Recently I had an application on apache become the victim of bot spam. As a good measure and to be proactive, I set out to implement the same protection on a Windows Server running IIS 7.5. The web is something on the order of 60% bot traffic, many of