DeeCee - 5:14 am on Feb 27, 2012 (gmt 0)
Yeah.. That would be better. :)
I only track httpd.conf or .htaccess patterns on specific Bad Crawler patterns.
In IP specific stuff, I instead run a command to tag new bad-guys or IP range policies onto on of my my DNSBL lists. Then they can bang away at their hearts content. Plus, if they "touch" anything they should not be messing with, such as trying too hack Wordpress or pushing on the Joomla Admin doors, my honeypots eventually catch them and do the tagging automagically.
General httpd access and incoming email paths are "hidden" behind DNSBL blocking, and Wordpress blogs run CrudArrest to block spam and security issues.