Using HTTP status codes to annoy attackers / scanners / spiders

also check http://blog.c22.cc

consider web application firewall configuration with this stuff.