Use the /. posting limitation. Record the time of a request and refuse all requests from the same ip address for x time. Just make sure to display on the error of the time limit not being reached some information for people with proxies and who may have used the back button to get to an erroneos page.

Not the best but makes data harvesting programs inefficient.