From 2d00ef3caa8f0e9f27ac832e2121417d8fc907bc Mon Sep 17 00:00:00 2001 From: SubINaclS Date: Wed, 3 Jun 2026 22:12:32 +0000 Subject: [PATCH] Add techniques/nepenthes/howto_nepenthes_deployment.md --- .../nepenthes/howto_nepenthes_deployment.md | 132 ++++++++++++++++++ 1 file changed, 132 insertions(+) create mode 100644 techniques/nepenthes/howto_nepenthes_deployment.md diff --git a/techniques/nepenthes/howto_nepenthes_deployment.md b/techniques/nepenthes/howto_nepenthes_deployment.md new file mode 100644 index 0000000..2c65fc9 --- /dev/null +++ b/techniques/nepenthes/howto_nepenthes_deployment.md @@ -0,0 +1,132 @@ +# Nepenthes Tarpit Deployment Guide (Docker, nginx, Apache) + +The Church of Malware (CoM) does not condone the use or introduction of carnivorous plants onto any individual, human, or animal; however, AI is neither natural, a human, nor actual intelligence. This focused installation and configuration tutorial provides complete, production-ready steps for deploying Nepenthes as a tarpit behind `Disallow` rules. It covers Docker deployment and full integration with standard nginx and Apache, including conditional serving based on the aggressive-bot UA list. + +## 1. Docker Deployment (Recommended) + +```bash +# Run Nepenthes on an internal port +docker run -d \ + --name nepenthes \ + --restart unless-stopped \ + -p 127.0.0.1:8081:8080 \ + -v $(pwd)/robots.txt:/app/robots.txt:ro \ + zadzmo/nepenthes:latest +``` + +Verify it is running: +```bash +docker logs nepenthes +``` + +## 2. nginx Full Configuration (with Aggressive-Bot Map) + +```nginx +# /etc/nginx/snippets/aggressive-bots.conf (from known-aggressive-bot-user-agents.md) +map $http_user_agent $aggressive_bot { + default 0; + ~*GPTBot|ClaudeBot|Bytespider|Perplexity|headless|anthropic-ai|OAI-SearchBot 1; +} + +server { + listen 80; + server_name example.com; + root /var/www/html; + + access_log /var/log/nginx/ai_violators.log combined if=$aggressive_bot; + access_log /var/log/nginx/access.log combined; + + location / { + if ($aggressive_bot) { + # Optional: serve tarpit instead of normal content for violators + } + try_files $uri $uri/ =404; + } + + # Tarpit endpoint - only aggressive bots should reach here + location /tarpit/ { + internal; + proxy_pass http://127.0.0.1:8081; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + } +} +``` + +Enable and reload: +```bash +sudo nginx -t && sudo systemctl reload nginx +``` + +## 3. Apache Full Configuration (with SetEnvIf + Proxy) + +```apache +# /etc/apache2/sites-available/000-default.conf + + ServerName example.com + DocumentRoot /var/www/html + + SetEnvIf User-Agent "GPTBot|ClaudeBot|Bytespider|Perplexity|headless|anthropic-ai|OAI-SearchBot" aggressive_bot + CustomLog /var/log/apache2/ai_violators.log combined env=aggressive_bot + CustomLog /var/log/apache2/access.log combined + + + Options -Indexes + AllowOverride All + Require all granted + + + # Tarpit endpoint + ProxyPass /tarpit/ http://127.0.0.1:8081/ + ProxyPassReverse /tarpit/ http://127.0.0.1:8081/ + + + + Header set X-Tarpit "nepenthes" + + + +``` + +Enable modules and restart: +```bash +sudo a2enmod proxy proxy_http headers setenvif +sudo systemctl restart apache2 +``` + +## 4. robots.txt (Critical) + +```txt +User-agent: * +Disallow: /tarpit/ + +# Allow major engines +User-agent: Googlebot +Allow: / + +User-agent: Bingbot +Allow: / +``` + +## 5. Testing + +```bash +# Normal visitor +curl -I -A "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" https://example.com/tarpit/ + +# Aggressive bot (should receive tarpit garbage) +curl -I -A "GPTBot/1.0" https://example.com/tarpit/ +``` + +Check logs: +```bash +sudo tail -f /var/log/nginx/ai_violators.log +``` + +## 6. Maintenance + +- Monitor Nepenthes container logs for errors. +- Update the aggressive-bot map when new patterns are published in `known-aggressive-bot-user-agents.md`. +- Rotate `ai_violators.log` weekly. + +*Companion to `howto-anubis-deployment.md` and `howto-rate-limiting-fail2ban-deployment.md`.*