We’d have to see if DreamHost can block them, I think. The problem is pretty much like an unwanted phone call. You have the ability to choose not to answer a phone call, but you need the help of your telephone company to keep the calls from actually ringing through to your phone in the first place.
As for placing empty default.ida files, naturally that would help keep your outgoing bandwidth down especially if your customized HTML is larger in file size than the default “Not found” message.
However if you like to scrutinize your web server logs, you might not want such hits to be logged as “200 OK” (empty default.ida) or “404 Not found” (no default.ida) because of their malicious nature. I usually trap unwanted requests using the 202 status code, “Accepted but not able to process”. I’ve never seen this code used before so it makes it easy to filter it out when reviewing web logs. If you wanted to do that yourself, in .htaccess you would do:
RedirectMatch 202 default.ida An empty default.ida file would be optional but might want to keep it in case the .htaccess file fails.
Perl / MySQL / HTML+CSS