And note the error that John mentioned.
The die(); should be before the closing bracket }
To update on my progress, I got mine working with the contact form last night. They get one shot at it, but can’t access any other pages. The form knows if they came from the blackhole, so is extra careful what it does with the data.
Today I have altered it to trap those pesky folks tampering with URL variables. Within minutes of putting the new system live after some tests, I caught one.