Message Board

Installing Honey Pots

Older Posts ]   [ Newer Posts ]
 Sharing Honey Pots
Author: A.Timmer   (26 Oct 06 3:57am)
I was thinking of sharing my honey pot with some friends who cannot install scripts on their own server.

Now just providing them a link to my honey pot to put on their pages would be the easy way, I guess, but to make things a bit more difficult I was thinking of giving them links to bogus files on my server and make a htaccess redirect to the honeypot.

I know this works with "normal" visitors but will it also work for bots ?

So, main question is: Does a server side redirect (using htaccess) work for bots too ???
 
 Re: Sharing Honey Pots
Author: V.Madsen   (27 Oct 06 7:40am)
If the redirect is server-side it should work fine with bots as well as humans.

If you want to test it manually, open a terminal (or DOS) window and run:

telnet www.hostname.com 80

and then type

GET /filename.php HTTP/1.1
Host: www.hostname.com

and finish by entering an empty line (just hit enter twice).

If you receive a lot of HTML-data back, you were most likely patched through to the honeypot page. (On the other hand, if you only receive a couple of lines back, including a "Location: http://something...", the redirect is client-side, and bots may or may not follow the link.)

Or send me the URL and I'll be happy to test. :-) My email-address can be composed using the following parts: com gmail vidarino

Vidar
 
 Re: Sharing Honey Pots
Author: A.Timmer   (27 Oct 06 6:42pm)
Thanks Vidar,

I typed:
GET /boguspage.php HTTP/1.1
Host: www.mydomain.nl

and received this back:

HTTP/1.1 301 Moved Permanently
Date: Fri, 27 Oct 2006 22:17:35 GMT
Server: Apache/2.0.59 (Unix) mod_perl/1.99_17-dev Perl/v5.8.5 mod_ssl/2.0.59 OpenSSL/0.9.7a PHP/4.4.4 FrontPage/5.0.2.2634
Location: http://www.mydomain.nl/myhoneypot.html
Content-Length: 412
Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head><title>301 Moved Permanently</title>
</head><body><h1>Moved Permanently</h1>
<p>The document has moved<a href="http://www.mydomain.nl/myhoneypot.html">here</a>.</p>
<hr><address>Apache/2.0.59 (Unix) mod_perl/1.99_17-dev Perl/v5.8.5 mod_ssl/2.0.59 OpenSSL/0.9.7a P
HP/4.4.4 FrontPage/5.0.2.2634 Server at www.mydomain.nl Port 80</address>
</body></html>

NOTE the location says "myhoneypot.html" because I'm using an html file for testing instead of the real honeypot php file !

The location is the correct location used as a redirect in my .htaccess file :

Redirect permanent /boguspage.php http://www.mydomain.nl/myhoneypot.html

Now does this mean it works for bots?

I know it works if I test it in my browser. I get redirected to the honeypot.html file just fine.
 
 Re: Sharing Honey Pots
Author: V.Madsen   (28 Oct 06 6:21am)
It may or may not work, but my bet is that it will. I think most bots would note the redirection URL and follow it, but some stupid ones might not. However, the HTML itself contains a "proper" link to the honeypot-page and if the bots miss that, too, they're really dumb. ;-)

Hmm, it would actually be interesting to try to fingerprint the different bots by monitoring their behaviour in cases like these, actually, combined with, say, their reported User-Agent, referrer, etc.

Vidar



You may browse the discussion topics, but you must sign in to post. If you do not have an account, you can create one for free.

do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–24, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email