April fool's joke: fake backup files as a prank

"Hackers" scan the web for directories like https://host/backup. Why not satisfy their curiosity?

I created two fake backups.

One has a 100TB empty file, with a fake header though, and with 9-10 GB of Frank Zappa albums in mp3 at the end. The (almost empty) file is real, non-encrypted. Of course, this is an old good zip bomb. I created it on a compressed ZFS volume, then compressed it with RAR. It took about two weeks, on a 12-core CPU.

The fake XML file can be extracted separately. "Keys" are random. 

$ rar l bak_vol1_20240206.rar

RAR 6.23   Copyright (c) 1993-2023 Alexander Roshal   1 Aug 2023
Trial version             Type 'rar -?' for help

Archive: bak_vol1_20240206.rar
Details: RAR 5

 Attributes      Size     Date    Time   Name
----------- ---------  ---------- -----  ----
 -rw-r--r-- 107377640757136  2021-11-21 15:28  bak_vol1.bin
 -rw-------       215  2024-02-06 19:20  bak_vol1.xml
----------- ---------  ---------- -----  ----
      107377640757351                    2

...

$ rar x bak_vol1_20240206.rar bak_vol1.xml

$ cat bak_vol1.xml
<?xml version="1.0" encoding="UTF-8"?>
<Volume>
        <Creator>Dennis Yurichev</Creator>
        <Key1>R#P2KxRqe</Key1>
        <Key2>iyEv_gvZq</Key2>
        <Key3>QE$zLND6Q</Key3>
        <Key4>LHwN0)3Lm</Key4>
        <Date>202401-06</Date>
</Volume>

The other is like a nested "Russian" doll ("Matroska"): a lot of small files inside. And at the end a small file with an animated gif of the Trololo Man. The file is almost impossible to unpack manually, one have to create a script for it.

Sometimes someone download these files...

(the post first published at 20250401.)

List of my other blog posts.

Subscribe to my news feed,

Some time ago (before 24-Mar-2025) there was Disqus JS script for comments. I dropped it --- it was so motley, distracting, animated, with too much ads. I never liked it. Also, comments didn't appeared correctly (Disqus was buggy). Also, my blog is too chamberlike --- not many people write comments here. So I decided to switch to the model I once had at least in 2020 --- send me your comments by email to blog at yurichev dot com (don't forget to include URL to this blog post) and I'll copy&paste it here manually

Let's party like it's ~1993-1996, in this ultimate, radical and uncompromisingly primitive pre-web1.0-style blog and website.