SlideShare une entreprise Scribd logo

Protect you site with Honeypots

🏁 Pierre-Henry Soria 💡
🏁 Pierre-Henry Soria 💡

This article helps to protect easily your website with honeypots and track/spy the hackers and will help you better how you can protect your website better. Resources: - https://github.com/pH-7/ - https://github.com/pH-7/Honeypots - http://ph7.me P.S. I wrote this article several years ago when my English was really bad. Sorry about that!

Ingénierie
1  sur  9
Télécharger pour lire hors ligne
NETWORK SECURITY Page 22 http://pentestmag.comEXTRA 06/2012(10) I n general, when a hacker trying to break into a website, he will try to bypass the security of the administration functionality by exploiting a secu- rity breach (SQL injection, ...), or using a bot that will try all possible combinations to login and ac- cess and do whatever he wants. One technique of protection is to change the name and location of the folder for administration, this complicates the break in by making it more dif- ficult for the hacker to find the page. Instead of having a folder named “admin”, “ad- ministration” or “admin.php”, you can give it a name difficult to find, but that does not stop the hackers to adapt a strategy to discover the name of the folder. Then, while keeping the true administration fold- er hidden, we will simulate a fake of administration page that will attract hackers by the easy prey so that will not only be wasting valuable time trying to connect instead of seeking the real administration page, but also allow us to analyze the ways they use to exploit potential vulnerabilities in the web- site. You guessed it; in this tutorial I will show you how to create a fake administrative part which will serve as a honeypot. To do this, rename the real administration folder of your site by a name hard to guess but easy to remember (e.g. /my-real-secret-admin-folder/). Then create the fake administrative part in a fold- er under the name “admin” with an index.php file which will require the identifier of the administrator. Here we will record the steps hackers try to get in the administration of your site (Listing 1). Remember that the design of this fake adminis- tration interface should look similar to your site so that the attacker does not doubt that this is a real login page. We now retrieve the information sent by the login form and store them in a log file or send them by email, thus you will be immediately notified when someone try to connect. You can also add a tracking code to get more analytical information (from the country, city, time left on the page, etc.) on people who are trying to connect to the fake admin CP. Finally, I set the sleep function which allows the script to sleep for a few seconds in order to se- cure against brute force attacks caused by pos- sible bots, but also to annoy the hacker. And now the “Sniffer” PHP class (Listing 2) which will allow to recover most of the actions of the at- tacker, and add the possibility of automatically banning the hackers and bots who try to log into the administrative part (because these visitors of- ten bring nothing positive to your site). Protect you site with the Honeypots In all interactive websites, there is a part called "sensitive" such as administrative part which allows for control of almost the entire site. In this article, we'll learn how to create a honeypot, more precisely a fake administration panel that allows you to learn how the hacker is doing to exploit vulnerabilities in your site, but also discourage/stop the continuation of the act of piracy, like the principle of honey pot.
Page 23 http://pentestmag.comEXTRA 06/2012(10) Listing 1. Index.php file which will serve as a fake login page <?php /** * This page is a fake admin login page of site. * Your real login page it just another URL (e.g. http://your-site.com/_ my-secret-admin-page/). */ require '../../_inc/Sniff.class.php'; // Include the class. $bErr = false; // Initialize the error variable. if(isset($_POST['usr'], $_POST['pwd'])) { sleep(6); // Security against brute-force attack and this will irritate the hacker... $bErr = true; // Display an error message indicating that the login is incorrect. new Sniff($_POST['usr'], $_POST['pwd']); // // Class declaration with initialization values connection. } /** * Checks if the IP address is banned. */ if(Sniff::isIpBlock()) { /** * Redirect to the index page. * Instead, you can display a message indicating that the user has been banned or another redirection. */ header('Location: ../'); exit; } ?