Hacker News new | past | comments | ask | show | jobs | submit login

You could but it's extra work to build that into the application while you could use a generic off the shelf WAF / IDS type solution that just blocks them. Won't fully stop a targeted manual attack but it is enough to make bots move on to their next target. And it slows down any manual reconnaissance work.



Blocking someone is still more generic than returning a specific HTTP response code specifically designed to inform the other party of your suspicion.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: