can anyone tell me how to identify bad bots

If you just want to locate crawlers who fail to identify themselves or disobey robots.txt, a couple of honeypot links accompanied by standard web log reporting software is probably adequate.

a) on your home page, install a link that is not visible to humans (e.g., hotlink a space character, using no color or underline). Ask your web logging software to report on all fetches to that URL.

b) in your robots.txt, disallow access to /secretstuff (can exist or not, according to your needs, but make sure no human-clickable links to it exist). Ask your web logging software to report on all accesses thereto.

If your logging software is up to it, you can also then just pick out the IP addresses associated with rude crawlers, and ask for a display of everything else they did that day.

If you're the NSA, of course, then you might be dealing with more sophisticated attackers using distributed techniques. This eventually gets pretty hard to deal with, but one way to at least notice it's happening is to identify (create if necessary) some pages that are rarely, if ever, the initial landing page of a new visitor. Just have your web logging software report on anybody who landed on one of those pages as the initial GET of their session.