Nepenthes is a tarpit to catch AI web crawlers

Haha, this would be an amazing way to test the ChatGPT crawler reflective DDOS vulnerability [1] I published last week.

Basically a single HTTP Request to ChatGPT API can trigger 5000 HTTP requests by ChatGPT crawler to a website.

The vulnerability is/was thoroughly ignored by OpenAI/Microsoft/BugCrowd but I really wonder what would happen when ChatGPT crawler interacts with this tarpit several times per second. As ChatGPT crawler is using various Azure IP ranges I actually think the tarpit would crash first.

The vulnerability reporting experience with OpenAI / BugCrowd was really horrific. It's always difficult to get attention for DOS/DDOS vulnerabilities and companies always act like they are not a problem. But if their system goes dark and the CEO calls then suddenly they accept it as a security vulnerability.

I spent a week trying to reach OpenAI/Microsoft to get this fixed, but I gave up and just published the writeup.

I don't recommend you to exploit this vulnerability due to legal reasons.

[1] https://github.com/bf/security-advisories/blob/main/2025-01-...

I am not surprised that OpenAI is not interested if fixing this.

Their security.txt email address replies and asks you to go on BugCrowd. BugCrowd staff is unwilling (or too incompetent) to run a bash curl command to reproduce the issue, while also refusing to forward it to OpenAI.

The support@openai.com waits an hour before answering with ChatGPT answer.

Issues raised on GitHub directly towards their engineers were not answered.

Also Microsoft CERT & Azure security team do not reply or care respond to such things (maybe due to lack of demonstrated impact).

why try this hard for a private company that doesn't employ you?

I always wonder why people not working or planning to work in infosec do this. I get giving up your free time to build open source functionality used by rich for-profit companies that will just make them rich because that's the nature of open source. But literally giving your free time to help a rich company get richer that I do not get. My only explanation is that they enjoy the process. It's like people spending their free time giving information and resources when they would not do that if that person was in front of them.

You are on hackernews. It’s curiosity not only about the flaw in their system but also how they as a system react to the flaw. Tells you a lot about companies you can later avoid when recruiters knock or you send out resumes.

I know I am on HN. Curiosity is one thing, investigating issues for free for a rich company is another. The former makes sense to me. The latter not as much, when we live in a world with all sorts of problems that are available to be solved.

I think judging the future state of a company based on its present state is not really fair or reliable especially as the period between the two states gets wider. Culture change (see Google), CxOs leave (OpenAI) and the board changes over time.

> I know I am on HN. Curiosity is one thing, investigating issues for free for a rich company is another.

The vulnerability https://github.com/bf/security-advisories/blob/main/2025-01-... targets other sites than OpenAI. OpenAI's crawler is rather the instrument of the crime for the attack.

Since this "just" leads to a potential reputation damage for OpenAI (and OpenAI's reputation is by now bad), and the victims are operators of other websites, I can see why OpenAI sees no urgency for fixing this bug.