Search the Community

This is basically a Show off your Logging, Error Reporting and/or Honeypot scripts for Web servers. Summary This is a php version that includes various features including randomized fake error reporting to the client and detailed logging (that is part of an ongoing project and is inspired by a few online resources). Useful for slowing down scanners, and generally seeing what happens to your server while your away. You will probably will need to change example.com to something. ./global.php <?php if(!session_id()){session_start();} $_SERVER['logdate'] = date('Dd_M_Y'); Function TarPit() { /* Send to Tarpit */ $responce = array(204,300,301,302,303,304,404,406,409,410,418,500); $array_select = array_rand($responce,1); http_response_code($responce[$array_select]); Exit(Require_once './custerr/en.php'); } Function Logging($state,$name,$message,$script){ //Int,String,String,Bool if(isset($_SERVER['HTTP_USER_AGENT'])){$_SERVER['HTTP_USER_AGENT'] = 'UserAgent Not Set';} //Logging Method $logstr = "=========================================================\r\n"; //Other,Success, Failed, Error If($state = 0){$logstr .= $name . "\r\n";}//Other elseif($state = 1){$logstr .= 'Success: '. $name . "\r\n";}//Success elseif($state = 2){$logstr .= 'Failed: '. $name . "\r\n";}//Failed elseif($state = 3){$logstr .= 'Error: '. $name . "\r\n";}//Error $logstr .= "=========================================================\r\n"; $logstr .= $_SERVER['REQUEST_TIME_FLOAT'] . "\r\n"; $logstr .= $_SERVER['date'] . "\r\n"; $logstr .= $_SERVER['HTTP_USER_AGENT'] . "\r\n"; if(isset($username)){ $logstr .= "---- User Authenticating ---- \r\n"; $logstr .= $_SERVER['REMOTE_ADDR'] . ' - ' . $username .": Attempted Login result \r\n";} elseif(isset($_SESSION['username'])){ $logstr .= "---- User Authenticated ---- \r\n"; $logstr .= $_SERVER['REMOTE_ADDR'] . ' - ' . $_SESSION['username']. "\r\n";} else{$logstr .= $_SERVER['REMOTE_ADDR'] . "\r\n";} if($script !== 0){ $logstr .= "---- Powershell ---- \r\n"; $logstr .= 'powershell.exe -ExecutionPolicy ByPass -command "' . $psScriptPath . '" < NUL -rand "' . $rand . '" < NUL -base64_username "' . $base64_username . '" < NUL -base64_password "' . $base64_password . '" < NUL'."\r\n";} if(!empty($GLOBALS['php_errormsg'])){ $logstr .= "---- php_errormsg ---- \r\n"; $logstr .= $GLOBALS['php_errormsg']."\r\n";} if(!isset($message)){ $logstr .= "---- Additional Information ----\r\n"; $logstr .= $message."\r\n";} $logstr .= "---- Session ----\r\n"; foreach ($_SESSION as $key => $value) { if(is_array($_SESSION[$key])){ foreach ($_SESSION[$key] as $key2 => $value2) { $logstr .= '$_SESSION['.$key.']['.$key2.'] = '.print_r($_SESSION[$key][$key2],true)."\r\n";} }else{$logstr .= '$_SESSION[\'' . $key . '\'] = ' . $value ."\r\n";} } $logstr .= "\r\n"; // '../Logging/'.$_SERVER['logdate'].'.txt' should preferably be outside the website root or protected by .htaccess or cmod file_put_contents('../Logging/'.$_SERVER['logdate'].'.txt', $logstr, FILE_APPEND | LOCK_EX); RETURN $logstr; } Function ErrorHandle($message,$tarpit){ //Critical Error //EXIT(ErrorHandle(Logging($state,$name,$message,$script),$tarpit)); Is Suggested //String, bool, Int //Report to Administration $headers = "From: webmaster@example.com \r\n" . "Reply-To: webmaster@example.com \r\n" . "X-Mailer: PHP/" . phpversion(); mail('webmaster@example.com', "Error Handle" . $message, $headers); $_SESSION['MSG'] = NULL; if($tarpit == 1){exit(TarPit());} else{exit(/*Destroy Session Data maybe*/);} } ?> ./custerr/en.php <?php $http_response_code = array(204,300,301,302,303,304,404,406,409,410,418,500); $http_response_name = array('No Content','Multiple Choices','Moved Permanently','Found','See Other','Not Modified','Not Found','Not Acceptable','Conflict','Gone','I am a Teapot','Internal Server Error'); $http_response_discription = array('','Just letting you know this is actually a questionnaire?','Moved permanently somewhere else. Definitely not here although','Don\'t Panic! The monkeys have found it','Go see the other guy.','This page is Definitely not modified in anyway.',' The requested URL ' . $_SERVER['REQUEST_URI'] . ' was not found by the monkeys on this server.','This is Unacceptable','Just couldn\'t decide on what to give you','It\'s Gone. Just Gone?','I am a Teapot','Internal Server Error'); $key = array_search(http_response_code(),$http_response_code); Print('<!DOCTYPE html> <html><head> <title>' . http_response_code() .' '. $http_response_name[$key] .'</title> <h1>' . http_response_code() .' '. $http_response_name[$key] .'</h1> <p>' . $http_response_discription[$key] . '</p> </body></html>'); ?> ./Test.php <?php require_once 'global.php'; $serverarray = array($_SERVER['SERVER_ADDR'],'example.com'); if(!array_search($_SERVER['SERVER_NAME'],$serverarray)){EXIT(ErrorHandle(Logging(0,'Other Server Request','Requested Server'.$_SERVER['SERVER_NAME'],0),1));} ?>