SubINaclS/Lyre
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add techniques/nepenthes/howto_nepenthes_deployment.md

Browse Source
This commit is contained in:
SINS 2026-06-03 22:12:32 +00:00
parent e0f0719c88
commit 2d00ef3caa
1 changed files with 132 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

132
techniques/nepenthes/howto_nepenthes_deployment.md Normal file
View File

@ -0,0 +1,132 @@
# Nepenthes Tarpit Deployment Guide (Docker, nginx, Apache)
The Church of Malware (CoM) does not condone the use or introduction of carnivorous plants onto any individual, human, or animal; however, AI is neither natural, a human, nor actual intelligence. This focused installation and configuration tutorial provides complete, production-ready steps for deploying Nepenthes as a tarpit behind `Disallow` rules. It covers Docker deployment and full integration with standard nginx and Apache, including conditional serving based on the aggressive-bot UA list.
## 1. Docker Deployment (Recommended)
```bash
# Run Nepenthes on an internal port
docker run -d \
--name nepenthes \
--restart unless-stopped \
-p 127.0.0.1:8081:8080 \
-v $(pwd)/robots.txt:/app/robots.txt:ro \
zadzmo/nepenthes:latest
```
Verify it is running:
```bash
docker logs nepenthes
```
## 2. nginx Full Configuration (with Aggressive-Bot Map)
```nginx
# /etc/nginx/snippets/aggressive-bots.conf (from known-aggressive-bot-user-agents.md)
map $http_user_agent $aggressive_bot {
default 0;
~*GPTBot|ClaudeBot|Bytespider|Perplexity|headless|anthropic-ai|OAI-SearchBot 1;
}
server {
listen 80;
server_name example.com;
root /var/www/html;
access_log /var/log/nginx/ai_violators.log combined if=$aggressive_bot;
access_log /var/log/nginx/access.log combined;
location / {
if ($aggressive_bot) {
# Optional: serve tarpit instead of normal content for violators
}
try_files $uri $uri/ =404;
}
# Tarpit endpoint - only aggressive bots should reach here
location /tarpit/ {
internal;
proxy_pass http://127.0.0.1:8081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
```
Enable and reload:
```bash
sudo nginx -t && sudo systemctl reload nginx
```
## 3. Apache Full Configuration (with SetEnvIf + Proxy)
```apache
# /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
ServerName example.com
DocumentRoot /var/www/html
SetEnvIf User-Agent "GPTBot|ClaudeBot|Bytespider|Perplexity|headless|anthropic-ai|OAI-SearchBot" aggressive_bot
CustomLog /var/log/apache2/ai_violators.log combined env=aggressive_bot
CustomLog /var/log/apache2/access.log combined
<Directory /var/www/html>
Options -Indexes
AllowOverride All
Require all granted
</Directory>
# Tarpit endpoint
ProxyPass /tarpit/ http://127.0.0.1:8081/
ProxyPassReverse /tarpit/ http://127.0.0.1:8081/
<Location /tarpit/>
<If "%{ENV:aggressive_bot} == 1">
Header set X-Tarpit "nepenthes"
</If>
</Location>
</VirtualHost>
```
Enable modules and restart:
```bash
sudo a2enmod proxy proxy_http headers setenvif
sudo systemctl restart apache2
```
## 4. robots.txt (Critical)
```txt
User-agent: *
Disallow: /tarpit/
# Allow major engines
User-agent: Googlebot
Allow: /
User-agent: Bingbot
Allow: /
```
## 5. Testing
```bash
# Normal visitor
curl -I -A "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" https://example.com/tarpit/
# Aggressive bot (should receive tarpit garbage)
curl -I -A "GPTBot/1.0" https://example.com/tarpit/
```
Check logs:
```bash
sudo tail -f /var/log/nginx/ai_violators.log
```
## 6. Maintenance
- Monitor Nepenthes container logs for errors.
- Update the aggressive-bot map when new patterns are published in `known-aggressive-bot-user-agents.md`.
- Rotate `ai_violators.log` weekly.
*Companion to `howto-anubis-deployment.md` and `howto-rate-limiting-fail2ban-deployment.md`.*