Do you know what the attempted action is?

Aside from that, if it's a broken UA I'd block it, especially if it comes from several IP ranges (suggestion of botnet there).

Also check for unusual other headers - I won't describe them for obvious reasons. :)

Do you know what the attempted action is?

In the initial visit, there were three log entries (I denied the broken UA after that visit)

1) Root SMF forum
2) index.php?action=register
3) and attempted verification of registration.

All the subsequent visits have been to
1) Root SMF forum ONLY

and have been denied.

The IP's are quite diverse.
1st was from China and 2nd was from Korea.

I've only a couple provided implementations of headers checks and suppose I should explore that and other options more extensively, however I'm already more involved with htaccess and limited Apache, much more than I'd ever desired.

China and Korea are generally bad sources but I suppose it depends on your market. :(

Looks as if you may have stopped a form spammer. I used to get a lot of those but since blocking some bad neighbourhoods the incidence has dropped off.

I rely heavily on bad headers detection as well as bad UAs (and server farm IP ranges, of course). It saves me a lot of exploit and scrape attempts. Sadly, I have to rely on home-grown IIS/ASP trapping - no htaccess - so it means a fair bit of extra processor time. :(

FWIW!

Twenty-two IP ranges over thirteen different providers (in four days), all APNIC based.
All with the same malformed UA.

All go directly to the SMF forum and NONE have visited other portions of the website.

Sounds like a simple probe (check/fail/go-away), then. Probably botnet based if it came from several countries.