Learn about Centmin Mod LEMP Stack today
Register Now

How to defend your website with ZIP bombs

Discussion in 'System Administration' started by mrkip, Feb 13, 2021.

Tags:
  1. mrkip

    mrkip Premium Member Premium Member

    13
    11
    3
    Jan 29, 2019
    Ratings:
    +12
    Local Time:
    9:05 AM
    Not sure if this is the right section. If it's not please can the mods move it to the correct section.

    Basically, a zip bomb can help protect will to protect your site from vulnerability scans. To summarise: you create a big zip file full of random and useless data. When anyone tries to scan your website they'll inadvertently download the big zip file and it crashes their browser.

    I had never heard about this method of protecting a website. It's an old method but very simple to implement. Here's the link:

    How to defend your website with ZIP bombs

    Would love the more knowledgeable members on here to give your thoughts on this method of protection.

     
  2. eva2000

    eva2000 Administrator Staff Member

    47,008
    10,653
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,533
    Local Time:
    6:05 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Not sure that would be worth it given that you're driving up your own bandwidth usage. If attackers are automating this scan, you could end up with 10000s of downloads of that large zip file = consuming all your bandwidth and slowing your web site's network pipe.
     
  3. mrkip

    mrkip Premium Member Premium Member

    13
    11
    3
    Jan 29, 2019
    Ratings:
    +12
    Local Time:
    9:05 AM
    Fair point. Thanks for the advice.
     
  4. BamaStangGuy

    BamaStangGuy Premium Member Premium Member

    657
    189
    43
    May 25, 2014
    Ratings:
    +265
    Local Time:
    3:05 AM
    Any scanner could easily skip any file with .zip in it.
     
  5. mrkip

    mrkip Premium Member Premium Member

    13
    11
    3
    Jan 29, 2019
    Ratings:
    +12
    Local Time:
    9:05 AM
    I agree, but the author states this isn't a sophisticated defence against advanced scans. It's more to stop script kiddies who don't know how to change the parameters in their scanning software.

    From the author's post:"This script obviously is not - as we say in Austria - the yellow of the egg, but it can defend from script kiddies I mentioned earlier who have no idea that all these tools have parameters to change the user agent."