Anti AI zip bomb with Caddy

Jorge Sanz | 2025-08-22 | 222 words | meta

Found this nice post[1] on how to publish a zip bomb[2] on my website as a honeypot for AI crawlers that don't respect the `robots.txt` directive. The idea is that I have a hidden link on all pages of my website that points to a URL that returns the bomb. You don't see it. Legit crawlers won't follow it. AI crawlers will do, and I hope they spend some CPU cycles trying to download it.

1: https://www.dustri.org/b/serving-a-gzip-bomb-with-caddy.html

2: https://en.wikipedia.org/wiki/Zip_bomb

I have no idea how fast AI crawlers detect and avoid these traps, but I change the name of the trap on every deployment to mess with them a bit more than the OP. I'm not following closely the logs of my web, and there's not much here published anyway, but any small effort seems worthwhile these days of so much AI annoyance.

What do you think?

Small update with details

I changed the bomb definition to this command that generates a very (very) long list of `<div>` elements

yes "<div>"|dd bs=1M count=10240 iflag=fullblock|gzip | pv > bomb.zip

On my website you can find a hidden link like this in a `footer` section of every page:

<span>
<a href="https://jorgesanz.net//index.xml">RSS</a>
<a hidden="" href="https://jorgesanz.net//trap-651897570.html">anti-ai trap</a>
</span>

And then on my Caddy configuration a block like this:

    handle /trap-* {
    	file_server
    	try_files bomb.zip
    	header Content-Encoding gzip
    	header Content-Type text/html
    }

--=--=--

🗣 Reactions

Want to comment anything? Continue the discussion here[3] or contact me![4]

3: https://mapstodon.space/@jorgesanz/115071129646304423

4: /contact

Likes (7)

choan

Espacio de cordura

Karramarro

John-Mark Gurney

The Ghost of Toots Passed

Ian Turton

northcape

Reposts (3)

Abel V.M.

PerroVerd

Antonio

⭐ Random favorites

• Especial Javier y Erica[5] by Erica Fustero
• El Tribunal Suprem reconeix el valor mediambiental de Les Moles però avala la seua desprotecció[6] by Acció Ecologista-AGRÓ
• Pluralistic: The web is bearable with RSS (07 Mar 2026)[7] by Pluralistic: Daily links from Cory Doctorow

If you are bored you can read any of these random entries from my favorites feed[8] or blogroll[9].

5: https://www.ericafustero.com/2026-04-especial-javier-y-erica

6: https://accioecologista-agro.org/el-tribunal-suprem-reconeix-el-valor-mediambiental-de-les-moles-pero-avala-la-seua-desproteccio/?utm_source=rss&amp;utm_medium=rss&amp;utm_campaign=el-tribunal-suprem-reconeix-el-valor-mediambiental-de-les-moles-pero-avala-la-seua-desproteccio

7: https://pluralistic.net/2026/03/07/reader-mode/

8: /favs

9: /blogroll

---

🏠 Home

📔 Gemlog

This capsule is in LEO

Next Page

Last Page

Random Page

This capsule is a part of the fediring

Previous

Next

Random