nh-mike

I had problems with DirectFB 1.7.7, so I decided to do something about it.

nh-mike

Implemented from the Hackaday Article, "[DROPPING ZIP BOMBS ON VULNERABILITY SCANNERS](https://hackaday.com/2017/07/08/dropping-zip-bombs-on-vulnerability-scanners/)", this is my implementation on my own Nginx web server.
Also, I have added 42.zip as some software automatically extracts zip files (which would be rather unwise for them).
For anybody who doesn't match the criteria or needing to be gzip bombed or 42.zipped, we close the connection without informing them.

As I use this nginx server as a reverse proxy, nothing is really happening in this config file other than raw nuking. All my own services have DNS records, however illegitimate traffic accesses by IP and is tested in this file.

I occasionally check my access logs for anything that looks like a crawler or hack tool scanner, and add it into the location blocks here.

nh-mike

<?php

/**
 * See the original GIST:
 * https://gist.github.com/nh-mike/7b156fd3159fa9446b5c2340acf38ff4
 */

set_error_handler('exceptions_error_handler');

function exceptions_error_handler($severity, $message, $filename, $lineno) {

nh-mike

<?php
    function flattenExceptionBacktrace(\Throwable $exception) {
        if ($exception instanceof \Exception) {
            $traceProperty = (new \ReflectionClass('Exception'))->getProperty('trace');
        } else {
            $traceProperty = (new \ReflectionClass('Error'))->getProperty('trace');
        }
        $traceProperty->setAccessible(true);

        $flatten = function(&$value, $key) {