I’ve often thought about writing a script to use those bot attacks as a bit of a honey pot. The idea would be if someone is viewing a site with a brand new SSL certificate, that it can’t be legitimate traffic, so just block that ip/subnet outright at the firewall. Especially if they are looking for specific URLs like Wordpress installations. There are a few good actors that also hit sites quickly (ex: I’ve seen Bing indexing in that first wave of hits), but those are the exception.
Sadly, like many people, I just deal with the traffic as opposed to getting around to actually writing a tool to block it.
You'd end up blocking a bunch of cloud provider IP ranges and one day in the near future, there's a good chance some SaaS or provider service doesn't work.
Sadly, like many people, I just deal with the traffic as opposed to getting around to actually writing a tool to block it.