nh-mike/10G Gzip Bomb, 42.zip protected Nginx web server

## 10G Gzip Bomb, 42.zip protected Nginx web server
Implemented from the Hackaday Article, "[DROPPING ZIP BOMBS ON VULNERABILITY SCANNERS](https://hackaday.com/2017/07/08/dropping-zip-bombs-on-vulnerability-scanners/)", this is my implementation on my own Nginx web server.
Also, I have added 42.zip as some software automatically extracts zip files (which would be rather unwise for them).
For anybody who doesn't match the criteria or needing to be gzip bombed or 42.zipped, we close the connection without informing them.

As I use this nginx server as a reverse proxy, nothing is really happening in this config file other than raw nuking. All my own services have DNS records, however illegitimate traffic accesses by IP and is tested in this file.

I occasionally check my access logs for anything that looks like a crawler or hack tool scanner, and add it into the location blocks here.

## default.conf
server {
    listen      80 default;
    server_name _;

    location / {
        access_log /var/log/nginx/notnuked.access.log;
        error_log  /var/log/nginx/notnuked.error.log;
        return 444;
    }

    location ~* \.(zip|tar\.gz|mp4)$ {
        access_log /var/log/nginx/nuked.access.log;
        error_log  /var/log/nginx/nuked.error.log;
        root /usr/share/nginx/html/;
        try_files $uri /42.zip;
    }

    location ~* ^(\/(\+CSCOE\+|.env|.htaccess|\?XDEBUG_SESSION_START|Autodiscover|GponForm|HNAPI|_ignition|ab2g|actuator|admin|administrator|api|boaform|cgi-bin|config|console|design|dnslookup|ecp|en|images|manage|manager|MGLNDD|mifs|owa|phpMyAdmin.*|pma.*|recordings|remote|setup.cgi|solr|stalker_portal|static|vendor|wp-content)|\\x[0-9a-zA-Z]+) {
        access_log /var/log/nginx/nuked.access.log;
        error_log  /var/log/nginx/nuked.error.log;
        fastcgi_pass unix:/var/run/php-fpm/php.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html/nukeAttackers.php;
        include fastcgi_params;
    }
}

server {
    listen      443 default;
    server_name _;

    add_header                 Strict-Transport-Security "max-age=31536000; includeSubDomains; preload;";

    ssl_protocols              TLSv1.3 TLSv1.2;
    ssl_session_cache          builtin:1000  shared:SSL:10m;
    ssl_session_timeout        1d;
    ssl_ciphers                ALL:!RSA:!CAMELLIA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SHA1:!SHA256:!SHA384;
    ssl_prefer_server_ciphers  on;
    ssl_certificate            /etc/nginx/localcerts/localhost.crt;
    ssl_certificate_key        /etc/nginx/localcerts/localhost.key;

    location / {
        root /usr/share/nginx/html;
        access_log /var/log/nginx/notnuked.access.log;
        error_log  /var/log/nginx/notnuked.error.log;
        return 444;
    }

    location ~* \.(zip|tar\.gz|mp4)$ {
        access_log     /var/log/nginx/nuked.access.log;
        error_log      /var/log/nginx/nuked.error.log;
        root           /usr/share/nginx/html;
        try_files      $uri /42.zip;
    }

    location ~* ^(\/(\+CSCOE\+|.env|.htaccess|\?XDEBUG_SESSION_START|Autodiscover|GponForm|HNAPI|_ignition|ab2g|actuator|admin|administrator|api|boaform|cgi-bin|config|console|design|dnslookup|ecp|en|images|manage|manager|MGLNDD|mifs|owa|phpMyAdmin.*|pma.*|recordings|remote|setup.cgi|solr|stalker_portal|static|vendor|wp-content)|\\x[0-9a-zA-Z]+) {
        access_log /var/log/nginx/nuked.access.log;
        error_log  /var/log/nginx/nuked.error.log;
        fastcgi_pass unix:/var/run/php-fpm/php.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html/nukeAttackers.php;
        include fastcgi_params;
    }
}

## nukeAttackers.php
<?php
//prepare the client to recieve GZIP data. This will not be suspicious
//since most web servers use GZIP by default
header("Content-Encoding: gzip");
header("Content-Length: ".filesize('10Gzipbomb.gzip'));
//Turn off output buffering
if (ob_get_level()) ob_end_clean();
//send the gzipped file to the client
readfile('10Gzipbomb.gzip');
	Implemented from the Hackaday Article, "[DROPPING ZIP BOMBS ON VULNERABILITY SCANNERS](https://hackaday.com/2017/07/08/dropping-zip-bombs-on-vulnerability-scanners/)", this is my implementation on my own Nginx web server.
	Also, I have added 42.zip as some software automatically extracts zip files (which would be rather unwise for them).
	For anybody who doesn't match the criteria or needing to be gzip bombed or 42.zipped, we close the connection without informing them.

