Hi Paul,
I have those blocked, in addition to a bunch of others, too. I'm attaching a new .htaccess.txt file showing how I accomplished that. In looking through your logs and you come upon an IP or IPs you don't recognize or they have suspicious behavior to them, this is what I do.
Go to whois.com, and copy the IP into the search box up top next to the green search button. Every IP on the planet is listed here, who its owned by, etc.
As an example, I'll use the following IP: 134.249.65.218
This is from Ukraine, as you have already mentioned. Looking a the page for this IP you will see this:
inetnum: 134.249.64.0 - 134.249.127.255 This is the block of IP's assigned to this carrier.
If you look farther down the page, you will see the following:
route: 134.249.0.0/16 This represents the
CIDR (Classless Inter-Domain Routing) for this carrier. I put the link for Wikipedia for an explanation.
Note: Not all listings will have the "route:" on there, but most do. If it did not have the route listed, I would normally take the first 2 number sets (e.g. 134.249) and add the (e.g. .0.0/16) to them and add those to the deny from list.
To block the IP(s), please look at the bottom of the .htaccess.txt file and you will see I added the following line:
<Limit GET POST>
order deny,allow
deny from env=bad_bot
deny from 46.118.0.0/16 134.249.0.0/16allow from all
</Limit>
You can add as many different ones you desire as you run across them, but some words of caution. Make sure you leave a space between the addresses AND you don't have any extra spaces, periods, etc. in there, otherwise when you upload the new file and check your site(s), you will get a 500 server error. What I do is rename the current .htaccess to .htaccersscur so I don't overwrite the one that works and try the new one.
Another word of caution. If your .htaccess file gets very large, it will slow down the loading time of your site.
The additional addresses you see are the ones I see daily in my logs trying to get in. The ones beginning with 23.96., 50., 52., 54., belong to Amazon Web Services. The 23.20. belongs to Microsoft, interestingly enough. The 202.46. belongs to China, and so on.
Hope this helps and doesn't confuse instead,
John