I’d like to learn more about this if anybody has some input about the how’s and why’s moreso than the method to forever make the problem go away.
It has been noticed that if I release the restraints on the incessant hits by allowing the visitor access to the site, that whoever it is, is apparently trying to access var/www/html folder.
The way I’ve been dealing with this multi-year annoyance, is to simply block the visitor using iptables by keyword, “bible”.
I’ve also chosen to experiment using the same method in Cloudflare’s firewall block.
As to frequency, it is usually well-in-excess of a hundred hits, referring to cloudflare’s account, in less than 8 hours there are already almost 30 hits from the entity using the bible-attack-approach. LOL
So as each random page of at least two bibles are searched for, a bible that has been removed from the server about 2 or 3 years ago, came a revelation that the would-be google hack is also utilizing a similar approach but instead of using the bible, the method is to search for a long-since removed couple of folders on my website.
When I traceroute the ip address (which always starts out as 66.249.66.xx) it comes back to my AT&T internet provider’s 12.xxx.xx.xxx (in a surprisingly very few hops).
Since I’m relatively certain that nobody would want to bother to go through so much effort just to correct my sentence-structure, any input is much appreciated even if it’s nothing to be concerned about.
Although the traceroute always comes back to resolve ultimately to at&t, the attacker used to use other avenues in addition to google (such as semrush and 3 or 4 others). After writing to semrush and the other agents requesting a remedy, at least one of the companies blacklisted me (which is fine I think, it stopped the bible attacks from those entities anyway). Only google’s 66.249.66.xx seems to persist despite the numerous email requests throughout the years.
Any info is much appreciated.