Message Board

Installing Honey Pots

Simple way to use honeypot on any php5 webserver

Author: D.DRX (26 Apr 07 10:59am)

I've written this small but simple script:

http://www.dreamwerx.net/honeypot/

There are 2 files - the php script which queries the DNS - you'll need to modify the key at the top, and the notification email (you may choose to comment this out but for initial testing it's quite nice) - Also at the bottom you can modify the conditions on which it blocks (threat score/etc.)

The 2nd file is a sample .htaccess which tells php to prepend that file before all other scripts (such as phpbb/whatever). This can also be done via the php.ini file if you have control over it and it will affect ALL vhosts.

If you have any feedback/patches/changes, please drop me an email. Happy blocking.

Re: Simple way to use honeypot on any php5 webserver

Author: J.Haywood (26 Apr 07 4:35pm)

Would you know off hand if there is an equivelant for dns_get_record() in PHP4.4.x ?
If not I could probably knock something up. I have not studied PHP 5.x.x much so hopefully there or no other new functions in there that I'll have to circumvent.

Re: Simple way to use honeypot on any php5 webserver

Author: D.DRX (26 Apr 07 4:46pm)

As far as I know there is no internal php4 equivalent.. The easiest thing to do if you need to run on php4 would be to probably grab the PEAR::Net_DNS package, it I believe runs on php4 and could be swapped in quite easily.

http://pear.php.net/package/Net_DNS

Re: Simple way to use honeypot on any php5 webserver

Author: J.Haywood (26 Apr 07 4:56pm)

I'll take a look, many thanks!

Re: Simple way to use honeypot on any php5 webserver

Author: J.Yard2 (4 May 07 11:35pm)

How can we use this and still have our html files parsed by Apache for SSI?

So far I've just been running my PHP http:BL lookup as an SSI in my footer html file which is part of nearly all my pages. Then adding on the Honey Pot and Poison if it's a bad bot.