Mike PA while back I caught #YandexBot trying to index my #OAuth token endpoint, and now #Bingbot is trying to sign up as a new user - by visiting a URL which is not only disabled, but also isn't linked to from anywhere on the web.
How did they find it, I wonder? Hmm.
I'm not spending significant bandwidth on search engine bots, but I'm tempted to block them anyway, just so that people have to be more creative with their forged User-Agent headers.