If, like me, you get a constant bombardment of drones probing your site for vulns, how can you fight back?
Check out David Fifield’s hot zip bomb: https://www.bamsoftware.com/hacks/zipbomb/
WARNING: do not unzip the fucking zip file pointed at below unless you’re in a VM. You can actually damage your filesystem beyond repair. I don’t wanna be responsible for that shit.
This is pretty hilarious if you can get some malware to find and scan your file, say, by adding a disallow in your robots.txt with something that looks too-good-to-be-true.
I’ll report back with how successful this actually is. There’s a neat article here: https://blog.haschek.at/2017/how-to-defend-your-website-with-zip-bombs.html that describes a gzip use case that would definitely be more effective, but ATM I have no time to implement it. I would love to though.