Hello everyone,
I know I've been absent for a while, but it's been for good reasons. Unfortunately I'm coming at you today with a problem I've hit a dead-end with. (Furthermore, this may not be the right forum to discuss this topic).

When I landed my position last year to redevelop one of our client's webpages, there was a test form that was lingering around on the old website. Needless to say, I happened to delete that test form and any instances I could find of that code. The problem is, today, I'm still getting spam from that form.

The page is not indexed in our sitemap, nor in our htaccess. What additional steps should I take to resolve this issue?

A form has two parts: the front-end form you fill out, and the back-end part that does all of the processing.

It's possible that you just deleted the front-end form itself, but there are spam bots that are hitting the back-end part directly.

Sorry Dani, I should have clarified this a bit more. When I deleted the form, I deleted the back-end page of it, where the PHP processing code was. Could it possibly be that the remaining front-end (if it's still lingering) could process the form even without the back-end? Just to clarify, the forms that were created all had a back-end protocol in processing.

No, that's not possible. There needs to be some back end code that does the processing in the form of sending an email, posting to a database, etc.

Thats what I thought Dani, thanks - I have a sudden suspicion that the back-end of the page is being indexed through Google and it's somewhere still relevant in Google's memory. Call it a hunch if you will, but I searched high and low and can't find any other instances of where the form would be coming through. The one step I did take was to use Google's remove URL tool. Perhaps that does something. Only time will tell.

No, that's not technically possible. Google is only able to retrieve front-end stuff, such as HTML / CSS / JavaScript, same as a web browser, and that's what it caches.