Jump to content

Webserver Logging, ErrorReporting & HoneyPot Fun

Werezwolf

By Werezwolf
in Miscellaneous

 Share

Recommended Posts

Werezwolf Newbie

Werezwolf

Posted
Posted

This is basically a Show off your Logging, Error Reporting and/or Honeypot scripts for Web servers.

 

Summary

This is a php version that includes various features including randomized fake error reporting to the client and detailed logging (that is part of an ongoing project and is inspired by a few online resources).

 

Useful for slowing down scanners, and generally seeing what happens to your server while your away.

 

You will probably will need to change example.com to something.

 

./global.php

<?php
  if(!session_id()){session_start();}
   $_SERVER['logdate'] = date('Dd_M_Y');

    Function TarPit() {
    /* Send to Tarpit */
        $responce = array(204,300,301,302,303,304,404,406,409,410,418,500);
        $array_select = array_rand($responce,1);
        http_response_code($responce[$array_select]);
        Exit(Require_once './custerr/en.php');
    }

    Function Logging($state,$name,$message,$script){
    //Int,String,String,Bool
    if(isset($_SERVER['HTTP_USER_AGENT'])){$_SERVER['HTTP_USER_AGENT'] = 'UserAgent Not Set';}
    //Logging Method
        $logstr = "=========================================================\r\n";
    //Other,Success, Failed, Error
    If($state = 0){$logstr .=  $name  . "\r\n";}//Other
    elseif($state = 1){$logstr .= 'Success: '. $name  . "\r\n";}//Success
    elseif($state = 2){$logstr .= 'Failed: '. $name  . "\r\n";}//Failed
    elseif($state = 3){$logstr .= 'Error: '. $name  . "\r\n";}//Error
        $logstr .= "=========================================================\r\n";
        $logstr .= $_SERVER['REQUEST_TIME_FLOAT'] . "\r\n";
        $logstr .= $_SERVER['date']  . "\r\n";
        $logstr .= $_SERVER['HTTP_USER_AGENT']  . "\r\n";
        
        if(isset($username)){
        $logstr .= "---- User Authenticating ---- \r\n";
        $logstr .= $_SERVER['REMOTE_ADDR'] . ' - ' . $username .": Attempted Login result \r\n";}
        
        elseif(isset($_SESSION['username'])){
        $logstr .= "---- User Authenticated ---- \r\n";
        $logstr .= $_SERVER['REMOTE_ADDR'] . ' - ' . $_SESSION['username']. "\r\n";}
        else{$logstr .= $_SERVER['REMOTE_ADDR'] . "\r\n";}
        
        if($script !== 0){
            $logstr .= "---- Powershell ---- \r\n";
            $logstr .= 'powershell.exe -ExecutionPolicy ByPass -command "' . $psScriptPath . '" < NUL  -rand "' . $rand . '" < NUL -base64_username "' . $base64_username . '" < NUL -base64_password "' . $base64_password . '" < NUL'."\r\n";}
            
        if(!empty($GLOBALS['php_errormsg'])){
        $logstr .= "---- php_errormsg ---- \r\n";
        $logstr .= $GLOBALS['php_errormsg']."\r\n";}
        
        if(!isset($message)){
        $logstr .= "---- Additional Information ----\r\n";
        $logstr .= $message."\r\n";}
        
        $logstr .= "---- Session ----\r\n";
        foreach ($_SESSION as $key => $value) {
            if(is_array($_SESSION[$key])){
            foreach ($_SESSION[$key] as $key2 => $value2) {
                $logstr .= '$_SESSION['.$key.']['.$key2.'] = '.print_r($_SESSION[$key][$key2],true)."\r\n";}
            }else{$logstr .= '$_SESSION[\'' . $key . '\'] = ' . $value ."\r\n";}
        }
        
        $logstr .= "\r\n";
        // '../Logging/'.$_SERVER['logdate'].'.txt' should preferably be outside the website root or protected by .htaccess or cmod
        file_put_contents('../Logging/'.$_SERVER['logdate'].'.txt', $logstr, FILE_APPEND | LOCK_EX);
        RETURN $logstr;
    }
    
    Function ErrorHandle($message,$tarpit){
        //Critical Error
        //EXIT(ErrorHandle(Logging($state,$name,$message,$script),$tarpit)); Is Suggested
        //String, bool, Int
        //Report to Administration
        $headers = "From: webmaster@example.com \r\n" .
        "Reply-To: webmaster@example.com \r\n" .
        "X-Mailer: PHP/" . phpversion();
        
        mail('webmaster@example.com', "Error Handle" . $message, $headers);
        $_SESSION['MSG'] = NULL;
        if($tarpit == 1){exit(TarPit());}
        else{exit(/*Destroy Session Data maybe*/);}
    }
?>

./custerr/en.php

<?php
    $http_response_code = array(204,300,301,302,303,304,404,406,409,410,418,500);
    $http_response_name = array('No Content','Multiple Choices','Moved Permanently','Found','See Other','Not Modified','Not Found','Not Acceptable','Conflict','Gone','I am a Teapot','Internal Server Error');
    $http_response_discription = array('','Just letting you know this is actually a questionnaire?','Moved permanently somewhere else. Definitely not here although','Don\'t Panic! The monkeys have found it','Go see the other guy.','This page is Definitely not modified in anyway.',' The requested URL ' . $_SERVER['REQUEST_URI'] . ' was not found by the monkeys on this server.','This is Unacceptable','Just couldn\'t decide on what to give you','It\'s Gone. Just Gone?','I am a Teapot','Internal Server Error');

    $key = array_search(http_response_code(),$http_response_code);

    Print('<!DOCTYPE html>
    <html><head>
    <title>' . http_response_code() .' '. $http_response_name[$key] .'</title>
    <h1>' . http_response_code() .' '. $http_response_name[$key] .'</h1>
    <p>' . $http_response_discription[$key] . '</p>
    </body></html>');
?>

./Test.php

<?php
  require_once 'global.php';
  $serverarray = array($_SERVER['SERVER_ADDR'],'example.com');
   if(!array_search($_SERVER['SERVER_NAME'],$serverarray)){EXIT(ErrorHandle(Logging(0,'Other Server Request','Requested Server'.$_SERVER['SERVER_NAME'],0),1));}
?>
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.