> <!DOCTYPE html> <html> <head> <title>Honeypot | Standalone example</ title> <link rel="stylesheet" href="./../static/ css/general.css" /> <!-- Your Analytics Code here (e.g. Google Analytics: http://www.google. com/analytics/, Piwik: http:// piwik.org) --> </head> <body> <div id="container"> <header> <h1>Honeypot Example</h1> </header> <h2 class="blue">Admin Panel</h2> <form class="center" action="index. php" method="post"> <fieldset> <legend>Login</legend> <label for="usr">Username:</label> <input type="text" name="usr" id="usr" value="admin" onfocus="if('admin' == this. value) this.value='';" onblur="if('' == this. value) this.value = 'admin';" required="required" /> <label for="pwd">Password:</label> <input type="password" name="pwd" id="pwd" required="required" /> <div class="center"><button type="submit" name="submit">Login</button></ div> </fieldset> </form> <footer> <p>By <strong><a href="http:// ph-7.github.com">pH7</a></ strong> &copy; 2012.</p> </footer> </div> </body> </html>
NETWORK SECURITY Page 24 http://pentestmag.comEXTRA 06/2012(10) Listing 2a. The class that is used to analyze and store the behavior of hacker <?php class Sniff { /** * Your informations here. */ // TRUE = enable sending email to each someone tries to connect to admin login. const EMAIL_REPORT = true; // Email address where reports will be sent emails if Sniff::EMAIL_REPORT is TRUE. const EMAIL_ADDRESS = 'you@your-domain.com'; /** * Settings of application. */ // TRUE = Automatically banned all those who attempt to log into the admin. const AUTO_IP_BLOCK = false; // Path where will be stored log files. const LOG_PATH = '../../_data/logs/ attackers/'; // Path from the list of IP addresses that are banned from the site. const BAN_IP_FULL_PATH = '../../_data/bans/ ip.txt'; private $_sUsername, $_sPassword, $_sIp, $_ sContents; /** * * @param string $sUsername The Username of the Admin Login. */ public function __construct($sUsername, $sPassword) { // Initializes login variables. $this->_sUsername = $sUsername; $this->_sPassword = $sPassword; // Creates the log message and adds it to the list of logs. $this->setLogMsg()->writeFile(); // Sends the email report. if(self::EMAIL_REPORT) $this- >sendMessage(); // Blocks IP address. if(self::AUTO_IP_BLOCK) $this- >blockIp(); } /** * Check if the IP address is banned. * * @return boolean Returns true if the ip is banned, otherwise returns false. */ public static function isIpBlock() { if(is_file(self::BAN_IP_FULL_PATH)) { $aIpBans = file(self::BAN_IP_FULL_ PATH); foreach($aIpBans as $sIp) { $sIp = trim($sIp); if(0 == strcmp(self::getIp(), $sIp)) return true; } } return false; } /** * Return the IP address of a client. * * @return string */ public static function getIp() { if (!empty($_SERVER['HTTP_X_FORWARDED_ FOR'])) { $sIp = $_SERVER['HTTP_X_FORWARDED_ FOR'];
Page 25 http://pentestmag.comEXTRA 06/2012(10) Listing 2b. The class that is used to analyze and store the behavior of hacker } elseif (!empty($_SERVER['HTTP_CLIENT_ IP'])) { } else { $sIp = $_SERVER['REMOTE_ADDR']; } return preg_match('/^[a-z0-9:.]{7,}$/', $sIp) ? $sIp : '0.0.0.0'; } /** * Build the log message. * * @return this object */ protected function setLogMsg() { $sReferer = (!empty($_SERVER['HTTP_ REFERER'])) ? $_SERVER['HTTP_ REFERER'] : 'NO HTTP REFERER'; $sAgent = (!empty($_SERVER['HTTP_USER_ AGENT'])) ? $_SERVER['HTTP_ USER_AGENT'] : 'NO USER AGENT'; $sQuery = (!empty($_SERVER['QUERY_ STRING'])) ? $_SERVER['QUERY_ STRING'] : 'NO QUERY STRING'; $this->_sIp = self::getIp(); $this->_sContents = 'Date: ' . date('Y/m/d') . "n" . 'IP: ' . $this->_sIp . "n" . 'QUERY: ' . $sQuery . "n" . 'Agent: ' . $sAgent . "n" . 'Referer: ' . $sReferer . "n" . 'LOGIN - Username: ' . $this->_sUsername . ' - Password: ' . $this->_ sPassword . "nnn"; return $this; } /** * Write a log file with the hacher informations. * * @return this object */ protected function writeFile() { $sFileName = $this->_sIp . '.log'; $sFullPath = self::LOG_PATH . $sFileName; file_put_contents($sFullPath, $this->_ sContents, FILE_APPEND); return $this; } /** * * @return this object */ protected function blockIp() { $sContent = $this->_sIp . "n"; file_put_contents(self::BAN_IP_FULL_PATH, $sContent, FILE_APPEND); return $this; } /** * Send an email. * * @return this object */ protected function sendMessage() { $sHeaders = "From: "{$_SERVER['HTTP_ HOST']}" <{$_SERVER['SERVER_ ADMIN']}>rn"; mail(self::EMAIL_ADDRESS, 'Reporting of the Fake Admin Honeypot', $this->_sContents, $sHeaders); return $this; } }
