Do you ever get random people trying to find vulnerabilities in your game?

I've been running a browser game for over a year and now I noticed that somebody is using a tool to look for exploits. I downloaded the tool myself and the tool says it's illegal to use it without asking for permission from the target first, but this person did not ask for permission and I don't know who it is. I doubt they are trying to help. While I could just block their IP address, that would only encourage them to use a proxy and besides, if there are exploits, I would rather find out about them and fix them. It's better being able to recognize from the IP address that it's the same person. In the past, there have been bots looking for WordPress vulnerabilities but since I don't use WordPress, none of the urls they access actually exist. But with today's script kiddie, they are targeting my register page, as well as the main player page. So far, it doesn't look like they have been able to access the ingame area because the player page displays different content if the user is not logged in. Yet they keep trying. I have no means to communicate with them. Is this common behavior?