For a whille now, I have seen scans that contain the pattern “%%target%%” in the URL. For example, today this particular URL is popular:

    • drkt@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      3 months ago

      Every bit of information being sent to your web server can be spoofed. There is nothing you can do about this unless you’re willing to exclude an increasing percentage of real users.

      My webserver is constantly barraged by crawlers and bots because I have zero defenses. I’ve considered intercepting the obvious ones, like the ones targeting wordpress plugins. I don’t use wordpress. I could serve them a 200 instead of a 404 and hopefully waste a real humans time if they check the hits manually.