NETWORK SECURITY Page 26 http://pentestmag.comEXTRA 06/2012(10) Listing 3. File used to manage the router correct login page <?php define('IS_INDEX', 1); session_start(); if (strcmp(@$_SESSION['joomla_admin_sess'], 'YOUR_SECRET_WORD') != 0) { require '_honeypot_index.inc.php'; // The fake admin interface. } else { require '_joomla_index.inc.php'; // OK, the URL from where the person is the URL custom administration. } ?> Listing 4a. Fake login admin page <?php /** * Architecture and design reproduced of Joomla version 2.5.6 defined('IS_INDEX') or die; // Security check session_start(); /** * Generate a random token name field of the login form. */ if(empty($_SESSION['login_token'])) $_SESSION['login_token'] = md5(uniqid(mt_ rand(), true)); /** * Gets the root URL. * It is useful to get the URL to reproduce exactly the same source code as the original Joomla administration. * * @return string */ function get_url() { // URL Association for SSL and Protocol Compatibility $sHttp = (!empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS'] == 'on')) ? 'https://' : 'http://'; return $sHttp . $_SERVER['HTTP_HOST'] . dir name(dirname(htmlspecialchars ($_SERVER['PHP_SELF']))); } /** * Gets the root relative URL. * It is useful to get the URL relative to reproduce exactly the same source code as the original Joomla administration. * * @return string */ function get_relative_url() { return dirname(dirname(htmlspecialchars($_ SERVER['PHP_SELF']))); } /** * This page is a fake admin login page of site. * Your real login page it just another URL (e.g. http://your-site.com/_ my-secret-admin-page/). */ require '../../_inc/Sniff.class.php'; $bErr = false; // Default value if(isset($_POST['username'], $_POST['passwd'])) { sleep(6); // Security against brute-force attack and this will irritate the hacker... $bErr = true; } /** * Check if the IP address is banned. */ if(Sniff::isIpBlock()) { header('Location: ../'); // Go to index.
Page 27 http://pentestmag.comEXTRA 06/2012(10) Listing 4b. Fake login admin page exit; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www. w3.org/TR/xhtml1/DTD/xhtml1- transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir="ltr" > <head> <meta http-equiv="content-type" content="text/ html; charset=utf-8" /> <meta name="generator" content="Joomla! - Open Source Content Management" /> <title>Honeypot Joomla Example - Administration</title> <link href="<?php echo get_relative_ url() ?>/administrator/ templates/bluestork/favicon. ico" rel="shortcut icon" type="image/vnd.microsoft.icon" /> <link rel="stylesheet" href="templates/system/ css/system.css" type="text/ css" /> <link rel="stylesheet" href="templates/ bluestork/css/template.css" type="text/css" /> <style type="text/css"> html { display:none } </style> <script src="<?php echo get_relative_url() ?>/ media/system/js/mootools-core. js" type="text/javascript"></ script> <script src="<?php echo get_relative_url() ?>/media/system/js/core.js" type="text/javascript"></ script> <script type="text/javascript"> function keepAlive() { var myAjax = new Request({method: "get", url: "index.php"}).send();} window. addEvent("domready", function() { keepAlive.periodical(840000); }); window.addEvent('domready', function () {if (top == self) {document. documentElement.style.display = 'block'; } else {top.location = self.location; }}); </script> <!--[if IE 7]> <link href="templates/bluestork/css/ie7.css" rel="stylesheet" type="text/ css" /> <![endif]--> <script type="text/javascript"> window.addEvent('domready', function () { document.getElementById('form-login'). username.select(); document.getElementById('form-login'). username.focus(); }); </script> </head> <body> <div id="border-top" class="h_blue"> </div> <div id="content-box"> <div id="element-box" class="login"> <div class="m wbg"> <h1>Joomla! Administration Login</h1> <div id="system-message-container"> </div> <div id="section- box"> <div class="m"> <form action="<?php echo get_relative_url() ?>/ administrator/index.php" method="post" id="form-login"> <fieldset class="loginform"> <label id="mod-login- username-lbl" for="mod-login- username">User Name</label> <input name="username" id="mod- login-username" type="text" class="inputbox" size="15" />
