Zip Bombs

If, like me, you get a constant bombardment of drones probing your site for vulns, how can you fight back?

Check out David Fifield’s hot zip bomb: https://www.bamsoftware.com/hacks/zipbomb/

WARNING: do not unzip the fucking zip file pointed at below unless you’re in a VM. You can actually damage your filesystem beyond repair. I don’t wanna be responsible for that shit.

This is pretty hilarious if you can get some malware to find and scan your file, say, by adding a disallow in your robots.txt with something that looks too-good-to-be-true.

I’ll report back with how successful this actually is. There’s a neat article here: https://blog.haschek.at/2017/how-to-defend-your-website-with-zip-bombs.html that describes a gzip use case that would definitely be more effective, but ATM I have no time to implement it. I would love to though.