Inspired by other 'tarpit' projects, this is an example on how to establish a HTTP tarpit (optionally with nginx). In contrast to existing projects, this variant does not require any programming language.
The basis of this approach is piping pv into nc (netcat), which allows a custom 'response speed' to a HTTP request.
see: serveDefaultHtmlViaNc.sh
However, wheras pv terminates at some point, netcat terminates only after closing a connection.
If a client connects to netcat after pv has terminated, the response will be sent without delay.
Therefore, a 'supervising' script restarts the main process after a defined duration.
see: loopTheScript_serveDefaultHtmlViaNc.sh
As practical application (nginx webserver), multiple processes are initialized and encapsuled by a systemd unit.
Here, nginx acts as a reverse proxy, that can differenciate between 'allowed' and 'illegal' requests.
see: exemplary_nginx-defaultsite, exemplary_httptarpit.service
The easiest way to use this PoC, is the following setup:
- Login to a (new) (Ubuntu) Linux Server
- Install nginx (netcat should be installed by default)
- Change
WorkingDirectoryvariable inexemplary_httptarpit.serviceto an absolute path of this directoryescapedPWD=$(echo "$PWD" | sed 's/\//\\\//g') sed -Ei "s/(WorkingDirectory\s*=\s*)[\w\/\.]+/\1$escapedPWD/" exemplary_httptarpit.service - Make .sh files executeable by user `` from
exemplary_httptarpit.servicechown www-data serveDefaultHtmlViaNc.sh loopTheScript_serveDefaultHtmlViaNc.sh chmood 744 serveDefaultHtmlViaNc.sh loopTheScript_serveDefaultHtmlViaNc.sh - Move / Sym-Link example files to current system (optionally backing up existing files)
mv /etc/nginx/sites-available/default /etc/nginx/sites-available/default.bak cp exemplary_nginx-defaultsite /etc/nginx/sites-available/default cp exemplary_httptarpit.service /etc/systemd/system/httptarpit.service - Reload the systemd daemon (to detect httptarpit.service)
systemctl daemon-reload - Restart both nginx and httptarpit
systemctl restart nginx systemctl restart httptarpit - Optional: Create DNS entry (and use it in nginx), implement HTTPS via
certbot, change whitelist/blacklist in nginx config file according to 'allowed' URLs