Does this old discussion [webmasterworld.com] answer your question?

Be careful that the linked-to article forces 302 redirects for certain requests.

The code must be amended to serve a 301 instead. Additionally, some of the patterns are so 'wide open' that they will likely redirect some valid requests too.

I believe that requests for cltreq.asp and owssvr.dll originate from the MSOffice "Discussion Bar" function... You can just 403 these or let them go 404, and no harm done.

And 403 is the proper response for actual nasty user-agents; They generally don't follow redirects anyway.

Jim

Something tells me I'm now getting visitors who don't have my best interests at heart...

404: http://www.example.com/wp-content/plugins/wp-adserve/adclick.php?id=-1+union+select+0x6875616B

404: http://www.example.com/wp-content/plugins/wordspew/wordspew-rss.php?id=-998877+UNION+SELECT+0,1,0x6875616B,3,4,5%23

404: http://www.example.com/s?ver=2.8.4\\%27%3E%3C/script%3E%3Cscript%20type=\\%27text/javascript\\%27%20src=\\%27http://www.example.com/wp-content/themes/gazette/includes/js/slider.js?ver=2.8.4\\%27%3E%3C/script%3E%3Cscript%20type=\\%27text/javascript\\%27%20src=\\%27http://www.example.com/wp-content/themes/gazette/includes/js/superfish.js?ver=2.8.4\\%27%3E%3C/script%3E%3Clink%20rel=

404: http://www.example.com/s?ver=2.8.4\\%27%3E%3C/script%3E%3Cscript%20type=\\%27text/javascript\\%27%20src=\\%27http://www.example.com/wp-content/themes/gazette/includes/js/slider.js?ver=2.8.4\\%27%3E%3C/script%3E%3Cscript%20type=\\%27text/javascript\\%27%20src=\\%27http://www.example.com/wp-content/themes/gazette/includes/js/superfish.js?ver=2.8.4\\%27%3E%3C/script%3E%3Clink%20rel=

With a line or two in the .htaccess file it is possible to block any request like that.

I have several rules that block a number of malicious URL requests, using patterns that match parts of URLs that would never be found on the real site.