OK, no big deal: just a few minutes of my time. Dumb bots attack websites all the time. Whatever vulnerabilities my server has (and I’m sure there are some), that kind of bot probing my contact form is no threat – except insofar as it could become a DoS.
This morning, another 740 messages. From an even briefer probe: all at 03:59 and 04:00. Checked the IP they all came from, and firewalled it off. With a DROP rule, of course. If it recurs from elsewhere, I’ll have to take a view on whether this approach can be extended or is useless.
If I can be arsed, maybe I’ll stay up and tail the log tonight, starting 03:50 or so. Wonder if the perpetrator can be pwned while in action? On second thoughts, maybe not at that hour, doubly not after the couple of pints I regularly enjoy on a Thursday evening.