NETWORK SECURITY Page 28 http://pentestmag.comEXTRA 06/2012(10) Listing 4c. Fake login admin page <label id="mod-login- password-lbl" for="mod-login- password">Password</label> <input name="passwd" id="mod- login-password" type="password" class="inputbox" size="15" /> <label id="mod-login-language- lbl" for="lang">Language</ label> <select id="lang" name="lang" class="inputbox"> <option value="" selected="selected">Default</ option> <option value="en-GB">English (United Kingdom)</option> </select> <div class="button-holder"> <div class="button1"> <div class="next"> <a href="#" onclick="document. getElementById('form-login'). submit();"> Log in</a> </div> </div> </div> <div class="clr"></div> <input type="submit" class="hidebtn" value="Log in" /> <input type="hidden" name="option" value="com_login" /> <input type="hidden" name="task" value="login" /> <input type="hidden" name="return" value="aW5kZXgucGhw" /> <input type="hidden" name="<?php echo $_SESSION['login_token'] ?>" value="1" /> </fieldset> </form> <div class="clr"></div> </div> </div> <p>Use a valid username and password to gain access to the administrator backend.</p> <div id="lock"></div> </div> </div> <noscript> Warning! JavaScript must be enabled for proper operation of the Administrator backend. </noscript> </div> <div id="footer"> <p class="copyright"> <a href="http://www.joomla. org">Joomla!&#174;</a> is free software released under the <a href="http://www.gnu.org/ licenses/gpl-2.0.html">GNU General Public License</a>. </p> </div> </body> </html> Listing 5. File that initializes the session to the login page Joomla <?php define('IS_INDEX', 1); session_start(); $_SESSION['joomla_admin_sess'] = 'YOUR_SECRET_ WORD'; // Joomla Login is OK header('Location: ../administrator/'); ?>
Page 29 http://pentestmag.comEXTRA 06/2012(10) In this class, we create five constants. The first two concerns the report email, the fol- lowing is the activation of the automatic ban an IP address, then the last two are the paths of the log file and the file list of IP addresses banned from the site. Then we create the constructor that initializes the variables entered login via the admin interface. After we initialize and write the log message with the setLogMsg() and writeFile() methods, then we send an email with using the sendMessage() meth- od if the constant EMAIL_REPORT is TRUE and we ban the IP address of spammer using the blockIp() method if the constant AUTO_IP_BLOCK is TRUE. For more information about this class, see the URL of the source code for this article in the links section. Use the honeypot fake admin in a CMS This technique is perfectly usable in a CMS (even recommended). Indeed, the CMS are generally more at risk of this kind of attack, because the per- son who wants to hack your site will first scrutinize the source code of the script question in order to know its architecture and the distribution of files as well as any piece of code that contains a security vulnerability that could be exploited. In this example, we will use the famous CMS Joomla 2.5, but it should be easy to adapt the code to another CMS. Joomla, we will use a slightly different technique, because Joomla does not allow it renames the folder “administrator”, so we'll leave everything in that folder. We will rename the file “index.php” from the folder “_joomla_index.inc.php” and add the code defined('IS_INDEX') or die; at the beginning of the file, just after the <?php, this, line is used to pre- vent a person from access without going through the routing file access that we will create later. Thus, only those who know the secret folder admin will have a session variable that will have access to the original login page, others get a fake login page. Always in the same folder, create a file “_hon- eypot_index.inc.php” with the content of Listing 4. It is the fake login page including class listening, etc. Finally, create the real administration folder on the name of your choice, but difficult to guess and to create an index.php file containing the code in Listing 5. Keep in mind that in general you rename the real name of the administration folder so that it is diffi- cult to guess and to create an erroneous adminis- trative section with the name of the former (e.g. / admin/) and then modify a variable or a constant that is the way of the administrative part (usually it is in the configuration file of your site). The previous example is different because Joom- la does not allow that the folder "administrator" be renamed under a different name. Different techniques of honeypots In this tutorial, we use the honeypot to fool hackers or spammers (robots, etc.) that tried to misuse the login page of the administrative part, but in reality this is a trap. But this technique of honeypots can be used for other things. For example, to create a fake captcha that will be invisible to the naked eye to users, but visible to spam bots. It would also be interesting to examine the behavior and the technique used by the bot, for example improving our true captcha to make it more effective. We can also banish these robots by its IP ad- dress in the same way that we did in "Sniff" class. Another example is email spam (also known as e-mail trap or spamtrap) which is used to receive spam. This technique is often considered a spam honeypot. Figure 1. Honeypot standalone example
