By using several different .htaccess security rules/filters that look at the request or query string and if it matches the conditions in the security rules/filters then the bad action is Forbidden and a 403 redirect sends the spammer or hacker to the BPS 403.php logging template and logs the attack/scrape/sniff, etc.