This is what you do: ignore it. Blocking IPs will just keep you running around in circles and is ultimately a waste of time.
If spam is not actually being submitted then you really don't have a problem. The framework is doing exactly what it is supposed to be doing.
Quite frankly, I wouldn't bother investigating an error message like that unless it was preventing an actual user from doing what they need to do.
If you really just want the errors to go away then you need to do the following:
- Set
EnableEventValidation="true"
- Set
ValidateRequest="false"
EnableEventValidate
tells .net to see if the post came from clicking on a control that it had rendered. This should help prevent direct posts.
ValidateRequest
tells .net whether to test the inputs for html and other "dangerous" characters. Turning it off will stop your error message.
If you are simply trying to get spammers to stop hitting your site: close the site down. As that is the ONLY reliable way of keeping a spammer off of it.