NETWORK SECURITY Page 30 http://pentestmag.comEXTRA 06/2012(10) A project under the name Project Honey Pot also been created to fight against spam and collect all email addresses for spam or other similar purpos- es, such as bulk mail and email fraud. These examples are far from complete, as the technique of honeypots is very broad and is not only meant for the Web. The honeypot are also often used in Internet net- works. For more information, I added a Wikipedia article in the links section. Categories of honeypot Before concluding this article, I suggest you to dis- cover broadly two types of honeypots. Low-interaction honeypots It is easier to implement and more secure family honeypots. Their goal is to collect as much information while providing minimum privileges to attackers to mini- mize security risks. High-interaction honeypots They can be considered as the extreme side, be- cause they are based on the principle of access to real interactions and functions of the department. The risks are much greater than for the low inter- action honeypots. It therefore appears necessary to secure maximum service architecture for the at- tacker cannot kick back and take in and access to other features and services with which they are not intended. In this tutorial, we learned how to create a low- interaction honeypot, which is generally recom- mended. Conclusion This technique allows a better understanding of the intentions and hacking attempts on your site. For example, now you will receive an email or a message in the log files whenever a person tries to connect, you can also see if the person uses the same user name or password, if such is the case, it means that someone else knows your log- in password; you must protect yourself by chang- ing your password. It also helps to lose precious time trying to hack anyone your site and thus reduce the risk of at- tempted hacking elsewhere (on your site or on an- other). You can block IP addresses malicious people to further reduce any risks of hacking your site, even though this is debatable, in fact you can easily change your IP address using proxy servers, many more operator provides a dynamic IP Internet (ad- dress that changes periodically). Finally, bots that try to use all possible combina- tions to access the site administration, will also be banned if you have enabled the protection of IP banning automatic. Pierre-Henry Soria Pierre-Henry Soria worked in web de- velopment for several years. He spe- cializes in accessibility, SEO and se- curity and possible techniques to avoid intrusions. It also works on parsers and lexical and syntac- tic analyzers in low-level languag- es. He can be contacted by email at: phenrysoria@gmail.com. Information on theWeb • http://github.com/pH-7/Honeypots – The entire source code discussed in this article. • http://github.com/pH-7/fake-admin-honeypot-V1.1 – A module that's fake administration panel that you can inspire the source code. • http://github.com/dmpayton/django-admin-honeypot – A fake Django admin CP login screen to notify admins of attempted unauthorized access. • http://sourceforge.net/projects/spamhole/ – The fake open SMTP relay in the fight against spam. • http://projecthoneypot.org – Project Honey Pot is a network IP address harvesting spam to fight against unwanted mail. • http://en.wikipedia.org/wiki/Honeypot_(computing) – Brief explanation of the operating principles of the honey- pot. • http://www.tracking-hackers.com/papers/honeypots.html – Old article, but still interesting on the definition and explanation of the honeypot. • http://old.honeynet.org/papers/gen2/ – Article also very interesting on Honeynets. • http://www.symantec.com/connect/articles/honeypots-are-they-illegal – Interesting article that I suggest you read on legality of honeypots. Indeed, you must not abuse the way you use the honeypot and confidentiality of users on log files.

