GoFuckYourself.com - Adult Webmaster Forum - View Single Post

Smut-Talk · 09-12-2017, 04:35 PM

Nice info for sure...

On the defensive of your site:

You can do a lot with htaccess.
FI: I use htaccess to stop hotlinking, put a redirect to a goatsie in it...

Barry, as promised on icq:

to "help" with scriptkiddies with scanning, i came across this:

!you can ZIP bomb a vuln scanner!

ZIP compression is really good with repetitive data so if you have a really huge text file which consists of repetitive data like all zeroes, it will compress it really good.
It can compress a 4.5 peta byte (4.500.000 giga bytes) file down to 42 kilo bytes.

When a browser/scanner extracts or decompresses the content it will most likely run out of disk space or RAM.

So firstly create a 10 giga byte GZIP file, or bigger, filled with zeroes.
And secondly a PHP script that will deliver it to a client.

Code:

<?php
$agent = filter_input(INPUT_SERVER, 'HTTP_USER_AGENT');

//check for nikto, sql map or "bad" subfolders which only exist on wordpress
if (strpos($agent, 'nikto') !== false || strpos($agent, 'sqlmap') !== false || startswith($url,'wp-') || startswith($url,'wordpress') || startswith($url,'wp/'))
{
      sendBomb();
      exit();
}

function sendBomb(){
        //prepare the client to recieve GZIP data. This will not be suspicious
        //since most web servers use GZIP by default
        header("Content-Encoding: gzip");
        header("Content-Length: ".filesize('10G.gzip'));
        //Turn off output buffering
        if (ob_get_level()) ob_end_clean();
        //send the gzipped file to the client
        readfile('10G.gzip');
}

function startsWith($a, $b) { 
    return strpos($a, $b) === 0;
}

source: https://blog.haschek.at/post/f2fda

09-12-2017, 04:35 PM
Smut-Talk I talk smut Industry Role: Join Date: Jul 2016 Location: Somewhere on the webz Posts: 176	Nice info for sure... On the defensive of your site: You can do a lot with htaccess. FI: I use htaccess to stop hotlinking, put a redirect to a goatsie in it... Barry, as promised on icq: to "help" with scriptkiddies with scanning, i came across this: !you can ZIP bomb a vuln scanner! ZIP compression is really good with repetitive data so if you have a really huge text file which consists of repetitive data like all zeroes, it will compress it really good. It can compress a 4.5 peta byte (4.500.000 giga bytes) file down to 42 kilo bytes. When a browser/scanner extracts or decompresses the content it will most likely run out of disk space or RAM. So firstly create a 10 giga byte GZIP file, or bigger, filled with zeroes. And secondly a PHP script that will deliver it to a client. Code: <?php $agent = filter_input(INPUT_SERVER, 'HTTP_USER_AGENT'); //check for nikto, sql map or "bad" subfolders which only exist on wordpress if (strpos($agent, 'nikto') !== false \|\| strpos($agent, 'sqlmap') !== false \|\| startswith($url,'wp-') \|\| startswith($url,'wordpress') \|\| startswith($url,'wp/')) { sendBomb(); exit(); } function sendBomb(){ //prepare the client to recieve GZIP data. This will not be suspicious //since most web servers use GZIP by default header("Content-Encoding: gzip"); header("Content-Length: ".filesize('10G.gzip')); //Turn off output buffering if (ob_get_level()) ob_end_clean(); //send the gzipped file to the client readfile('10G.gzip'); } function startsWith($a, $b) { return strpos($a, $b) === 0; } source: https://blog.haschek.at/post/f2fda __________________ This is my awesome signature! if you really have to, you can use: smuttalk-that apple thingy-websmut.com Don't forget to mention GFY in the subject!