Message Board

Installing Honey Pots

Another Validation Error

Author: C.Pettinger (24 Nov 04 12:35pm)

I also can not get past the Validation error. I have tried this with both the Perl version and the PHP version and get identical results -- Validation Error. I have regenerated the Perl version twice with no luck.

This is what I know.
1. Permissions set correctly. Although I know very little about PHP, I run quite a few Perl scripts on my site and have no reason to believe there is an installation error on my part. I would be happy to find out there was a goof-up as I could then get it working!
2. I am running this on a .info domain. I was curious if there was something back at Project Central that didn't like the .info extension.
3. Port 80 outbound is not blocked. I am going off to run tethereal on this right now to see if I can watch the exchange between me and the Project servers.

Any help/flames welcome. I will post more as I try to get an analyzer dump.

Thanks.

Re: Another Validation Error

Author: C.Pettinger (24 Nov 04 1:17pm)

This is two attempts back-to-back. Don't think some of these are normal. I notice the "previous segment lost" and "dup ack". I'll have to brush off my Sniffer notes....

Would be curious to know what the Project folks see on their end.

Thanks.

4.080693 mynet.41 -> mynet.2 DNS Standard query A hpr5.projecthoneypot.org
4.082695 mynet.2 -> mynet.41 DNS Standard query response A 66.135.39.84
4.083027 mynet.41 -> 66.135.39.84 TCP 59190 > http [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=1051084074 TSER=0 WS=0
4.169450 66.135.39.84 -> mynet.41 TCP http > 59190 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=193243775 TSER=1051084074 WS=0
4.169502 mynet.41 -> 66.135.39.84 TCP 59190 > http [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=1051084083 TSER=193243775
4.169680 mynet.41 -> 66.135.39.84 HTTP POST /cgi/serve.php HTTP/1.1
4.258111 66.135.39.84 -> mynet.41 TCP http > 59190 [ACK] Seq=1 Ack=206 Win=6432 Len=0 TSV=193243784 TSER=1051084083
4.258208 mynet.41 -> 66.135.39.84 HTTP Continuation
4.347264 66.135.39.84 -> mynet.41 TCP http > 59190 [ACK] Seq=1 Ack=647 Win=7504 Len=0 TSV=193243793 TSER=1051084092
4.388155 66.135.39.84 -> mynet.41 TCP [TCP Previous segment lost] http > 59190 [FIN, ACK] Seq=592 Ack=647 Win=7504 Len=0 TSV=193243797 TSER=1051084092
4.388236 mynet.41 -> 66.135.39.84 TCP [TCP Dup ACK 178#1] 59190 > http [ACK] Seq=647 Ack=1 Win=5840 Len=0 TSV=1051084105 TSER=193243793 SLE=2373429651 SRE=2373429652
4.391800 66.135.39.84 -> mynet.41 HTTP HTTP/1.1 200 OK (text/html)
4.391924 mynet.41 -> 66.135.39.84 TCP 59190 > http [ACK] Seq=647 Ack=593 Win=6501 Len=0 TSV=1051084105 TSER=193243797
4.392002 mynet.41 -> 66.135.39.84 TCP 59190 > http [FIN, ACK] Seq=647 Ack=593 Win=6501 Len=0 TSV=1051084105 TSER=193243797
4.478460 66.135.39.84 -> mynet.41 TCP http > 59190 [ACK] Seq=593 Ack=648 Win=7504 Len=0 TSV=193243806 TSER=1051084105
7.141387 mynet.41 -> mynet.2 DNS Standard query A hpr5.projecthoneypot.org
7.143366 mynet.2 -> mynet.41 DNS Standard query response A 66.135.39.84
7.143683 mynet.41 -> 66.135.39.84 TCP 59192 > http [SYN] Seq=0 Ack=0 Win=5840 Len=0 MSS=1460 TSV=1051084380 TSER=0 WS=0
7.230180 66.135.39.84 -> mynet.41 TCP http > 59192 [SYN, ACK] Seq=0 Ack=1 Win=5792 Len=0 MSS=1460 TSV=193244081 TSER=1051084380 WS=0
7.230238 mynet.41 -> 66.135.39.84 TCP 59192 > http [ACK] Seq=1 Ack=1 Win=5840 Len=0 TSV=1051084389 TSER=193244081
7.230408 mynet.41 -> 66.135.39.84 HTTP POST /cgi/serve.php HTTP/1.1
7.318637 66.135.39.84 -> mynet.41 TCP http > 59192 [ACK] Seq=1 Ack=206 Win=6432 Len=0 TSV=193244090 TSER=1051084389
7.318716 mynet.41 -> 66.135.39.84 HTTP Continuation
7.408418 66.135.39.84 -> mynet.41 TCP http > 59192 [ACK] Seq=1 Ack=647 Win=7504 Len=0 TSV=193244099 TSER=1051084398
7.450138 66.135.39.84 -> mynet.41 TCP [TCP Previous segment lost] http > 59192 [FIN, ACK] Seq=592 Ack=647 Win=7504 Len=0 TSV=193244103 TSER=1051084398
7.450216 mynet.41 -> 66.135.39.84 TCP [TCP Dup ACK 295#1] 59192 > http [ACK] Seq=647 Ack=1 Win=5840 Len=0 TSV=1051084411 TSER=193244099 SLE=2389348090 SRE=2389348091
7.453782 66.135.39.84 -> mynet.41 HTTP HTTP/1.1 200 OK (text/html)
7.453900 mynet.41 -> 66.135.39.84 TCP 59192 > http [ACK] Seq=647 Ack=593 Win=6501 Len=0 TSV=1051084411 TSER=193244103
7.453979 mynet.41 -> 66.135.39.84 TCP 59192 > http [FIN, ACK] Seq=647 Ack=593 Win=6501 Len=0 TSV=1051084411 TSER=193244103
7.540418 66.135.39.84 -> mynet.41 TCP http > 59192 [ACK] Seq=593 Ack=648 Win=7504 Len=0 TSV=193244112 TSER=1051084411

