I use zip bombs to protect my server - HN

see also

• Ask HN: How to stop an AWS bot sending 2B requests/month?
  • gzip bomb is good if the bot happens to be vulnerable, but even just slowing down their connection rate is often sufficient - waiting just 10 seconds before responding with your 404 is going to consume ~7,000 ports on their box, which should be enough to crash most linux processes (nginx + mod-http-echo is a really easy way to set this up) - HN
• Faking a JPEG