I look at my log and sometimes I see many 404 attempts from hackers (bots) trying to find weak spots in my IIS hosted sites...

What is the best way to handle this? Is there some sort of way I can code this so after X amount of 404 request with Y minutes that IP is banned for Z days?