Recommandé

secure php
secure phpsecure php
secure phpRiyad Bin Zaman
 
H4x0rs gonna hack
H4x0rs gonna hackH4x0rs gonna hack
H4x0rs gonna hackXchym Hiệp
 
String.fromCharCode(60)script>alert("XSS")String.fromCharCode(60)/script>
String.fromCharCode(60)script>alert("XSS")String.fromCharCode(60)/script>String.fromCharCode(60)script>alert("XSS")String.fromCharCode(60)/script>
String.fromCharCode(60)script>alert("XSS")String.fromCharCode(60)/script>Muhammad Sohail
 
Index chrome
Index chromeIndex chrome
Index chromeHeverton Peres
 
Dr.Repi
Dr.Repi Dr.Repi
Dr.Repi Driton Haliti
 
General Principles of Web Security
General Principles of Web SecurityGeneral Principles of Web Security
General Principles of Web Securityjemond
 
Keep It Simple Security (Symfony cafe 28-01-2016)
Keep It Simple Security (Symfony cafe 28-01-2016)Keep It Simple Security (Symfony cafe 28-01-2016)
Keep It Simple Security (Symfony cafe 28-01-2016)Oleg Zinchenko
 
Rooted 2010 ppp
Rooted 2010 pppRooted 2010 ppp
Rooted 2010 pppnoc_313
 

Recommandé

secure php
secure phpsecure php
secure phpRiyad Bin Zaman
 
H4x0rs gonna hack
H4x0rs gonna hackH4x0rs gonna hack
H4x0rs gonna hackXchym Hiệp
 
String.fromCharCode(60)script>alert("XSS")String.fromCharCode(60)/script>
String.fromCharCode(60)script>alert("XSS")String.fromCharCode(60)/script>String.fromCharCode(60)script>alert("XSS")String.fromCharCode(60)/script>
String.fromCharCode(60)script>alert("XSS")String.fromCharCode(60)/script>Muhammad Sohail
 
Index chrome
Index chromeIndex chrome
Index chromeHeverton Peres
 
Dr.Repi
Dr.Repi Dr.Repi
Dr.Repi Driton Haliti
 
General Principles of Web Security
General Principles of Web SecurityGeneral Principles of Web Security
General Principles of Web Securityjemond
 
Keep It Simple Security (Symfony cafe 28-01-2016)
Keep It Simple Security (Symfony cafe 28-01-2016)Keep It Simple Security (Symfony cafe 28-01-2016)
Keep It Simple Security (Symfony cafe 28-01-2016)Oleg Zinchenko
 
Rooted 2010 ppp
Rooted 2010 pppRooted 2010 ppp
Rooted 2010 pppnoc_313
 
Inside a Digital Collection: Historic Clothing in Omeka
Inside a Digital Collection: Historic Clothing in OmekaInside a Digital Collection: Historic Clothing in Omeka
Inside a Digital Collection: Historic Clothing in OmekaArden Kirkland
 
OAuth 2 at Webvisions
OAuth 2 at WebvisionsOAuth 2 at Webvisions
OAuth 2 at WebvisionsAaron Parecki
 
Havij dork
Havij dorkHavij dork
Havij dorkiyusrusnadi
 
Supporting Debian machines for friends and family
Supporting Debian machines for friends and familySupporting Debian machines for friends and family
Supporting Debian machines for friends and familyFrancois Marier
 
Easy logins for Ruby web applications
Easy logins for Ruby web applicationsEasy logins for Ruby web applications
Easy logins for Ruby web applicationsFrancois Marier
 
php part 2
php part 2php part 2
php part 2Shagufta shaheen
 
Symfony: Your Next Microframework (SymfonyCon 2015)
Symfony: Your Next Microframework (SymfonyCon 2015)Symfony: Your Next Microframework (SymfonyCon 2015)
Symfony: Your Next Microframework (SymfonyCon 2015)Ryan Weaver
 
OWASP TOP 10 for PHP Programmers
OWASP TOP 10 for PHP ProgrammersOWASP TOP 10 for PHP Programmers
OWASP TOP 10 for PHP Programmersrjsmelo
 
SQL Injection in PHP
SQL Injection in PHPSQL Injection in PHP
SQL Injection in PHPDave Ross
 
