this post was submitted on 29 Apr 2025
453 points (97.5% liked)

Technology

69491 readers
4090 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
453
I use Zip Bombs to Protect my Server (idiallo.com)
submitted 1 day ago by some_guy@lemmy.sdf.org to c/technology@lemmy.world
80 comments fedilink hide all child comments
 

The one-liner:

dd if=/dev/zero bs=1G count=10 | gzip -c > 10GB.gz

This is brilliant.

you are viewing a single comment's thread
view the rest of the comments
[–] deaddigger@lemm.ee 20 points 1 day ago (8 children)

At least in germany having one of these on your system is illegal

[–] dzso@lemmy.world 14 points 1 day ago (4 children)

Out of curiosity, what is illegal about it, exactly?

[–] deaddigger@lemm.ee 12 points 1 day ago* (last edited 1 day ago) (3 children)

I mean i am not a lawyer.

In germany we have § 303 b StGB. In short it says if you hinder someone elses dataprocessing through physical means or malicous data you can go to jail for up to 3 years . If it is a major process for someone you can get up to 5 and in major cases up to 10 years.

So if you have a zipbomb on your system and a crawler reads and unpacks it you did two crimes. 1. You hindered that crawlers dataprocessing 2. Some isp nodes look into it and can crash too. If the isp is pissed of enough you can go to jail for 5 years. This applies even if you didnt crash them die to them having protection agsinst it, because trying it is also against the law.

Having a zipbomb is part of a gray area. Because trying to disrupt dataprocessing is illegal, having a zipbomb can be considered trying, however i am not aware of any judgement in this regard

Edit: btw if you password protect your zipbomb, everything is fine

[–] raltoid@lemmy.world 2 points 13 hours ago* (last edited 13 hours ago)

TL;DR: It's illegal to have publically available or share.

Making it illegal to create one for research purposes on your own hardware is not illegal as far as I know. And if it is, I wouldn't mind seeing someone challenge that with the EU.

[–] barsoap@lemm.ee 22 points 1 day ago* (last edited 1 day ago)

Severely disrupting other people's data processing of significant import to them. By submitting malicious data requires intent to cause harm, physical destruction, deletion, etc, doesn't. This is about crashing people's payroll systems, ddosing, etc. Not burning some cpu cycles and having a crawler subprocess crash with OOM.

Why the hell would an ISP have a look at this. And even if, they're professional enough to detect zip bombs. Which btw is why this whole thing is pointless anyway: If you class requests as malicious, just don't serve them. If that's not enough it's much more sensible to go the anubis route and demand proof of work as that catches crawlers which come from a gazillion IPs with different user agents etc.

[–] MimicJar@lemmy.world 14 points 23 hours ago

I wonder if having a robots.txt file that said to ignore the file/path would help.

I'm assuming a bad bot would ignore the robots.txt file. So you could argue that you put up a clear sign and they chose to ignore it.

load more comments (3 replies)