Message Board

Installing Honey Pots

Older Posts ]   [ Newer Posts ]
 Sharing Honey Pots
Author: A.Timmer   (26 Oct 06 3:57am)
I was thinking of sharing my honey pot with some friends who cannot install scripts on their own server.

Now just providing them a link to my honey pot to put on their pages would be the easy way, I guess, but to make things a bit more difficult I was thinking of giving them links to bogus files on my server and make a htaccess redirect to the honeypot.

I know this works with "normal" visitors but will it also work for bots ?

So, main question is: Does a server side redirect (using htaccess) work for bots too ???
 
 Re: Sharing Honey Pots
Author: V.Madsen   (27 Oct 06 7:40am)
If the redirect is server-side it should work fine with bots as well as humans.

If you want to test it manually, open a terminal (or DOS) window and run:

telnet www.hostname.com 80

and then type

GET /filename.php HTTP/1.1
Host: www.hostname.com

and finish by entering an empty line (just hit enter twice).

If you receive a lot of HTML-data back, you were most likely patched through to the honeypot page. (On the other hand, if you only receive a couple of lines back, including a "Location: http://something...", the redirect is client-side, and bots may or may not follow the link.)

Or send me the URL and I'll be happy to test. :-) My email-address can be composed using the following parts: com gmail vidarino

Vidar
 
 Re: Sharing Honey Pots
Author: A.Timmer   (27 Oct 06 6:42pm)
Thanks Vidar,

I typed:
GET /boguspage.php HTTP/1.1
Host: www.mydomain.nl

and received this back:

HTTP/1.1 301 Moved Permanently
Date: Fri, 27 Oct 2006 22:17:35 GMT
Server: Apache/2.0.59 (Unix) mod_perl/1.99_17-dev Perl/v5.8.5 mod_ssl/2.0.59 OpenSSL/0.9.7a PHP/4.4.4 FrontPage/5.0.2.2634
Location: http://www.mydomain.nl/myhoneypot.html
Content-Length: 412
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head><title>301 Moved Permanently</title>
</head><body><h1>Moved Permanently</h1>
<p>The document has moved<a href="http://www.mydomain.nl/myhoneypot.html">here</a>.</p>
<hr><address>Apache/2.0.59 (Unix) mod_perl/1.99_17-dev Perl/v5.8.5 mod_ssl/2.0.59 OpenSSL/0.9.7a P
HP/4.4.4 FrontPage/5.0.2.2634 Server at www.mydomain.nl Port 80</address>
</body></html>

NOTE the location says "myhoneypot.html" because I'm using an html file for testing instead of the real honeypot php file !

The location is the correct location used as a redirect in my .htaccess file :

Redirect permanent /boguspage.php http://www.mydomain.nl/myhoneypot.html

Now does this mean it works for bots?

I know it works if I test it in my browser. I get redirected to the honeypot.html file just fine.
 
 Re: Sharing Honey Pots
Author: V.Madsen   (28 Oct 06 6:21am)
It may or may not work, but my bet is that it will. I think most bots would note the redirection URL and follow it, but some stupid ones might not. However, the HTML itself contains a "proper" link to the honeypot-page and if the bots miss that, too, they're really dumb. ;-)

Hmm, it would actually be interesting to try to fingerprint the different bots by monitoring their behaviour in cases like these, actually, combined with, say, their reported User-Agent, referrer, etc.

Vidar



do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–17, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email