Pulse of Truth

673 readers

63 users here now

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

founded 1 year ago

MODERATORS

[email protected]

130

AI haters build tarpits to trap and trick AI scrapers that ignore robots.txt (arstechnica.com)

submitted 1 week ago by [email protected] to c/[email protected]

15 comments fedilink hide all child comments

Attackers explain how an anti-spam defense became an AI weapon.

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 6 points 1 week ago (8 children)

Just make a custom 404 page that returns 13 MBs of junk along with status code 200

How would you go about doing this part? Asking for a friend who’s an idiot, totally not for me.

[–] [email protected] 7 points 1 week ago* (last edited 1 week ago) (7 children)

I use Apache2 and PHP, here's what I did:

in .htaccess you can set ErrorDocument 404 /error-hole.php https://httpd.apache.org/docs/2.4/custom-error.html

in error-hole.php,

<?php
http_response_code(200);
?>
<p>*paste a string that is 13 megabytes long*</p>

For the string, I used dd to generate 13 MBs of noise from /dev/urandom and then I converted that to base64 so it would paste into error-hole.php

You should probably hide some invisible dead links around your website as honeypots for the bots that normal users can't see.

[–] [email protected] 2 points 1 week ago (4 children)

How does this affect a genuine user who experiences a 404 on your site?

[–] [email protected] 1 points 1 week ago

They will see a long string of base64 that takes a quarter of a second longer to load then a regular page. If it's important to you, you can make the base64 string invisible and add some HTML to make it appear as a normal 404 page.

load more comments (3 replies)

load more comments (5 replies)