Author: S.Metler2 (25 Feb 13 10:09am)
Project Honey Pot has a substantial bug in it's 'IP behavior' statistics gathering logic.
I installed a Honey Pot on *my own* website to contribute to this project. This is a website that I developed and administrate.
I recently scanned *my own* website using N-Stalker Free Edition (N-Stalker is designed to scan a website for Web Vulnerabilities like XSS, Code Injection, Atypical Form Submissions, etc.)
Unfortunately, Project Honey Pot does not (cannot) distinguish a website's owner/administrator from the general public, even though I created and activated the Honey Pot using this same IP address.
Project Honey Pot logged me (scanning my own website) as 'malicious activity'.
As such, my IP address 'behavior profile' now indicates that I am a 'Threat Rating: 49' and a 'Comment Spammer' with '2,533 web post submission(s) sent from this IP'
The truth is that the statistics shown on my 'IP Behavior' profile page are caused by me auditing *my own* website for vulnerabilities.
I contacted Project Honey Pot about this serious bug and they admitted that this is a known issue, but they have so far refused to correct the inaccurate stats that they are publishing online.
I do not know why they are not willing to correct the bad stats, but this scenario has caused me as a website owner and voluntary contributor to this project to now be incorrectly labeled as a "Comment Spammer".
This would not have happened if I was not actively contributing to this very project and had never installed a Honey Pot in the first place.
*** WEBMASTERS BEWARE ***
This bug can cause Project Honey Pot contributors to be incorrectly labeled as "Malicious".
If you have a Honey Pot installed, the Project Honey Pot system will log you accessing your own website!
Project Honey Pot will label you as a Spammer, they will publish that incorrect information online and they will refuse to correct it.
|