Should I block requests for invalid URIs?

• January 5, 2015
• technology  
• hackers  
• wordpress  

A lot of my web server blacklist rules are due to requests for URIs (i.e., paths) which don’t exist on my web server. For example, /tmUnblock.cgi and therefore resulted in a HTTP 404 status. Almost always these represent attempts by malware to exploit known vulnerabilities. But once in a while I see a request for a URI that isn’t valid yet isn’t an obvious attempt to exploit my web server. The most recent is for “/notify-Flag1-User_Notified?aHR0cDovL3d3dy5za2VwdGljaXNtLnVzLw==”. A Google search shows that many other web sites are publishing attempts to access that invalid URI (ignoring the query string component).

I couldn’t find any explanation for why the URI “/notify-Flag1-User_Notified” might be considered legitimate. Given that the request came from an otherwise untrusted IP address (8.28.16.254) I’m going to blacklist the URI. But I’m curious if others think I’m being too strict. Should legitimate search bots be blacklisted just because they probed a URI that might not be valid on a specific web site?