근데 생각해보니 이거 예전에 한국에서 비슷한 거 했다가 처벌받은 사람 있었음.
이게 왜 불법인가 싶지만 들어보면 또 말이 안 되는 건 아닌 그런 억울하면서도 난감한 경우

@kranzkrone @jarm an nginx config which redirects the standard wordpress login to a 10 GB binary file.

Scriptkiddies often spam random Webservers and try to access the wordpress-login, regardless if the site uses wordpress or not.

@trimethylpentan @jarm ahhh, I understand. 😀

That's a nice Trick with the 10 GB binary File, should be standard. 😁

@jarm
wp-login.php content:
```php
<?php
//prepare the client to recieve GZIP data. This will not be suspicious
//since most web servers use GZIP by default
header("Content-Encoding: gzip");
header("Content-Length: ".filesize('10G.gzip'));
//Turn off output buffering
if (ob_get_level()) ob_end_clean();
//send the gzipped file to the client
readfile('10G.gzip');
?>
```
will overflow script kiddie tool's buffer, making it either crash or fail silently and continue as if still working

@jarm gzip file is just a 10mb file containing a full of zeroes 10 gb file

Sign in to participate in the conversation
Qdon

퀴어 친화적인 마스토돈 인스턴스입니다. 퀴어들이 마음 놓고 이용할 수 있는 안전한 공간을 목적으로 개설되었습니다.