this post was submitted on 29 Apr 2025
442 points (97.4% liked)

Technology

69491 readers
4088 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
442
I use Zip Bombs to Protect my Server (idiallo.com)
submitted 1 day ago by some_guy@lemmy.sdf.org to c/technology@lemmy.world
77 comments fedilink hide all child comments
 

The one-liner:

dd if=/dev/zero bs=1G count=10 | gzip -c > 10GB.gz

This is brilliant.

you are viewing a single comment's thread
view the rest of the comments
[–] sugar_in_your_tea@sh.itjust.works 6 points 20 hours ago (3 children)

That sounds like a lot of effort. Are there any tools that get like 80% of the way there? Like something I could plug into Caddy, nginx, or haproxy?

[–] Bishma@discuss.tchncs.de 16 points 19 hours ago (2 children)

My experience is with systems that handle nearly 1000 pageviews per second. We did use a spread of haproxy servers to handle routing and SNI, but they were being fed offender lists by external analysis tools (built in-house).

[–] sugar_in_your_tea@sh.itjust.works 4 points 19 hours ago (1 children)

Dang, I was hoping for a FOSS project that would do most of the heavy lifting for me. Maybe such a thing exists, idk, but it would be pretty cool to have a pluggable system that analyzes activity and tags connections w/ some kind of identifier so I could configure a web server to either send it nonsense (i.e. poison AI scrapers), zip bombs (i.e. bots that aren't respectful of resources), or redirect to a honey pot (i.e. malicious actors).

A quick search didn't yield anything immediately, but I wasn't that thorough. I'd be interested if anyone knows of such a project that's pretty easy to play with.

[–] ABasilPlant@lemmy.world 6 points 18 hours ago* (last edited 18 hours ago)

Not exactly what you asked, but do you know about ufw-blocklist?

I've been using this on my multiple VPSes for some time now and the number of fail2ban failed/banned has gone down like crazy. Previously, I had 20k failed attempts after a few months and 30-50 currently-banned IPs at all times; now it's less than 1k failed after a year and maybe 3-ish banned at any time.

There was also that paid service where users share their spammy IP address attempts with a centralized network, which does some dynamic intelligence monitoring. I forgot the name and search these days isn't great. Something to do with "Sense"? It was paid, but well recommended as far as I remember.

Edit: seems like the keyword is " threat intelligence platform"