HTTP status code to return when attacked

Question

My question is not specific to ColdFusion, I know how to set HTTP status codes.

What I am wondering is if anyone knows of any best practices for what to do when a known attack comes into a site. I am speaking primarally of specifically formatted URLs of people scanning to find weaknesses in my sites.

I have collected a large number of URLs that we get scanned for regularly that are clear attempts to locate weaknesses.

Should I?

Send a 404 telling them the attacked page does not exists
Send a 503 making them think it errored
Send a 200 with a blank page making them think they go to a real page
Something else I havn't concidered

I am trying to avoid any sort of escalation on their part thinking they can hit my site harder, IE, if they get a 503, might they believe that my site could be weak and they step up the attack...

Any thoughts would be greatly apreciated.

Thanks

BKBK · Answer

Be proactive: go on the offensive. For example, the famous Mykonos web security software chooses to:

Warn the attacker

Block the user

Force a CAPTCHA

Slow the connection

Simulate a broken application

Force log-out

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded