bot_submitter.htm a good idea?  I tried entering some IP addresses there (no e-mail or name is available), but there is no acknowledgement after I submit the form, so it's hard to tell if that does anything.

You need all 3 items (IP, e-mail, and name) for a valid entry.

I am running a Drupal site.  Drupal has forums built-in, but I don't have them enabled.

The site is getting a steady stream of bots attempting to register accounts.  They go to the 'user/register' URI and attempt to create an account.  I eventually turned off self-registration (buying a product gets you an account).  There are now no links to this registration page, so these aren't spiders.  Before I turned off registration, these bots attempted to add content to the site, so they're definitely link spammers.

Many of the IP addresses of these bots are NOT showing up in the Botscout database.  I suspect that they're being used only to create accounts, so they're not triggering the honeypots.  The botters presumably use other bots to attempt to create the spam.

Some samples of these registration bots:  113.212.71.10, 86.178.209.126, 188.126.69.148 (in DB), 66.249.73.237, 198.167.239.164, 188.142.16.131 (in DB), 108.20.177.249. 192.95.38.127.

As you can see, only a quarter of the bots are in the Botscout database.  This isn't going to stop the spammers from clogging my user database with their crap.  Any idea what's going on here?  Is a honeypot based on user registrations a good idea?

Is reporting the IP addresses at http://www.botscout.com/bot_submitter.htm a good idea?  I tried entering some IP addresses there (no e-mail or name is available), but there is no acknowledgement after I submit the form, so it's hard to tell if that does anything.

Thanks to Jimmy Pena, there is now a BotScout plugin for the MyBB Forum.

Thanks, Jimmy!

once I install this mod, do I need to do something else? enter an api key? if so where do I enter it?

thanks.