I recently wrote about how spam bots were using my site to send spam. To combat this I did a thorough security check of both my web forms and my customers. A little bit of sanitization/validation code and everything was locked down. The bad part was the spam bots still kept hitting the previously-vulnerable php script trying to exploit it. Obviously they failed, but there were tens of bots hitting the site.
The bots couldn’t achieve anything as all the scripts were now secure. They were still annoying however. They skew server stats and are a constant threat.
Thankfully the bots have stopped hitting the page. I was worried they might hit the page forever more which could have been a major bandwidth issue as I couldn’t simply block an IP - the attacks were coming from a zombie network - so different IPs each time. It seems that the scripts/programs powering the zombie networks are quite smart indeed. They kept hammering the site each day for around 7-10 days once the security hole was fixed before the old insecure script got wiped off the vulnerable list.
So the moral of the story? If you’ve just had a script exploited and you’ve fixed the security hole, be patient and the bots will go away.