My previous method to defeat bots with zipbombs is no longer effective. LLM-bots have better resources to fight back. Now, I have a new method and its a secret.

Ibrahim Diallo

A blog author shares how their zipbomb-based bot defense strategy has become counterproductive. Sophisticated AI-driven bots now detect and ignore zipbombs while continuing to send requests, causing the server to effectively DDoS itself by serving large 10MB files to hundreds of concurrent requests. The author explains the technical details: Apache workers consuming 1.5GB RAM instead of the usual 2MB when serving zipbombs through PHP, leading to server crashes. The zipbomb defense has been disabled, and a new undisclosed strategy has been adopted to handle modern bot traffic.

Zipbombs are not as effective as they used to be