If you’ve ever looked at the server logs of a computer that lives full-time on the Internet, you know it’s a rough world out there. You’ll see hundreds of attempts per day to break in to your one random little box. Are you going to take that sitting down? Christian Haschek didn’t.
Instead of simply banning IPs or closing off services, [Christian] decided to hit ’em where it hurts: in the RAM. Now, whenever a bot hits his server looking for a poorly configured WordPress install, he serves them 10 GB of zeroes, compressed down into 10 MB by
dd if=/dev/zero bs=1M count=10240 | gzip > 10G.gzip
The classic trick uses
zip multiple times on itself, which lets you compress arbitrarily large files into just a few kB. [Christian] tried this with
gzip, and discovered that it didn’t automatically recurse, so he’s taking a small bandwidth hit for the team. If you know how to get more data packed smaller using
gzip, leave a note in the comments.
Nobody really knows if this works on the bad guys’ servers, but [Christian] said that they stopped hitting him after downloading a couple payloads. If you want to test out what it does to your system, click this link. If you don’t run a server, but phishing e-mails get you hot under the collar, check out [Robbie Gallagher]’s talk on phishing the phishers from last year’s Schmoocon for cathartic tales of revenge.