|Think about Loose Coupling|
A good way to install this to use SSI to invoke your script. This will make the page appear to be normal HTML. Use the 'xbithack' directive for Apache and set the execute bit to cause your booby-trapped HTML page to be parsed. This will prevent spambots from identifying your program as a CGI script and avoiding it.
This way the spambot will see something like "myfriends.html" rather than "script.pl" or "script.shtml".
The complete solution will need these steps:
In your Apache config file, set Includes to on
* Options +Includes
Set xbithack to on
* XBitHack on
Now on the command line
Reload Apache and wait. For more amusement, examine the server logs to see how many spambots you trapped.
Update: I forgot to add you have to load mod_include. For Debian users, it's in you /etc/apache/httpd.conf file. Uncomment the appropriate LoadModule line. Set up the Handlers in srm.conf. Also the Options +Includes line can be found in access.conf