Message Board

Bugs & Development

Older Posts ]   [ Newer Posts ]
 Quicklinks access
Author: M.Samios   (8 Jun 09 6:04am)
Ok I just gone through the instructions and basic operation of the quicklinks. So basically a site sets up a hidden link that when someone clicks on it it is presumed to be of suspicious activity.

Correct me if I am wrong but IMO this may backfire once such links are detected. An external server can force redirects to these links by sending redirect headers to the client end. Thus the client will end up accessing the quick link.

Eg: in PHP
quicklink assigned: http://www.example.com/honeypot.html

External Server response knowing url.
<?php
header("HTTP/1.1 301");
header("Location: http://www.example.com/honeypot.html");
exit();
?>
And can be done on specific IPs for instance when a popular spider or legit visitor accesses a page on the external server.

There should be some mechanism in place to better encode the link with an algorithm to avoid false positives. For instance the site could generate a link parameter that would take into account the ip that accesses the page as well as an identifier given by honeypot.

Eg:
http://www.example.com/honeypot.html?id=encoded_visited_ip_with_identifier_given_by_honeypot

This could help avoid errors and still keep the integration of quicklinks simple. If the ip doesn't match following decoding or if the identifier is incorrect then the attempt can be discarded.
 
 Re: Quicklinks access
Author: B.L5   (8 Jun 09 7:23pm)
The problem with a 301 redirect would be exactly the same as the problem with a plain link. A 301 redirect simply shows the browser where to go, it doesn't force it. The browser still knows where the page it's going to is.

But with 40,211,175 active honey pots (http://www.projecthoneypot.org/statistics.php) and more being added daily, I don't think anyone would be able to make a database of all of them. The point of Project Honey Pot is to be sneaky and track the spammers without them knowing they're being tracked.

So don't bother with a 301 redirect, just link using the given methods - or maybe add a few extra locations for the honeypot using mod_rewrite. Just keep the original location accessible.



You may browse the discussion topics, but you must sign in to post. If you do not have an account, you can create one for free.

do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–24, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email