I don't think the problem (yet) is that you have a configuration problem permitting the spammer/bot to bypass your .htaccess file. Generally speaking, if your htaccess file is working properly most of the time it should be working properly all the time.

The data you posted is a tad incomplete. If you have a couple of complete lines from your error logs and access logs then either post them here or send them to me in a private message. I'll look at them and have a better idea how to resolve the problem.

Incidentally, if you are not using your cgi-bin you can just as easily block all access to it.

Without knowing anything about your site and without seeing your server logs I'll just remind you that various hackers, spammers & script kiddies will run scripts searching for specific exploitable directories, files, filetypes, daemons and prepackaged programs running on your server. When they find what they are looking for they will often begin various assaults using proxy servers and/or other IP addresses to mask their identity.

The best prevention is to make your scripts as bullet proof as possible, limit traffic origins to locations acceptable to you (when possible and practical create rulesets to allow or deny access from certain IP ranges. You can use resources such as Country IP BLocks to create .htaccess files and other access/deny files by country), become as familiar as possible with available logs (on Linux, for example, watch things like your secure, message, access_log & error_log logs on each website you manage and at server level if you are running a dedicated server).

I'd be more than happy to offer some free assistance or advice.

Best regards,

Tech Manager

__________________
I use Country IP Blocks as added security for my networks and servers.