Attackers explain how an anti-spam defense became an AI weapon.
Just make a custom 404 page that returns 13 MBs of junk along with status code 200
How would you go about doing this part? Asking for a friend who’s an idiot, totally not for me.
I use Apache2 and PHP, here’s what I did:
in .htaccess you can set ErrorDocument 404 /error-hole.php https://httpd.apache.org/docs/2.4/custom-error.html
in error-hole.php,
<?php
http_response_code(200);
?>
<p>*paste a string that is 13 megabytes long*</p>
For the string, I used dd to generate 13 MBs of noise from /dev/urandom and then I converted that to base64 so it would paste into error-hole.php
You should probably hide some invisible dead links around your website as honeypots for the bots that normal users can’t see.
I don’t know a lot about this, but I would guess a normal user would like a message, that says something along the lines of “404, couldn’t find what you were looking for.” The status code and the links back to itself as well as the 13 MBs of noise should probably not irritate them. Hidden links should also not irritate normal users.
For the string, I used
ddto generate 13 MBs of noise from/dev/urandomand then I converted that to base64 so it would paste into error-hole.php
That string is going to end up being 17MB assuming it’s a utf8 encoded .php file