As for an exclusion in robots.txt, unfortunately you’re still going to be a target for the disobedient bots who deliberately scan robots.txt. I recently placed a honeypot in a page referenced by my robots.txt to track hits this way. Nonetheless, at least you’d prevent the easier Google-method for site cultivation. With the honeypot method, if an IP hits your honeypot as well as your guestbook, then the guestbook entry can be deleted immediately.

Essentially, it is a sign-by-invitation process. A potential signer must first provide a valid email id. They are then sent an email invitation with a unique link, valid for a single use and only valid for 24 hours. Using this link, the entry can be submitted. The submission is not active until I review it, although I haven’t had to reject a single entry yet.

I’ve put quite a lot of effort into defeating the spamming agents, and none of the four guest books I manage now get spammed. The most useful facility that I’ve incorporated is to ensure that the Add Entry page is only ever entered from the View Entry page, using a PHP session variable. All the bots fail at that stage.

See http://www.braemoor.co.uk/software/antispam.shtml for more details.

I am not a friend of those word - picture verifications, because you usually run it on a seperate server and are dependend on that server, and I just hate to type those stupid combinations that you can hardly read.

I would get about 70-100 spam entries A DAY without spam protection. I am on a multiple step strategy to prevent spam. The first thing that I recegnised about spam bot is, that they never filled the date/time stamp of my guestbook. So I changed my php script to look up, whether the date is filled to sort out spam. After 2 month with a 100% success rate (of correct filtering) I switched of the email notification that I used to verify the script.
Earlier this year the first spams came through again, this time filling the date field with stupid text. I got rid of that by checking for the years 2007 to 2011 (yes, I am too lazy to change it every year …).

Alternatively I could think about a hidden field having a check value. Spam bots do not seem to use the “post” button.

What I did not find up to now is a forum, group or similar to exchange tactics and to involve the search engine providers in a anti spam strategy.
At the moment the spam entries just go to nirvana. For the future I would like to collect them seperately.
Now if you find a group of webmasters who would participate to:
- develop a good verification picture free strategy against spam ebtries
- realise and publish them in Java script, php, perl etc. as freeware
- collect spam entries in in seperate “spambooks”
- convince the search engine providers to use those spambooks to DOWNRATE websites

Maybe that would be a starting point to reduce those spam entries for the future.

If anyone would like to join in, knows a good group or forum for that, I would be happy to get an information. My email can be found on my website. Please feel free to contact me. if someone is interested, you can find my guestbook at http://www.hereiam.de/NZ/output.php
Contact me for the php code

Why not make a guest book that works only after the spammer has completed a payment of $1 through paypal?
You can add a note on the guest book that genuine visitors will receive back their money after having checked he is not a spammer.
You can even add a note “Spammers, you are all welcome, prepare your credit card.”

dont be such a whiny little bitch and just take the load.

here, i also list few great spam fighting links.
http://it.dennyhalim.com/2007/01/close-to-perfect-htaccess-ban-list.html

solution:
[input type=”text” name=”emailxyz”]
and php code for it
$email=$_POST[’emailxyz’];

where xyz is some random text.
If the webform gets spammed again - change the text.
Spammers must be desperate to handle multiple versions of webforms, and cannot adapt so fast.
BTW. I have a addentry.php script without any webforms and it gets spammed few times a day - spammers didn’t even bother to check it.

As Lemat says using the noindex meta tag should stop Google listing it regardless of the link they followed.

I have had to rename both my forum and guestbook folders before now. Not because they were getting spammed but because of the amount of attempts to spam them.

Now I have a pretty good htaccess file to block access from certain places such as layeredtech, asianet.co.th, seamnetworks.net and so on. I also check my logs regularly to see if I am getting a stupid amount of hits from anywhere.