Forum

"Remember that it's good practice to use the IP address of your server as the hostname of the default host and give it a blank page. With this, automated scan and hack scripts won't find your websites, because they search by IP address."

Instead of an empty page, isn't it safer to deny all access in the default host with the IP? The hack script will not see the site.

Denying acces means you give them a 403 error page. That is almost the same as an empty page: you don't show your website. It's the CGI scripts that can contain security bugs. A single static page (403 error page or an empty page) can't cause any problem.

I still think that an empty page is better, because a 403 Forbidden message could be seen as a challenge.