I run a BLog with static pages, i.e. without WordPress and without PHP served by Apache24 on FreeBSD 13. My logs are filled with tons of requests which obviously belong to web scans for finding flaws in WordPress and other CMS installations. I know, we cannot do much against this, other than either avoid these systems (my case) or keep’m updated in a timely manner.
Anyway, I experimented with a few measures (beside the default 404 one) and would like to ask for more ideas.
So, any more ideas to check for?
Anyway, I experimented with a few measures (beside the default 404 one) and would like to ask for more ideas.
- Redirecting (301) to a Zero-Bomb. Clients which are capable of compression receive a file of 1 MB pre-gzipped zeros, which would expand to 1 GB on the receivers side - factor 1000
- Redirecting (301) to a file with zero content
- Redirecting (301) to https://127.0.0.1/
So, any more ideas to check for?