Bear in mind a bad-bot may have a false user agent. The user agent string is set when the bot is either compiled or run, and can mimic the string of the bot from a major search engine. Most major search engines provide instructions on how to verify that a bot is legitimate (such as
these instructions from Google). However, this type of back-tracking could increase your network load.