I'd start by focusing on preventing those queries ever getting to Funnelback - input patterns in HTML5 might be useful, but there's no guarantee that the spam bot would respect them.
If you're using the Modern UI, pre-process hook scripts would be worth investigating - a query can be examined and, prior to processing, be compared against undesirable patterns. You may want to then set the query to empty, or generate a state that would be similar to the initial search from.
See the example at: http://docs.funnelback.com/user_interface_hook_scripts.html#Processing%20additional%20input%20parameters
Alternatively, you may want to configure your initial forms to submit a benign URL key/value pair that is generated by user agents that support client-side scripting - the presence of this value in a form submitted to Funnelback can also be examined as a pre-process hook, with termination occurring in processing if the value is absent.
IP address filtering in the reporting blacklist might also be useful - assuming these spam bots are coming from a fixed set of IP addresses.