	As I use this nginx server as a reverse proxy, nothing is really happening in this config file other than raw nuking. All my own services have DNS records, however illegitimate traffic accesses by IP and is tested in this file.

	I occasionally check my access logs for anything that looks like a crawler or hack tool scanner, and add it into the location blocks here.
	server {
	listen 80 default;
	server_name _;

	location / {
	access_log /var/log/nginx/notnuked.access.log;
	error_log /var/log/nginx/notnuked.error.log;
	return 444;
	}

	location ~* \.(zip\|tar\.gz\|mp4)$ {
	access_log /var/log/nginx/nuked.access.log;
	error_log /var/log/nginx/nuked.error.log;
	root /usr/share/nginx/html/;
	try_files $uri /42.zip;
	}

	location ~* ^(\/(\+CSCOE\+\|.env\|.htaccess\|\?XDEBUG_SESSION_START\|Autodiscover\|GponForm\|HNAPI\|_ignition\|ab2g\|actuator\|admin\|administrator\|api\|boaform\|cgi-bin\|config\|console\|design\|dnslookup\|ecp\|en\|images\|manage\|manager\|MGLNDD\|mifs\|owa\|phpMyAdmin.\|pma.\|recordings\|remote\|setup.cgi\|solr\|stalker_portal\|static\|vendor\|wp-content)\|\\x[0-9a-zA-Z]+) {
	access_log /var/log/nginx/nuked.access.log;
	error_log /var/log/nginx/nuked.error.log;
	fastcgi_pass unix:/var/run/php-fpm/php.sock;
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html/nukeAttackers.php;
	include fastcgi_params;
	}
	}

	server {
	listen 443 default;
	server_name _;

	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload;";

	ssl_protocols TLSv1.3 TLSv1.2;
	ssl_session_cache builtin:1000 shared:SSL:10m;
	ssl_session_timeout 1d;
	ssl_ciphers ALL:!RSA:!CAMELLIA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SHA1:!SHA256:!SHA384;
	ssl_prefer_server_ciphers on;
	ssl_certificate /etc/nginx/localcerts/localhost.crt;
	ssl_certificate_key /etc/nginx/localcerts/localhost.key;

	location / {
	root /usr/share/nginx/html;
	access_log /var/log/nginx/notnuked.access.log;
	error_log /var/log/nginx/notnuked.error.log;
	return 444;
	}

	location ~* \.(zip\|tar\.gz\|mp4)$ {
	access_log /var/log/nginx/nuked.access.log;
	error_log /var/log/nginx/nuked.error.log;
	root /usr/share/nginx/html;
	try_files $uri /42.zip;
	}

	location ~* ^(\/(\+CSCOE\+\|.env\|.htaccess\|\?XDEBUG_SESSION_START\|Autodiscover\|GponForm\|HNAPI\|_ignition\|ab2g\|actuator\|admin\|administrator\|api\|boaform\|cgi-bin\|config\|console\|design\|dnslookup\|ecp\|en\|images\|manage\|manager\|MGLNDD\|mifs\|owa\|phpMyAdmin.\|pma.\|recordings\|remote\|setup.cgi\|solr\|stalker_portal\|static\|vendor\|wp-content)\|\\x[0-9a-zA-Z]+) {
	access_log /var/log/nginx/nuked.access.log;
	error_log /var/log/nginx/nuked.error.log;
	fastcgi_pass unix:/var/run/php-fpm/php.sock;
	fastcgi_index index.php;
	fastcgi_param SCRIPT_FILENAME /usr/share/nginx/html/nukeAttackers.php;
	include fastcgi_params;
	}
	}
	<?php
	//prepare the client to recieve GZIP data. This will not be suspicious
	//since most web servers use GZIP by default
	header("Content-Encoding: gzip");
	header("Content-Length: ".filesize('10Gzipbomb.gzip'));
	//Turn off output buffering
	if (ob_get_level()) ob_end_clean();
	//send the gzipped file to the client
	readfile('10Gzipbomb.gzip');