Project HoneyPOT is very good to avoid spammers, hackers and crackers, before they arrive to your sites. Modsecurity can implement this, and COMOD could add this.
Project HoneyPOT:

How to do it:

# This is your HoneyPOT API Key

#This is the rule
SecRule TX:REAL_IP|REMOTE_ADDR "[at]rbl" \
  msg:'COMODO WAF: HoneyPOT Project Match of Client IP',\
  SecRule TX:0 "threat score (\d+)" \
    SecRule TX:1 "[at]gt 20"

Just for you to know, what this does, look at this, spammer stoped:

901: COMODO WAF: HoneyPOT Project Match of Client IP
Request:	GET /index.php?option=com_phocaguestbook&view=phocaguestbook&id=1&Itemid=72
Action Description:	Access denied with redirection to using status 302 (phase 1).
Justification:	Operator GT matched 20 at TX:1.

Thank you for sharing this very useful information !

I’m sure our rulewriters will appreciate it :P0l
And willing customers can add this to Custom Rules right now.

Project Honeypot can also be enabled as a blocklist through CSF firewall. Wouldn’t it be more efficient to block those users that way?

From CSF Firewall? Very different, many ip’s that visit our site are not on the list that CSF download, you’ve to use the DNS RBL to catch them, plus you use the SCORE, only above 20 should be blocked.

It’s much more efective, than CSF Firewall Honeypot. Also i’ve both, and this rule catchs alot of ip’s that are not on the CSF List.

I could not get this working.
I came across

With a mixture of yours and the other, I am currently using the bellow.

SecRule TX:REAL_IP|REMOTE_ADDR "[at]rbl" "id:'901',chain,phase:1,t:none,capture,block,msg:'COMODO WAF: HoneyPOT Project Match of Client IP.',logdata:'%{tx.httpbl_msg}',setvar:tx.httpbl_msg=%{tx.0}"
        SecRule TX:0 "threat score (\d+)" "chain,capture"
                SecRule TX:1 "[at]gt 20"

EDIT: [at]'s should be at symbol with no brackets (the forum even using code tags is changing it.

EDIT2: The blocked IP’s are pouring in.