Comment/feedback/form submission abuse may be from humans being a nuisance or malicious, or from spambots creating unwanted activity and site pollution.
Although a notoriously difficult issue to address other than through moderation there are some configurable mechanisms available that attempt to minimise the possibility of site abuse and DOS. All apply to Reader Comment and some to Reader Feedback and to Reader Form.
VWcms, not being a LAMP style application, probably has some immunity due to the relative obscurity of its interface. However 'bots have had a lot of development time invested in them and are highly sophisticated applications. There has been at least a couple of instances of probable spambot activity on the VWcms comment interface! (Though it's difficult to tell human from spambot, and from human-assisted spambot.)
Q and A to Comment
A question and answer challenge attempts to exclude automated spam generation by requiring additional input that would be difficult for a machine to identify as such and produce an acceptable response for.
See Using Q&A.
reCAPTCHA to Comment
A CAPTCHA is a program that can tell whether its user is a human or a computer. You've probably seen them - colorful images with distorted text at the bottom of Web registration forms. CAPTCHAs are used by many websites to prevent abuse from "bots," or automated programs usually written to generate spam.
See Using reCAPTCHA.
Ticket to Comment
A ticket is a unique string, provided by VWcms, which must be included in the comment/feedback text by the user. When a comment/feedback page contains a $$TICKET$$ directive VWcms requires the specified ticket in the comment/feedback text or it will be rejected. This is an attempt to defeat spambot automation.
See Using Tickets.
VWcms comment files store the request user-agent string. These can be examined to determine if a 'bot has some identifying agent string characteristic and excluded from site access using the [reject-agent] and/or [comment-reject-agent] configuration directives.
This site may be of some assistance
The comment or feedback (email) text can be examined for specific strings and rejected if present. There are two variants with this.
Maximum Comment Size
Configuration directive [comment-max-chars] sets the maximum size of any single comment in bytes.
Maximum File Size
The total comment file size in kilobytes can be set using directive [comment-max-size]. (Reader comment only.)
Directive [comment-min-interval] sets the minimum interval in seconds between successive posts from the one host IP address. (Reader comment only.)
The maximum number of postings against any individual comment from any single host can be set using the [comment-host-max] directive. (Reader comment only.)