Re: Another Validation Error

Author: M.Prince (24 Nov 04 2:53pm)

Looks like we had a bug on our end with honey pots installed on .info domains. It's fixed now. Sorry for the trouble, but thanks for letting us know!

PS - Glad we didn't have to get into diagnosing ACK sequences!

Re: Another Validation Error

Author: C.Pettinger (24 Nov 04 3:31pm)

Don't be knocking ACK sequences! ;-)
Me and my ACKs are quite happy now. Thanks for the help!

BTW, I am VERY impressed with how comprehensive things are for a project that is just starting out. Little things like customizing the README file and sending customized, example HTML after the install.... Not that we are idiots and couldn't figure it out, it just makes it much easier and quicker to get things going.

Curious about upgrading. When you release a new version of the script, wil we:
a. Get notified automatically?
b. Be able to drop it right in place or will we have to go through a registration process again?

Thanks again!

Re: Another Validation Error

Author: M.Prince (24 Nov 04 5:33pm)

Thank you very much for the kind words. Hearing that all the attention to detail is noticed and makes things easier means a lot to all of us. We're thrilled by how well the Project has been received and hope it will only continue to grow as more data rolls in.

Most of the customization and nitty-gritty details to make the process for users easier are due to Lee Holloway, our rock star PHP developer. We dreamed up this project months ago thinking it would be easy to implement. Very quickly it became clear that there were layers and layers of complexity (you wouldn't believe, for example, how many different ways we've found for people to setup PHP so it doesn't pass back ENV variables). At every step Lee has been able to find not only solutions, but elegant solutions.

As for upgrades, we have some upgrades in the works to add features and fix a few bugs. For example, we want to help bloggers track "comment spammers." What we're planning to do is include a form on the honey pot page and track what gets submitted to it. There are a number of other tweaks and features we've started making a list of and hope to work into the scripts once things settle down and stabilize with the initial wave of signups.

We'll try and make updating your script as easy as possible. My guess is that we'll send out a notice at some point via email. Probably what you'll have to do is go to the Download New Script page. It will be pre-filled with your existing settings. If you want to keep them the same and just get the new version you'll just click the download button. You can replace the old script with the new one. You'll still have to activate it just so we can be sure it's in the right place and working, but all the hidden links you've included on your pages shouldn't need to be recreated.

If there's anything you'd suggest we do to make the process easier, we're happy to see if there's a way to work it into our process. Thanks to everyone for support of the Project!