Question for tech server peers who are reading: Any thoughts on active defense? I know that it's likely a zero-sum game, but I do tire of the constant barrage of poking for .SQL, .git, .vscode, .zip etc. files on my servers. Should I just continue to block and ignore? Or should I reward them with some sort of infinite-size quine ZIP file when it's an obviously malicious request? My guess is that most of these people are not very sophisticated, so messing up their day might help make mine.
@sjjh I was talking about sending them something like this (link). For example, the droste.zip file (which I might rename to something like (SQLDBBackup-20230328.zip) is only 28 K in size, so would be very minimal to transfer, yet when the user attempts to expand (or when their automatic virus scanner checks it out) it never stops expanding and takes up their entire drive (or CPU, if scanning it).
https://www.bamsoftware.com/hacks/zipbomb/