Wow, my access logs of several domains are totally swamped with all that hacking activity, with overreaching attempts at compromising those poor-written php and perl scripts that some people do run! I have a plan:

If (404 or 403), and User-Agent does not contain “bot” or “Bot”, and the GET request is for a “.php?” or a “.pl?” resource, and, perhaps, the given IP address did not try to access robots.txt, then add the ip address to the firewall table, blocking access to http and smtp ports. Also, as part of the reply (firewall shouldn’t interfere with the reply, unless it somehow decides to flush existing connections matching the new rule), make sure that the connection would indeed be terminated (not waiting for any further pipeline), and an error code of something like 414 returned instead of 404 (with 414 being unique to this situation, such that it would be easy to grep through the regular apache logs to see who exactly got blocked through all of this).

Now I have to write it down in the language Apache 1.3 would understand. Probably could use either error handling facilities or mod_rewrite, then maybe a shell, Python or C handler.