The lack of user agents was something I noticed long ago however my reverse proxy setup won’t allow .htaccess to deny the request if no user agent is specified due to my sites being in a DMZ with private IP addresses. 😐

I’m sure there is probably some way to configure my squid acls to do so which is something I must look into.

As it is between my squid filter acl and some .htaccess goodness means that from a high of several hundred per spam attempts per day – I am now down to less than half a dozen and they are trapped by Akismet 🙂