Werezwolf Posted February 11, 2015 Share Posted February 11, 2015 This is basically a Show off your Logging, Error Reporting and/or Honeypot scripts for Web servers. Summary This is a php version that includes various features including randomized fake error reporting to the client and detailed logging (that is part of an ongoing project and is inspired by a few online resources). Useful for slowing down scanners, and generally seeing what happens to your server while your away. You will probably will need to change example.com to something. ./global.php <?php if(!session_id()){session_start();} $_SERVER['logdate'] = date('Dd_M_Y'); Function TarPit() { /* Send to Tarpit */ $responce = array(204,300,301,302,303,304,404,406,409,410,418,500); $array_select = array_rand($responce,1); http_response_code($responce[$array_select]); Exit(Require_once './custerr/en.php'); } Function Logging($state,$name,$message,$script){ //Int,String,String,Bool if(isset($_SERVER['HTTP_USER_AGENT'])){$_SERVER['HTTP_USER_AGENT'] = 'UserAgent Not Set';} //Logging Method $logstr = "=========================================================\r\n"; //Other,Success, Failed, Error If($state = 0){$logstr .= $name . "\r\n";}//Other elseif($state = 1){$logstr .= 'Success: '. $name . "\r\n";}//Success elseif($state = 2){$logstr .= 'Failed: '. $name . "\r\n";}//Failed elseif($state = 3){$logstr .= 'Error: '. $name . "\r\n";}//Error $logstr .= "=========================================================\r\n"; $logstr .= $_SERVER['REQUEST_TIME_FLOAT'] . "\r\n"; $logstr .= $_SERVER['date'] . "\r\n"; $logstr .= $_SERVER['HTTP_USER_AGENT'] . "\r\n"; if(isset($username)){ $logstr .= "---- User Authenticating ---- \r\n"; $logstr .= $_SERVER['REMOTE_ADDR'] . ' - ' . $username .": Attempted Login result \r\n";} elseif(isset($_SESSION['username'])){ $logstr .= "---- User Authenticated ---- \r\n"; $logstr .= $_SERVER['REMOTE_ADDR'] . ' - ' . $_SESSION['username']. "\r\n";} else{$logstr .= $_SERVER['REMOTE_ADDR'] . "\r\n";} if($script !== 0){ $logstr .= "---- Powershell ---- \r\n"; $logstr .= 'powershell.exe -ExecutionPolicy ByPass -command "' . $psScriptPath . '" < NUL -rand "' . $rand . '" < NUL -base64_username "' . $base64_username . '" < NUL -base64_password "' . $base64_password . '" < NUL'."\r\n";} if(!empty($GLOBALS['php_errormsg'])){ $logstr .= "---- php_errormsg ---- \r\n"; $logstr .= $GLOBALS['php_errormsg']."\r\n";} if(!isset($message)){ $logstr .= "---- Additional Information ----\r\n"; $logstr .= $message."\r\n";} $logstr .= "---- Session ----\r\n"; foreach ($_SESSION as $key => $value) { if(is_array($_SESSION[$key])){ foreach ($_SESSION[$key] as $key2 => $value2) { $logstr .= '$_SESSION['.$key.']['.$key2.'] = '.print_r($_SESSION[$key][$key2],true)."\r\n";} }else{$logstr .= '$_SESSION[\'' . $key . '\'] = ' . $value ."\r\n";} } $logstr .= "\r\n"; // '../Logging/'.$_SERVER['logdate'].'.txt' should preferably be outside the website root or protected by .htaccess or cmod file_put_contents('../Logging/'.$_SERVER['logdate'].'.txt', $logstr, FILE_APPEND | LOCK_EX); RETURN $logstr; } Function ErrorHandle($message,$tarpit){ //Critical Error //EXIT(ErrorHandle(Logging($state,$name,$message,$script),$tarpit)); Is Suggested //String, bool, Int //Report to Administration $headers = "From: webmaster@example.com \r\n" . "Reply-To: webmaster@example.com \r\n" . "X-Mailer: PHP/" . phpversion(); mail('webmaster@example.com', "Error Handle" . $message, $headers); $_SESSION['MSG'] = NULL; if($tarpit == 1){exit(TarPit());} else{exit(/*Destroy Session Data maybe*/);} } ?> ./custerr/en.php <?php $http_response_code = array(204,300,301,302,303,304,404,406,409,410,418,500); $http_response_name = array('No Content','Multiple Choices','Moved Permanently','Found','See Other','Not Modified','Not Found','Not Acceptable','Conflict','Gone','I am a Teapot','Internal Server Error'); $http_response_discription = array('','Just letting you know this is actually a questionnaire?','Moved permanently somewhere else. Definitely not here although','Don\'t Panic! The monkeys have found it','Go see the other guy.','This page is Definitely not modified in anyway.',' The requested URL ' . $_SERVER['REQUEST_URI'] . ' was not found by the monkeys on this server.','This is Unacceptable','Just couldn\'t decide on what to give you','It\'s Gone. Just Gone?','I am a Teapot','Internal Server Error'); $key = array_search(http_response_code(),$http_response_code); Print('<!DOCTYPE html> <html><head> <title>' . http_response_code() .' '. $http_response_name[$key] .'</title> <h1>' . http_response_code() .' '. $http_response_name[$key] .'</h1> <p>' . $http_response_discription[$key] . '</p> </body></html>'); ?> ./Test.php <?php require_once 'global.php'; $serverarray = array($_SERVER['SERVER_ADDR'],'example.com'); if(!array_search($_SERVER['SERVER_NAME'],$serverarray)){EXIT(ErrorHandle(Logging(0,'Other Server Request','Requested Server'.$_SERVER['SERVER_NAME'],0),1));} ?> Quote Link to comment https://forums.phpfreaks.com/topic/294522-webserver-logging-errorreporting-honeypot-fun/ Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.