I have Apache 2.2.14 (Win32) with PHP 5.2.9-2 Recently, I've been noticing a large amount of requests in my log files that look like this: 87.19.194.*NUMBER* - - [25/Mar/2010:16:15:54 -0400] "GET http://l02.member.ukl.yahoo.com/config/login?login=__*USERNAME*&passwd=*PASSWORD* HTTP/1.0" 404 627 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.5) Gecko/20091102 Firefox/3.5.5" with *NUMBER* being the rest of the IP address, and *USERNAME* and *PASSWORD* being what I'm guessing are stolen Yahoo usernames and passwords. All of the requests seem to originate from random IP addresses, and result in a 404 error. To avoid clogging up my logs and unnecessary CPU and bandwidth usage, I would like to block these requests. From doing research, I've come across two methods that I've tried that haven't worked. One of them is to put into the .htaccess file: "RewriteRule http://* gtfo.txt [R=301,L]" (with gtfo.txt being a very small text file) The other is to put the following lines into my httpd.conf file: <IfModule rewrite_module> RewriteEngine On RewriteRule http://* "gtfo.txt" [R] </IfModule> Neither of these seem to have any effect. The Yahoo requests still result in a 404 error, and when I manually try to "GET http://[anything]", I just get my index.html file, as if I had done "GET /" Any ideas?