@jarm Genius!
@jarm 그만한 가치가 있습니다.
@jarm Lulz...
@jarm Hahaha, well played :)
@aral @jarm
Good old zip bombing.
https://blog.haschek.at/post/f2fda/
@jarm what am I looking at? 🤔
@kranzkrone @jarm an nginx config which redirects the standard wordpress login to a 10 GB binary file.
Scriptkiddies often spam random Webservers and try to access the wordpress-login, regardless if the site uses wordpress or not.
@trimethylpentan @jarm ahhh, I understand. 😀
That's a nice Trick with the 10 GB binary File, should be standard. 😁
@jarm
wp-login.php content:
```php
<?php
//prepare the client to recieve GZIP data. This will not be suspicious
//since most web servers use GZIP by default
header("Content-Encoding: gzip");
header("Content-Length: ".filesize('10G.gzip'));
//Turn off output buffering
if (ob_get_level()) ob_end_clean();
//send the gzipped file to the client
readfile('10G.gzip');
?>
```
will overflow script kiddie tool's buffer, making it either crash or fail silently and continue as if still working
@jarm gzip file is just a 10mb file containing a full of zeroes 10 gb file
근데 생각해보니 이거 예전에 한국에서 비슷한 거 했다가 처벌받은 사람 있었음.
이게 왜 불법인가 싶지만 들어보면 또 말이 안 되는 건 아닌 그런 억울하면서도 난감한 경우