Message Board

Installing Honey Pots

Older Posts ]   [ Newer Posts ]
 [WARN] Security Risk found in honeypot's PHP code
Author: T.Mable   (26 Dec 13 3:44pm)
$postvars["tag4"] = md5(preg_replace("/[^a-zA-Z0-9]/","",$contents));
$postvars["ip"] = $_SERVER["REMOTE_ADDR"];
$postvars["svrn"] = $_SERVER["SERVER_NAME"];
$postvars["svp"] = $_SERVER["SERVER_PORT"];
$postvars["svip"] = isset($_SERVER["SERVER_ADDR"]) ? $_SERVER["SERVER_ADDR"] : "";
$postvars["rquri"] = isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : "";
$postvars["phpself"] = str_replace(' ','%20',$_SERVER["PHP_SELF"]);
$postvars["version"] = "php-".phpversion();
$postvars["sn"] = str_replace(' ','%20',$_SERVER["SCRIPT_NAME"]);
$postvars["ref"] = isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : "";
$postvars["uagnt"] = isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : "";

^ WHY do you need to know about:
svip: Server's local network IP address
version: Contains what type and what version of php

And
If svrn is alias(such as, "*.helpinghand.com"), and I donate some.helpinghand.com,
honeypot simply failes verification.

Those 2 information, svip and version, helps hackers to hack my website.
Would you remove these 2 things in next version? Please reconsider.
 
 Re: [WARN] Security Risk found in honeypot's PHP code
Author: T.Mable   (26 Dec 13 4:03pm)
> Why do you care? I am not afraid.
You are not a security guy, aren't you?

1. Make a php file below, save as "test.php".
---start---
<?php
$postvars=array();
//php data
$postvars["tag4"] = md5(preg_replace("/[^a-zA-Z0-9]/","",$contents));
$postvars["ip"] = $_SERVER["REMOTE_ADDR"];
$postvars["svrn"] = $_SERVER["SERVER_NAME"];
$postvars["svp"] = $_SERVER["SERVER_PORT"];
$postvars["svip"] = isset($_SERVER["SERVER_ADDR"]) ? $_SERVER["SERVER_ADDR"] : "";
$postvars["rquri"] = isset($_SERVER["REQUEST_URI"]) ? $_SERVER["REQUEST_URI"] : "";
$postvars["phpself"] = str_replace(' ','%20',$_SERVER["PHP_SELF"]);
$postvars["version"] = "php-".phpversion();
$postvars["sn"] = str_replace(' ','%20',$_SERVER["SCRIPT_NAME"]);
$postvars["ref"] = isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : "";
$postvars["uagnt"] = isset($_SERVER["HTTP_USER_AGENT"]) ? $_SERVER["HTTP_USER_AGENT"] : "";
//yell
print_r($postvars);
?>
---end---
2. Upload it to your honeypot location.
ex. If you uploaded your honeypot to /yum/, test.php goes there too.

3. Access it from your browser.
ex. hxxp://www.com/x/test.php

If you see your network's IP address, server's real name, php path which is hidden,
you should remove honeypot right away.



You may browse the discussion topics, but you must sign in to post. If you do not have an account, you can create one for free.

do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–24, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email