"Hackers" scan the web for directories like https://host/backup. Why not satisfy their curiosity?
I created two fake backups.
One has a 100TB empty file, with a fake header though, and with 9-10 GB of Frank Zappa albums in mp3 at the end. The (almost empty) file is real, non-encrypted. Of course, this is an old good zip bomb. I created it on a compressed ZFS volume, then compressed it with RAR. It took about two weeks, on a 12-core CPU.
The fake XML file can be extracted separately. "Keys" are random.
$ rar l bak_vol1_20240206.rar
RAR 6.23 Copyright (c) 1993-2023 Alexander Roshal 1 Aug 2023
Trial version Type 'rar -?' for help
Archive: bak_vol1_20240206.rar
Details: RAR 5
Attributes Size Date Time Name
----------- --------- ---------- ----- ----
-rw-r--r-- 107377640757136 2021-11-21 15:28 bak_vol1.bin
-rw------- 215 2024-02-06 19:20 bak_vol1.xml
----------- --------- ---------- ----- ----
107377640757351 2
...
$ rar x bak_vol1_20240206.rar bak_vol1.xml
$ cat bak_vol1.xml
<?xml version="1.0" encoding="UTF-8"?>
<Volume>
<Creator>Dennis Yurichev</Creator>
<Key1>R#P2KxRqe</Key1>
<Key2>iyEv_gvZq</Key2>
<Key3>QE$zLND6Q</Key3>
<Key4>LHwN0)3Lm</Key4>
<Date>202401-06</Date>
</Volume>
The other is like a nested "Russian" doll ("Matroska"): a lot of small files inside. And at the end a small file with an animated gif of the Trololo Man. The file is almost impossible to unpack manually, one have to create a script for it.
Sometimes someone download these files...
Update at 20250410 23:36:02 CEST.
One of these fake backup files was archived, presumably after me, publishing this blog post...
crawl900.us.archive.org - - [06/Apr/2025:08:12:06 +0200] "GET /backup/bak_vol2_20241206.rar HTTP/1.1" 200 1007377406 "-" "Mozilla/5.0 (compatible; archive.org_bot +http://archive.org/details/archive.org_bot) Zeno/d12da1d warc/v0.8.73"
I hope they will not try unpacking it...
Some time ago (before 24-Mar-2025) there was Disqus JS script for comments. I dropped it --- it was so motley, distracting, animated, with too much ads. I never liked it. Also, comments didn't appeared correctly (Disqus was buggy). Also, my blog is too chamberlike --- not many people write comments here. So I decided to switch to the model I once had at least in 2020 --- send me your comments by email to blog at yurichev dot com (don't forget to include URL to this blog post) and I'll copy&paste it here manually.
Let's party like it's ~1993-1996, in this ultimate, radical and uncompromisingly primitive pre-web1.0-style blog and website.