April fool's joke: fake backup files as a prank

"Hackers" scan the web for directories like https://host/backup. Why not satisfy their curiosity?

I created two fake backups.

One has a 100TB empty file, with a fake header though, and with 9-10 GB of Frank Zappa albums in mp3 at the end. The (almost empty) file is real, non-encrypted. Of course, this is an old good zip bomb. I created it on a compressed ZFS volume, then compressed it with RAR. It took about two weeks, on a 12-core CPU.

The fake XML file can be extracted separately. "Keys" are random.

$ rar l bak_vol1_20240206.rar

RAR 6.23   Copyright (c) 1993-2023 Alexander Roshal   1 Aug 2023
Trial version             Type 'rar -?' for help

Archive: bak_vol1_20240206.rar
Details: RAR 5

 Attributes      Size     Date    Time   Name
----------- ---------  ---------- -----  ----
 -rw-r--r-- 107377640757136  2021-11-21 15:28  bak_vol1.bin
 -rw-------       215  2024-02-06 19:20  bak_vol1.xml
----------- ---------  ---------- -----  ----
      107377640757351                    2

...

$ rar x bak_vol1_20240206.rar bak_vol1.xml

$ cat bak_vol1.xml
<?xml version="1.0" encoding="UTF-8"?>
<Volume>
        <Creator>Dennis Yurichev</Creator>
        <Key1>R#P2KxRqe</Key1>
        <Key2>iyEv_gvZq</Key2>
        <Key3>QE$zLND6Q</Key3>
        <Key4>LHwN0)3Lm</Key4>
        <Date>202401-06</Date>
</Volume>

The other is like a nested "Russian" doll ("Matroska"): a lot of small files inside. And at the end a small file with an animated gif of the Trololo Man. The file is almost impossible to unpack manually, one have to create a script for it.

Sometimes someone download these files...


Update at 20250410 23:36:02 CEST.

One of these fake backup files was archived, presumably after me, publishing this blog post...

crawl900.us.archive.org - - [06/Apr/2025:08:12:06 +0200] "GET /backup/bak_vol2_20241206.rar HTTP/1.1" 200 1007377406 "-" "Mozilla/5.0 (compatible; archive.org_bot +http://archive.org/details/archive.org_bot) Zeno/d12da1d warc/v0.8.73"

I hope they will not try unpacking it...

(the post first published at 20250401, updated 20250410.)


List of my other blog posts.

Subscribe to my news feed,

Some time ago (before 24-Mar-2025) there was Disqus JS script for comments. I dropped it --- it was so motley, distracting, animated, with too much ads. I never liked it. Also, comments didn't appeared correctly (Disqus was buggy). Also, my blog is too chamberlike --- not many people write comments here. So I decided to switch to the model I once had at least in 2020 --- send me your comments by email to blog at yurichev dot com (don't forget to include URL to this blog post) and I'll copy&paste it here manually.

Let's party like it's ~1993-1996, in this ultimate, radical and uncompromisingly primitive pre-web1.0-style blog and website.