Thanks, that's helpful.
Some people have ethical problems with some of my tactics, especially the web-based traps. They consider them deceptive.
For example, one of the things I do is install scripts to trap people and bots who try to access protected CMS login pages or exploit recently-identified vulnerabilities on both real sites and dedicated honeypot sites where those pages and vulnerabilities don't exist. The "visitor" is sent to a 404 page (which I think is perfectly fine since the page actually does not exist); but their IP is harvested and reported, along with the protected resource they tried to access.
I've considered the ethics and have decided that humans with good intentions don't attempt to access protected resources on random sites that they don't own. Those who do almost certainly are bots or miscreants looking for vulnerabilities so they can compromise a server. I have no ethical problem being deceptive in order to trap them.
Some people, however, find that unacceptable.
Thanks again,
Richard