OWASP Top 10 at International PHP Conference 2014 in Berlin
OWASP Top 10 at International PHP Conference 2014 in BerlinOWASP Top 10 at International PHP Conference 2014 in Berlin
OWASP Top 10 at International PHP Conference 2014 in BerlinTobias Zander
 
A bug bounty tale: Chrome, stylesheets, cookies, and AES
A bug bounty tale: Chrome, stylesheets, cookies, and AESA bug bounty tale: Chrome, stylesheets, cookies, and AES
A bug bounty tale: Chrome, stylesheets, cookies, and AEScgvwzq
 
PHP Backdoor: The rise of the vuln
PHP Backdoor: The rise of the vulnPHP Backdoor: The rise of the vuln
PHP Backdoor: The rise of the vulnSandro Zaccarini
 
Php web backdoor obfuscation
Php web backdoor obfuscationPhp web backdoor obfuscation
Php web backdoor obfuscationSandro Zaccarini
 
HTML5 Web Messaging
HTML5 Web MessagingHTML5 Web Messaging
HTML5 Web MessagingMike Taylor
 
Securing WordPress
Securing WordPressSecuring WordPress
Securing WordPressShawn Hooper
 
Launching Beeline with Firebase
Launching Beeline with FirebaseLaunching Beeline with Firebase
Launching Beeline with FirebaseChetan Padia
 
Rails 3 overview
Rails 3 overviewRails 3 overview
Rails 3 overviewYehuda Katz
 
Persona: a federated and privacy-protecting login system for the whole Web
Persona: a federated and privacy-protecting login system for the whole WebPersona: a federated and privacy-protecting login system for the whole Web
Persona: a federated and privacy-protecting login system for the whole WebFrancois Marier
 
Taking the pain out of signing users in
Taking the pain out of signing users inTaking the pain out of signing users in
Taking the pain out of signing users inFrancois Marier
 
Writing Secure Code for WordPress
Writing Secure Code for WordPressWriting Secure Code for WordPress
Writing Secure Code for WordPressShawn Hooper
 
Web Security
Web SecurityWeb Security
Web SecurityRene Churchill
 
Php login system with admin features evolt
Php login system with admin features evoltPhp login system with admin features evolt
Php login system with admin features evoltGIMT
 

Contenu connexe

Tendances

Inside a Digital Collection: Historic Clothing in Omeka
Inside a Digital Collection: Historic Clothing in OmekaInside a Digital Collection: Historic Clothing in Omeka
Inside a Digital Collection: Historic Clothing in OmekaArden Kirkland
 
OAuth 2 at Webvisions
OAuth 2 at WebvisionsOAuth 2 at Webvisions
OAuth 2 at WebvisionsAaron Parecki
 
Supporting Debian machines for friends and family
Supporting Debian machines for friends and familySupporting Debian machines for friends and family
Supporting Debian machines for friends and familyFrancois Marier
 
Easy logins for Ruby web applications
Easy logins for Ruby web applicationsEasy logins for Ruby web applications
Easy logins for Ruby web applicationsFrancois Marier
 
Symfony: Your Next Microframework (SymfonyCon 2015)
Symfony: Your Next Microframework (SymfonyCon 2015)Symfony: Your Next Microframework (SymfonyCon 2015)
Symfony: Your Next Microframework (SymfonyCon 2015)Ryan Weaver
 
OWASP TOP 10 for PHP Programmers
OWASP TOP 10 for PHP ProgrammersOWASP TOP 10 for PHP Programmers
OWASP TOP 10 for PHP Programmersrjsmelo
 
SQL Injection in PHP
SQL Injection in PHPSQL Injection in PHP
SQL Injection in PHPDave Ross
 
OWASP Top 10 at International PHP Conference 2014 in Berlin
OWASP Top 10 at International PHP Conference 2014 in BerlinOWASP Top 10 at International PHP Conference 2014 in Berlin
OWASP Top 10 at International PHP Conference 2014 in BerlinTobias Zander
 
A bug bounty tale: Chrome, stylesheets, cookies, and AES
A bug bounty tale: Chrome, stylesheets, cookies, and AESA bug bounty tale: Chrome, stylesheets, cookies, and AES
A bug bounty tale: Chrome, stylesheets, cookies, and AEScgvwzq
 
