Message Board

Installing Honey Pots

outbound connections disabled?

Author: C.Ross2 (21 Nov 10 4:57am)

I am just installing a php honeypot script and when I go to the honeypot.php I get the error saying that outbound connections may be disabled.

I have a dedicated server and am not sure where to look to allow the connection.

I have cPanel and WHM and CSF firewall installed. I checked the firewall settings for outgoing TCP connections and the http port 80 is listed as allowed.

I do have some disabled php functions that are
ni_set,exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source, phpinfo,popen, proc_open,allow_url_fopen,apache_get_modules,apache_get_version,apache_getenv,apache_note,apache_setenv,disk_free_space,diskfreespace,dl,highlight_file,ini_alter,ini_restore,openlog,proc_nice,symlink,fsockopen

Are any of them required to connect? If not do you have any suggestions how I can allow the connection? I do not have a support option for the server, so there is no one to contact, although I have posted on a linux forum, but hoping someone here may know as no replies as of yet there.

Re: outbound connections disabled?

Author: MadAlex (20 Nov 19 3:56pm)

Being of the paranoid type, I am busy reading through the provided PHP script before letting it anywhere near my precious server and have seen that it gets additional PHP code from projecthoneypot.org by passing a URL to file_get_contents. That will require the allow_url_fopen option to be enabled, which will be why things are failing for you. ...or at least, that will be the immediate problem!

If, like me, you are uncomfortable enabling that setting due to the associated increase in scope for injection attacks, or if you do not have control over the PHP installation, the best option feels like modifying the script to use the curl functions to get the additional code instead of file_get_contents, provided those are available to you. I have yet to see that work though...