Yes. But since that file doesn't seem to exist on your server, be aware that the only advantage to doing so would be if your 403 error document is shorter than your 404 error document -- it would save a few bytes of wasted bandwidth in that case.

RewriteCond %{HTTP_USER_AGENT} ^Morfeus [NC]
RewriteRule ^ - [F]

would work.

Jim

Why would anyone be looking for /user/soapCaller.bs on my server in the first place? Is this an automated bot? Do they do this to all sites on the internet? Isn't that kind of a waste of time? The only way my brain can wrap around this is to see someone adding /user/soapCaller.bs to my URL then clicking ENTER, which would give them the 404 error page because that file does not exist on my server. But no sane person would sit around doing that, so it must be a bot doing it automatically. But even that is insane. What is the point? - Jeannie

The point is to find servers that can be hacked using flaws in soapCaller.bs or files that are always or likely present if soapCaller.bs is present.

The people who deploy these scans don't mind if they have to make several million requests to find a few vulnerable servers -- the bandwidth they're using is likely not their own, but rather "stolen" from the owners of malware-infested PCs that have been conscribed into a botnet that they own or rent (Yes, botnets can be rented, it's big money). The people who run these scans care about neither the botnetted computer owner's bandwidth or ours.

In the end, the purpose is to make a buck... doing exactly what, I have no idea. I block 'em or just ignore 'em, and go on with more important things. :)

Jim

75.125.198.zzz

Just as a point of interest and heads-up (if your not aware)?
This backbone is big server farm and many people have every IP their able to locate from the backbone denied.