Good people, I seek enlightenment on the following issue: I have a Linux server hosting a LAMP app which is accessed by a controlled group of users. I am using an aggressive version of the 5G htaccess based application level firewall from http://perishablepress.com/5g-blacklist-2012/. Every so often, I check the Apache error logs and there are these IP addresses attempting to access non-existent URLs on the server. I assume these are script kiddies, no? So, I would like to write a script or something which will automatically block an IP address from accessing my server if the said IP address accesses more than 3 non-existent URLs on my server. Can someone please point me in the right direction? Example of URLs being accessed are: 3 [Sun Jan 06 08:02:11 2013] [error] [client 96.254.171.2] client denied by server configuration: /var/www/headers 4 [Sun Jan 06 11:53:23 2013] [error] [client 218.107.247.254] client denied by server configuration: /var/www/ 5 [Sun Jan 06 22:37:31 2013] [error] [client 77.221.148.82] client denied by server configuration: /var/www/w00tw00t.at.blackhats.romanian.anti-sec:) 6 [Sun Jan 06 22:37:31 2013] [error] [client 77.221.148.82] client denied by server configuration: /var/www/phpMyAdmin 7 [Sun Jan 06 22:37:32 2013] [error] [client 77.221.148.82] client denied by server configuration: /var/www/phpmyadmin 8 [Sun Jan 06 22:37:32 2013] [error] [client 77.221.148.82] client denied by server configuration: /var/www/pma 9 [Sun Jan 06 22:37:32 2013] [error] [client 77.221.148.82] client denied by server configuration: /var/www/myadmin 10 [Sun Jan 06 22:37:32 2013] [error] [client 77.221.148.82] client denied by server configuration: /var/www/MyAdmin 11 [Mon Jan 07 07:47:44 2013] [error] [client 96.254.171.2] client denied by server configuration: /var/www/headers 12 [Mon Jan 07 08:37:14 2013] [error] [client 96.254.171.2] client denied by server configuration: /var/www/headers 26 [Thu Jan 03 21:30:13 2013] [error] [client 64.34.163.23] client denied by server configuration: /var/www/install.txt 27 [Thu Jan 03 21:30:13 2013] [error] [client 64.34.163.23] client denied by server configuration: /var/www/cart 28 [Thu Jan 03 21:30:13 2013] [error] [client 64.34.163.23] client denied by server configuration: /var/www/zencart 29 [Thu Jan 03 21:30:13 2013] [error] [client 64.34.163.23] client denied by server configuration: /var/www/zen-cart 30 [Thu Jan 03 21:30:14 2013] [error] [client 64.34.163.23] client denied by server configuration: /var/www/zen 31 [Thu Jan 03 21:30:14 2013] [error] [client 64.34.163.23] client denied by server configuration: /var/www/shop 32 [Thu Jan 03 21:30:14 2013] [error] [client 64.34.163.23] client denied by server configuration: /var/www/butik 33 [Thu Jan 03 21:30:14 2013] [error] [client 64.34.163.23] client denied by server configuration: /var/www/zcart 34 [Thu Jan 03 21:30:14 2013] [error] [client 64.34.163.23] client denied by server configuration: /var/www/shop2 35 [Thu Jan 03 21:30:14 2013] [error] [client 64.34.163.23] client denied by server configuration: /var/www/catalog 36 [Thu Jan 03 21:30:15 2013] [error] [client 64.34.163.23] client denied by server configuration: /var/www/boutique 37 [Thu Jan 03 21:30:15 2013] [error] [client 64.34.163.23] client denied by server configuration: /var/www/store 38 [Fri Jan 04 01:39:34 2013] [error] [client 69.61.23.106] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:) 39 [Fri Jan 04 01:39:34 2013] [error] [client 69.61.23.106] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:) 40 [Fri Jan 04 02:05:48 2013] [error] [client 96.254.171.2] client denied by server configuration: /var/www/headers 43 [Sat Jan 05 02:15:25 2013] [error] [client 62.193.243.32] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:) 44 [Sat Jan 05 02:15:25 2013] [error] [client 62.193.243.32] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:) 45 [Sat Jan 05 05:06:04 2013] [error] [client 96.254.171.2] client denied by server configuration: /var/www/headers 47 [Sun Jan 06 02:32:21 2013] [error] [client 87.106.183.231] client denied by server configuration: /var/www/muieblackcat 48 [Sun Jan 06 02:32:22 2013] [error] [client 87.106.183.231] client denied by server configuration: /var/www/index.php 49 [Sun Jan 06 02:32:22 2013] [error] [client 87.106.183.231] client denied by server configuration: /var/www/admin 50 [Sun Jan 06 02:32:22 2013] [error] [client 87.106.183.231] client denied by server configuration: /var/www/admin 51 [Sun Jan 06 02:32:22 2013] [error] [client 87.106.183.231] client denied by server configuration: /var/www/admin 52 [Sun Jan 06 02:32:23 2013] [error] [client 87.106.183.231] client denied by server configuration: /var/www/db 53 [Sun Jan 06 02:32:23 2013] [error] [client 87.106.183.231] client denied by server configuration: /var/www/dbadmin 54 [Sun Jan 06 02:32:23 2013] [error] [client 87.106.183.231] client denied by server configuration: /var/www/myadmin 55 [Sun Jan 06 02:32:23 2013] [error] [client 87.106.183.231] client denied by server configuration: /var/www/mysql 56 [Sun Jan 06 02:32:24 2013] [error] [client 87.106.183.231] client denied by server configuration: /var/www/mysqladmin 57 [Sun Jan 06 02:32:24 2013] [error] [client 87.106.183.231] client denied by server configuration: /var/www/typo3 58 [Sun Jan 06 02:32:24 2013] [error] [client 87.106.183.231] client denied by server configuration: /var/www/phpadmin 59 [Sun Jan 06 02:32:24 2013] [error] [client 87.106.183.231] client denied by server configuration: /var/www/phpMyAdmin 60 [Sun Jan 06 02:32:25 2013] [error] [client 87.106.183.231] client denied by server configuration: /var/www/phpmyadmin 61 [Sun Jan 06 02:32:25 2013] [error] [client 87.106.183.231] client denied by server configuration: /var/www/phpmyadmin1 62 [Sun Jan 06 02:32:25 2013] [error] [client 87.106.183.231] client denied by server configuration: /var/www/phpmyadmin2 63 [Sun Jan 06 02:32:25 2013] [error] [client 87.106.183.231] client denied by server configuration: /var/www/pma