Hi i have been being hit pretty bad for over a month now, every day someone tries to hack my stuff using special url searches to try to inject or run an install someplace.  They have yet to get in but still i want to try something.

It is such a pain every day to add the deny ip to the list. So what i am wondering is there a way to automatically deny any ip that does a search url that containts a "+" or the word "script" on the server side.

could a php script do this and update the htaccess every day?   But im thinking thats pretty dangerious.

When someone does these searchs i would rather see the message "denied by configuration" then i would "file does not exist in my error log" so atleast i feel better. at least if i see denied by configuration i know i stopped them for sure.