Add techniques/nepenthes/howto_nepenthes_deployment.md

techniques/nepenthes/howto_nepenthes_deployment.md

@@ -0,0 +1,132 @@
+# Nepenthes Tarpit Deployment Guide (Docker, nginx, Apache)
+
+The Church of Malware (CoM) does not condone the use or introduction of carnivorous plants onto any individual, human, or animal; however, AI is neither natural, a human, nor actual intelligence. This focused installation and configuration tutorial provides complete, production-ready steps for deploying Nepenthes as a tarpit behind `Disallow` rules. It covers Docker deployment and full integration with standard nginx and Apache, including conditional serving based on the aggressive-bot UA list.
+
+## 1. Docker Deployment (Recommended)
+
+```bash
+# Run Nepenthes on an internal port
+docker run -d \
+  --name nepenthes \
+  --restart unless-stopped \
+  -p 127.0.0.1:8081:8080 \
+  -v $(pwd)/robots.txt:/app/robots.txt:ro \
+  zadzmo/nepenthes:latest
+```
+
+Verify it is running:
+```bash
+docker logs nepenthes
+```
+
+## 2. nginx Full Configuration (with Aggressive-Bot Map)
+
+```nginx
+# /etc/nginx/snippets/aggressive-bots.conf (from known-aggressive-bot-user-agents.md)
+map $http_user_agent $aggressive_bot {
+    default 0;
+    ~*GPTBot|ClaudeBot|Bytespider|Perplexity|headless|anthropic-ai|OAI-SearchBot 1;
+}
+
+server {
+    listen 80;
+    server_name example.com;
+    root /var/www/html;
+
+    access_log /var/log/nginx/ai_violators.log combined if=$aggressive_bot;
+    access_log /var/log/nginx/access.log combined;
+
+    location / {
+        if ($aggressive_bot) {
+            # Optional: serve tarpit instead of normal content for violators
+        }
+        try_files $uri $uri/ =404;
+    }
+
+    # Tarpit endpoint - only aggressive bots should reach here
+    location /tarpit/ {
+        internal;
+        proxy_pass http://127.0.0.1:8081;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+    }
+}
+```
+
+Enable and reload:
+```bash
+sudo nginx -t && sudo systemctl reload nginx
+```
+
+## 3. Apache Full Configuration (with SetEnvIf + Proxy)
+
+```apache
+# /etc/apache2/sites-available/000-default.conf
+<VirtualHost *:80>
+    ServerName example.com
+    DocumentRoot /var/www/html
+
+    SetEnvIf User-Agent "GPTBot|ClaudeBot|Bytespider|Perplexity|headless|anthropic-ai|OAI-SearchBot" aggressive_bot
+    CustomLog /var/log/apache2/ai_violators.log combined env=aggressive_bot
+    CustomLog /var/log/apache2/access.log combined
+
+    <Directory /var/www/html>
+        Options -Indexes
+        AllowOverride All
+        Require all granted
+    </Directory>
+
+    # Tarpit endpoint
+    ProxyPass /tarpit/ http://127.0.0.1:8081/
+    ProxyPassReverse /tarpit/ http://127.0.0.1:8081/
+
+    <Location /tarpit/>
+        <If "%{ENV:aggressive_bot} == 1">
+            Header set X-Tarpit "nepenthes"
+        </If>
+    </Location>
+</VirtualHost>
+```
+
+Enable modules and restart:
+```bash
+sudo a2enmod proxy proxy_http headers setenvif
+sudo systemctl restart apache2
+```
+
+## 4. robots.txt (Critical)
+
+```txt
+User-agent: *
+Disallow: /tarpit/
+
+# Allow major engines
+User-agent: Googlebot
+Allow: /
+
+User-agent: Bingbot
+Allow: /
+```
+
+## 5. Testing
+
+```bash
+# Normal visitor
+curl -I -A "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" https://example.com/tarpit/
+
+# Aggressive bot (should receive tarpit garbage)
+curl -I -A "GPTBot/1.0" https://example.com/tarpit/
+```
+
+Check logs:
+```bash
+sudo tail -f /var/log/nginx/ai_violators.log
+```
+
+## 6. Maintenance
+
+- Monitor Nepenthes container logs for errors.
+- Update the aggressive-bot map when new patterns are published in `known-aggressive-bot-user-agents.md`.
+- Rotate `ai_violators.log` weekly.
+
+*Companion to `howto-anubis-deployment.md` and `howto-rate-limiting-fail2ban-deployment.md`.*