News Software dev fortifies his blog with 'zip bombs' — attacking bots meet their end with explosive data package

[Admin]

This developer sends zip bombs to pesky web crawlers that attempt to compromise his website.

Software dev fortifies his blog with 'zip bombs' — attacking bots meet their end with explosive data package : Read more

 

[King_V]

Did anyone else giggle with near maniacal glee upon reading this? It can't just be me, can it?

The very concept is just delightful to me.

 

[Mindstab Thrull]

Did anyone else giggle with near maniacal glee upon reading this? It can't just be me, can it?

The very concept is just delightful to me.

Oh, you want to take something of mine without asking first? CHEW ON THIS! <\worms_armageddon>

 

[Grobe]

This is like trolling scammers - not only does it gives much fun, but also protects other by nerfing the offender.

 

[woiqwiecrwnsweyvja]

1. Header pre-scan (compression-ratio + file-count + uncompressed-size)
2. Byte-cap during extract
3. Process + timeout or resource limits

It's like both the author and the article writer have never actually solved a problem before.

Even the most basic timeout would stop something like this.

from multiprocessing import Process
import zipfile, shutil

def do_extract(src, dest):
    with zipfile.ZipFile(src) as zf:
        zf.extractall(dest)

def extract_with_timeout(src, dest, timeout=10):
    p = Process(target=do_extract, args=(src, dest))
    p.start()
    p.join(timeout)
    if p.is_alive():
        p.terminate()
        p.join()
        raise RuntimeError("Extraction timed out")

 

[dalek1234]

I remember doing that to myself at work back in the day by accident. I was testing what happens when you try to load something large into memory, so I created a three-dimensional array, 1000x1000x1000 bytes in size, not realizing that the array was bigger than the amount of RAM I had. My computer froze while instantiating the array. So yeah, I bombed myself.