(In urlHandler, fail() passes "tarpit.php" to succeed() which passes it to mimetype:sendpage, which makes it the reply.)

Webscum continuously probe all sites, sending requests for pages that are known entry points for exploitation. This summer the most popular have been /blog/, /wp/, /wordpress/, xmlrpc.php, and /wp-login.php. To these and simiilar requests urlHandler replies by sending page tarpit.php. Before responding, this page pauses for about ten seconds. This occupies a few resources on the villain's client. After the pause, tarpit.php sends a reply page with some boilerplate and a single link to click on. Naive web crawlers may follow this link, consuming even more of their resources.

Here is one instance of the tarpit response:

The link is live. Click it to experience the delay for yourself.