We get fairly frequent server crashes in our WPMU 2.8.2 (upgraging to 2.8.3 tomorrow) installation. We've got this running on a Windows 2003 box with Apache 2.2. From the looks of the logs, we have a botnet coming from random IPs trying to repeatedly hit /main.php and /wp-signup.php, both of which are non-existent in our installation. We removed wp-signup because our clients use an LDAP plugin to login, as we only allow users on our domain to have accounts--and of course, this prevents splogs.
How can I minimize this? I know IP blocking is not a solution in this case ... What I'm trying to figure out is what Apache does when it encounters a request for a file that's not there, particularly when the end user is served up a valid 404 (in other words, why doesn't the request just STOP once the server returns a 404?).
Would a different HTTP header stop repeated requests for a file that's not there? Can we somehow write a script that will redirect all IPs that request these non-existent files back onto themselves? Or should we actually just create these pages and make them blank so Apache will stop looking for them every time we get a bogus request?