Message Board

Installing Honey Pots

Older Posts ]   [ Newer Posts ]
 [WARN] Security Risk found in honeypot's PHP code
Author: T.Mable   (26 Dec 13 3:44pm)
$postvars["tag4"] = md5(preg_replace("/[^a-zA-Z0-9]/","",$contents));
$postvars["ip"] = $_SERVER["REMOTE_ADDR"];
$postvars["svrn"] = $_SERVER["SERVER_NAME"];
$postvars["svp"] = $_SERVER["SERVER_PORT"];
$postvars["svip"] = isset($_SERVER["SERVER_ADDR"]) ? $_SERVER["SERVER_ADDR"] : "";
$postvars["rquri"] = isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : "";
$postvars["phpself"] = str_replace(' ','%20',$_SERVER["PHP_SELF"]);
$postvars["version"] = "php-".phpversion();
$postvars["sn"] = str_replace(' ','%20',$_SERVER["SCRIPT_NAME"]);
$postvars["ref"] = isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : "";
$postvars["uagnt"] = isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : "";

^ WHY do you need to know about:
svip: Server's local network IP address
version: Contains what type and what version of php

And
If svrn is alias(such as, "*.helpinghand.com"), and I donate some.helpinghand.com,
honeypot simply failes verification.

Those 2 information, svip and version, helps hackers to hack my website.
Would you remove these 2 things in next version? Please reconsider.
 
 Re: [WARN] Security Risk found in honeypot's PHP code
Author: T.Mable   (26 Dec 13 4:03pm)
> Why do you care? I am not afraid.
You are not a security guy, aren't you?

1. Make a php file below, save as "test.php".
---start---
<?php
$postvars=array();
//php data
$postvars["tag4"] = md5(preg_replace("/[^a-zA-Z0-9]/","",$contents));
$postvars["ip"] = $_SERVER["REMOTE_ADDR"];
$postvars["svrn"] = $_SERVER["SERVER_NAME"];
$postvars["svp"] = $_SERVER["SERVER_PORT"];
$postvars["svip"] = isset($_SERVER["SERVER_ADDR"]) ? $_SERVER["SERVER_ADDR"] : "";
$postvars["rquri"] = isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : "";
$postvars["phpself"] = str_replace(' ','%20',$_SERVER["PHP_SELF"]);
$postvars["version"] = "php-".phpversion();
$postvars["sn"] = str_replace(' ','%20',$_SERVER["SCRIPT_NAME"]);
$postvars["ref"] = isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : "";
$postvars["uagnt"] = isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : "";
//yell
print_r($postvars);
?>
---end---
2. Upload it to your honeypot location.
ex. If you uploaded your honeypot to /yum/, test.php goes there too.

3. Access it from your browser.
ex. hxxp://www.com/x/test.php

If you see your network's IP address, server's real name, php path which is hidden,
you should remove honeypot right away.



do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–17, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email