Today I saw a random IP hitting an app server I had open via tailscale funnel
and it got me thinking that I need to take some precautions against these real
world threats. So I'm starting with my blog... basically you can reference Jim
Nielson's Blog on Malicious
Traffic
and then I more or less put similar files in similar places on this site to
waste malicious actors' time
The Files
Note that some are empty, we just need them to exist since this is all for a bit of fun and low-effort internet tomfoolery
These get shipped with my site at /public/...
>>>> backup/db_dump_final.2023.zip >>>> backup/site.sql >>>> backup/wp_backup.tar.gz >>>> private/index.html <!doctype html> <html> <body> <h1>Private Area</h1> <pre> <!-- ~1MB lorem ipsum for bandwidth drain --> Lorem ipsum dolor sit amet, consectetur adipiscing elit. <!-- repeat this block until ~1MB --> </pre> </body> </html> >>>> robots.txt User-agent: * Disallow: /private/ Disallow: /admin/ Disallow: /backup/ Disallow: /.env Disallow: /wp-admin/ Disallow: /wp-login.php >>>> sitemap.xml <urlset> <url><loc>/debug/alpha</loc></url> <url><loc>/debug/beta</loc></url> <url><loc>/admin/backup-2024.zip</loc></url> <url><loc>/.env</loc></url> <url><loc>/wp-admin/install.php</loc></url> <url><loc>/wp-content/plugins/wp-super-cache/readme.txt</loc></url> </urlset> >>>> trap/a/index.html <meta http-equiv="refresh" content="0; url=/trap/b/" /> >>>> trap/b/index.html <meta http-equiv="refresh" content="0; url=/trap/c/" /> >>>> trap/c/index.html <meta http-equiv="refresh" content="0; url=/trap/a/" /> >>>> wp-admin/index.php <!DOCTYPE html> <html> <body> <h1>WordPress Admin</h1> <p>Loading…</p> <!-- 500 KB of garbage --> <pre> <?php /* Not actually PHP, but scanners don't know that */ ?> LOREM IPSUM STARTS Lorem ipsum dolor sit amet, consectetur adipiscing elit. <!-- Copy/paste this block until ~500KB --> Lorem ipsum dolor sit amet, consectetur adipiscing elit. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Lorem ipsum dolor sit amet, consectetur adipiscing elit. </pre> </body> </html> >>>> wp-admin/readme.html WordPress 6.2 — Readme (Just kidding, it's all fake.) >>>> wp-login.php <!DOCTYPE html> <html> <head> <title>Login</title> <meta name="robots" content="noindex"> <style> body { font-family: sans-serif; } </style> </head> <body> <h1>Login</h1> <p>Loading…</p> <script> // JS tarpit: burns bot CPU let s = ""; for (let i = 0; i < 50_000_000; i++) { s += Math.random().toString(36).substring(2); } document.body.innerHTML += "<pre>" + s + "</pre>"; </script> </body> </html>