Originally Posted by rowan

I'm guessing the OP is referring to bots that constantly probe for vulnerabilities in commonly used scripts and plugins.

I run a custom written script, which like the htaccess examples above immediately blocks against known strings or URIs that should never appear on my site (eg /wp-login.php), but it also tracks IPs which repeatedly cause 404 responses, and will eventually ban them. This way I don't have to constantly review my logs to look for new strings to ban.