I review my web server logs pretty regularly, and there’s a pattern of 404’s I’ve seen recently that I haven’t been blocking up until now: searching each directory for ‘contact.php’ or ‘setup.php’ — the latter often searching for every variety of phpMyAdmin. I don’t have PMA on my machine, but I’d sure make sure I read all the instructions and removed setup.php if I had! (And you should, too!) I found this link that adds a simple test and rules using Fail2Ban to temporarily banning sites that hit too many 404’s too fast. I’ll have to see if this bonks too many search engines.
http://www.barbarycodes.com/2010/10/06/automated-banning-of-script-kiddies-with-fail2ban/