Add techniques/nepenthes/howto_nepenthes_deployment.md

2026-06-03 22:12:32 +00:00 · 2026-06-03 22:12:32 +00:00 · 2d00ef3caa
commit 2d00ef3caa
parent e0f0719c88
1 changed files with 132 additions and 0 deletions
--- a/techniques/nepenthes/howto_nepenthes_deployment.md
+++ b/techniques/nepenthes/howto_nepenthes_deployment.md
@ -0,0 +1,132 @@
 # Nepenthes Tarpit Deployment Guide (Docker, nginx, Apache)
 The Church of Malware (CoM) does not condone the use or introduction of carnivorous plants onto any individual, human, or animal; however, AI is neither natural, a human, nor actual intelligence. This focused installation and configuration tutorial provides complete, production-ready steps for deploying Nepenthes as a tarpit behind `Disallow` rules. It covers Docker deployment and full integration with standard nginx and Apache, including conditional serving based on the aggressive-bot UA list.
 ## 1. Docker Deployment (Recommended)
 ```bash
 # Run Nepenthes on an internal port
 docker run -d \
  --name nepenthes \
  --restart unless-stopped \
  -p 127.0.0.1:8081:8080 \
  -v $(pwd)/robots.txt:/app/robots.txt:ro \
  zadzmo/nepenthes:latest
 ```
 Verify it is running:
 ```bash
 docker logs nepenthes
 ```
 ## 2. nginx Full Configuration (with Aggressive-Bot Map)
 ```nginx
 # /etc/nginx/snippets/aggressive-bots.conf (from known-aggressive-bot-user-agents.md)
 map $http_user_agent $aggressive_bot {
    default 0;
    ~*GPTBot|ClaudeBot|Bytespider|Perplexity|headless|anthropic-ai|OAI-SearchBot 1;
 }
 server {
    listen 80;
    server_name example.com;
    root /var/www/html;
    access_log /var/log/nginx/ai_violators.log combined if=$aggressive_bot;
    access_log /var/log/nginx/access.log combined;
    location / {
        if ($aggressive_bot) {
            # Optional: serve tarpit instead of normal content for violators
        }
        try_files $uri $uri/ =404;
    }
    # Tarpit endpoint - only aggressive bots should reach here
    location /tarpit/ {
        internal;
        proxy_pass http://127.0.0.1:8081;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
 }
 ```
 Enable and reload:
 ```bash
 sudo nginx -t && sudo systemctl reload nginx
 ```
 ## 3. Apache Full Configuration (with SetEnvIf + Proxy)
 ```apache
 # /etc/apache2/sites-available/000-default.conf
 <VirtualHost *:80>
    ServerName example.com
    DocumentRoot /var/www/html
    SetEnvIf User-Agent "GPTBot|ClaudeBot|Bytespider|Perplexity|headless|anthropic-ai|OAI-SearchBot" aggressive_bot
    CustomLog /var/log/apache2/ai_violators.log combined env=aggressive_bot
    CustomLog /var/log/apache2/access.log combined
    <Directory /var/www/html>
        Options -Indexes
        AllowOverride All
        Require all granted
    </Directory>
    # Tarpit endpoint
    ProxyPass /tarpit/ http://127.0.0.1:8081/
    ProxyPassReverse /tarpit/ http://127.0.0.1:8081/
    <Location /tarpit/>
        <If "%{ENV:aggressive_bot} == 1">
            Header set X-Tarpit "nepenthes"
        </If>
    </Location>
 </VirtualHost>
 ```
 Enable modules and restart:
 ```bash
 sudo a2enmod proxy proxy_http headers setenvif
 sudo systemctl restart apache2
 ```
 ## 4. robots.txt (Critical)
 ```txt
 User-agent: *
 Disallow: /tarpit/
 # Allow major engines
 User-agent: Googlebot
 Allow: /
 User-agent: Bingbot
 Allow: /
 ```
 ## 5. Testing
 ```bash
 # Normal visitor
 curl -I -A "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" https://example.com/tarpit/
 # Aggressive bot (should receive tarpit garbage)
 curl -I -A "GPTBot/1.0" https://example.com/tarpit/
 ```
 Check logs:
 ```bash
 sudo tail -f /var/log/nginx/ai_violators.log
 ```
 ## 6. Maintenance
 - Monitor Nepenthes container logs for errors.
 - Update the aggressive-bot map when new patterns are published in `known-aggressive-bot-user-agents.md`.
 - Rotate `ai_violators.log` weekly.
 *Companion to `howto-anubis-deployment.md` and `howto-rate-limiting-fail2ban-deployment.md`.*