SubINaclS/Lyre
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2d00ef3caa
Lyre/techniques/nepenthes/howto_nepenthes_deployment.md

3.5 KiB
Raw Blame History

Nepenthes Tarpit Deployment Guide (Docker, nginx, Apache)

The Church of Malware (CoM) does not condone the use or introduction of carnivorous plants onto any individual, human, or animal; however, AI is neither natural, a human, nor actual intelligence. This focused installation and configuration tutorial provides complete, production-ready steps for deploying Nepenthes as a tarpit behind Disallow rules. It covers Docker deployment and full integration with standard nginx and Apache, including conditional serving based on the aggressive-bot UA list.

1. Docker Deployment (Recommended)

# Run Nepenthes on an internal port
docker run -d \
  --name nepenthes \
  --restart unless-stopped \
  -p 127.0.0.1:8081:8080 \
  -v $(pwd)/robots.txt:/app/robots.txt:ro \
  zadzmo/nepenthes:latest

Verify it is running:

docker logs nepenthes

2. nginx Full Configuration (with Aggressive-Bot Map)

# /etc/nginx/snippets/aggressive-bots.conf (from known-aggressive-bot-user-agents.md)
map $http_user_agent $aggressive_bot {
    default 0;
    ~*GPTBot|ClaudeBot|Bytespider|Perplexity|headless|anthropic-ai|OAI-SearchBot 1;
}

server {
    listen 80;
    server_name example.com;
    root /var/www/html;

    access_log /var/log/nginx/ai_violators.log combined if=$aggressive_bot;
    access_log /var/log/nginx/access.log combined;

    location / {
        if ($aggressive_bot) {
            # Optional: serve tarpit instead of normal content for violators
        }
        try_files $uri $uri/ =404;
    }

    # Tarpit endpoint - only aggressive bots should reach here
    location /tarpit/ {
        internal;
        proxy_pass http://127.0.0.1:8081;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
    }
}

Enable and reload:

sudo nginx -t && sudo systemctl reload nginx

3. Apache Full Configuration (with SetEnvIf + Proxy)

# /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
    ServerName example.com
    DocumentRoot /var/www/html

    SetEnvIf User-Agent "GPTBot|ClaudeBot|Bytespider|Perplexity|headless|anthropic-ai|OAI-SearchBot" aggressive_bot
    CustomLog /var/log/apache2/ai_violators.log combined env=aggressive_bot
    CustomLog /var/log/apache2/access.log combined

    <Directory /var/www/html>
        Options -Indexes
        AllowOverride All
        Require all granted
    </Directory>

    # Tarpit endpoint
    ProxyPass /tarpit/ http://127.0.0.1:8081/
    ProxyPassReverse /tarpit/ http://127.0.0.1:8081/

    <Location /tarpit/>
        <If "%{ENV:aggressive_bot} == 1">
            Header set X-Tarpit "nepenthes"
        </If>
    </Location>
</VirtualHost>

Enable modules and restart:

sudo a2enmod proxy proxy_http headers setenvif
sudo systemctl restart apache2

4. robots.txt (Critical)

User-agent: *
Disallow: /tarpit/

# Allow major engines
User-agent: Googlebot
Allow: /

User-agent: Bingbot
Allow: /

5. Testing

# Normal visitor
curl -I -A "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" https://example.com/tarpit/

# Aggressive bot (should receive tarpit garbage)
curl -I -A "GPTBot/1.0" https://example.com/tarpit/

Check logs:

sudo tail -f /var/log/nginx/ai_violators.log

6. Maintenance

  • Monitor Nepenthes container logs for errors.
  • Update the aggressive-bot map when new patterns are published in known-aggressive-bot-user-agents.md.
  • Rotate ai_violators.log weekly.

Companion to howto-anubis-deployment.md and howto-rate-limiting-fail2ban-deployment.md.