I can only suggest one method of what I do, and it involves downloading and maintaining a browser capability file, making sure your PHP installation can update its .ini to use it, and some PHP programming.
First, get Gary Keith’s PHP browser capability file “php_browscap.ini” from http://browsers.garykeith.com/downloads.asp and put it somewhere accessible to your web app.
Second, modify your php.ini file’s “browscap” entry to use the file for its browscap.
Third, include a routine at the beginning of your pages that will incorporate PHP’s built-in get_browser function to fetch the browser info each time a new session is started. The array it returns has a key for “isbanned”, but you can filter on a number of different flags. If it’s a banned user agent, simply send the session to a low-bandwidth “sorry, you’re banninated” page.
Pros: Once you’ve downloaded the browscap file you can set additional banned flags for agents you don’t want visiting.
Cons: Ya need to keep the file updated as new browsers and revisions thereof are added.
After that, it’s down to banning by IP address, which is a whole 'nother can of worms.