You can block IPs with a script and a database. Just keep track of the IPs that hit the 404 page along with an incrementing count. Once they reach a certain count--perhaps 10--their access to any page should be blocked. You will probably see some overhead because you will have to check the user's IP every time they request a page in order to block them. For the hackers, just generate a status code 403 or redirect them back to their own IP.
"Democracy is two wolves and a lamb voting on what to have for lunch. Liberty is a well-armed lamb contesting the vote." -- Benjamin Franklin