@stefano It was hilarious when a third party tried to audit the website my company made: Using Classic ASP on IIS, but we had a custom handler for 404 errors that would take the URL terms and do a search for them.

Their automated scan tools lit every single test (Apache, PHP, you name it) because it would access a test URL and get a valid (search) page.

Our dept. wasn't informed that the scan would happen, reported their scripted scan to their ISP, and got their connection shut down for a day.