I have been seeing a lot of hits on one of my sites to /?s= and /?p=741. It is a Wordpress site and /?p=741 is a valid URL to a post made back in 2010, while /?s= is just an "empty search" so Wordpress returns to the index page (also valid of course). The requests are coming from a number of hosting, colocation, and VPS providers around the world. The User-Agent strings used to vary significantly but in the last few days have settled on a mostly Macintosh/Firefox based string. I can't imagine that this is the work of a legitimate bot since it doesn't visit any other URLs and is hitting the /?s= URL from a dozen geographically diverse IP's within a matter of minutes sometimes.
The folks in the Wordpress.Org forums didn't seem to know what it is, and didn't really have any suggestions about what to do about it. I'm still bothered by it because this is taking up a significant portion of my logs, and of course using resources on my web server. To give an idea of scale, I have used environment variables to separate legitimate bots and "myself" from the access log... and the described traffic is now over 90% of my remaining log. It is a small site, so the traffic does not amount to hundreds of gigs, but the log entries are a pain.
I was thinking that if I move the "/?p=741" post to another number, I could redirect those two URLs to something non-existent such as http://localhost/
[localhost]. I am hoping that this would bounce them back at themselves as well as stop the log entries from being created. Unfortunately, my experience with mod_rewrite is almost nil and I have been unable to make it work. I do have mod_rewrite enabled (Apache 2.2) and am able to do basic redirection (such as the foo.html and bar.html example). One of the posts I found here gave me the impression that the ? causes the remainder of the URL to be interpreted as a "query string"... I started reading the respective mod_rewrite pages but was quickly overwhelmed.
Would a redirection actually get rid of the log entries and if so, could someone please give me a hand with creating it? I'm running Apache 2.2/Win x86 and have full access to httpd.conf but would use htaccess if it is more appropriate. Alternatively, if anyone has any idea what it is or of a better way to deal with it I am quite open to ideas or advice.
PS: If posting a sample of the log files would help I could do that (or post them to pastebin if that would be better).