Hi,
Not sure if this is already part of csf .. logwatch is sending me daily reports about possible intruders trying to access popular scripts like phpmyadmin (/PHPMYADMIN/config/config.inc.php?p=phpinfo();, /dbadmin/config/config.inc.php?p=phpinfo();) from 193.170.124.252 or /admin/phpmyadmin/main.php, /phpMyAdmin-2.5.6/main.php etc... from 173.203.72.5. and /w00tw00t.at.ISC.SANS.DFind from various IP addresses.
Is there a way that I can automatically block these type of attempts. Like a keyword (file/directory) in the URL triggers the IP block. I know for sure which are my URLs. If somebody else is trying to access non existing URLs, it must be a hack attempt.
Block script hack attempts
You should really look into using ModSecurity to trap web server related issues. The http://gotroot.com rules are an excellent starting point.