PHP Backdoor: The rise of the vuln
PHP Backdoor: The rise of the vulnPHP Backdoor: The rise of the vuln
PHP Backdoor: The rise of the vulnSandro Zaccarini
 
Php web backdoor obfuscation
Php web backdoor obfuscationPhp web backdoor obfuscation
Php web backdoor obfuscationSandro Zaccarini
 
HTML5 Web Messaging
HTML5 Web MessagingHTML5 Web Messaging
HTML5 Web MessagingMike Taylor
 
Securing WordPress
Securing WordPressSecuring WordPress
Securing WordPressShawn Hooper
 
Launching Beeline with Firebase
Launching Beeline with FirebaseLaunching Beeline with Firebase
Launching Beeline with FirebaseChetan Padia
 
Rails 3 overview
Rails 3 overviewRails 3 overview
Rails 3 overviewYehuda Katz
 
Persona: a federated and privacy-protecting login system for the whole Web
Persona: a federated and privacy-protecting login system for the whole WebPersona: a federated and privacy-protecting login system for the whole Web
Persona: a federated and privacy-protecting login system for the whole WebFrancois Marier
 
Taking the pain out of signing users in
Taking the pain out of signing users inTaking the pain out of signing users in
Taking the pain out of signing users inFrancois Marier
 
Writing Secure Code for WordPress
Writing Secure Code for WordPressWriting Secure Code for WordPress
Writing Secure Code for WordPressShawn Hooper
 

Tendances (20)

Inside a Digital Collection: Historic Clothing in Omeka
Inside a Digital Collection: Historic Clothing in OmekaInside a Digital Collection: Historic Clothing in Omeka
Inside a Digital Collection: Historic Clothing in Omeka
 
OAuth 2 at Webvisions
OAuth 2 at WebvisionsOAuth 2 at Webvisions
OAuth 2 at Webvisions
 
Havij dork
Havij dorkHavij dork
Havij dork
 
Supporting Debian machines for friends and family
Supporting Debian machines for friends and familySupporting Debian machines for friends and family
Supporting Debian machines for friends and family
 
Easy logins for Ruby web applications
Easy logins for Ruby web applicationsEasy logins for Ruby web applications
Easy logins for Ruby web applications
 
php part 2
php part 2php part 2
php part 2
 
Symfony: Your Next Microframework (SymfonyCon 2015)
Symfony: Your Next Microframework (SymfonyCon 2015)Symfony: Your Next Microframework (SymfonyCon 2015)
Symfony: Your Next Microframework (SymfonyCon 2015)
 
OWASP TOP 10 for PHP Programmers
OWASP TOP 10 for PHP ProgrammersOWASP TOP 10 for PHP Programmers
OWASP TOP 10 for PHP Programmers
 
SQL Injection in PHP
SQL Injection in PHPSQL Injection in PHP
SQL Injection in PHP
 
OWASP Top 10 at International PHP Conference 2014 in Berlin
OWASP Top 10 at International PHP Conference 2014 in BerlinOWASP Top 10 at International PHP Conference 2014 in Berlin
OWASP Top 10 at International PHP Conference 2014 in Berlin
 
A bug bounty tale: Chrome, stylesheets, cookies, and AES
A bug bounty tale: Chrome, stylesheets, cookies, and AESA bug bounty tale: Chrome, stylesheets, cookies, and AES
A bug bounty tale: Chrome, stylesheets, cookies, and AES
 
PHP Backdoor: The rise of the vuln
PHP Backdoor: The rise of the vulnPHP Backdoor: The rise of the vuln
PHP Backdoor: The rise of the vuln
 
Php web backdoor obfuscation
Php web backdoor obfuscationPhp web backdoor obfuscation
Php web backdoor obfuscation
 
HTML5 Web Messaging
HTML5 Web MessagingHTML5 Web Messaging
HTML5 Web Messaging
 
Securing WordPress
Securing WordPressSecuring WordPress
Securing WordPress
 
Launching Beeline with Firebase
Launching Beeline with FirebaseLaunching Beeline with Firebase
Launching Beeline with Firebase
 
Rails 3 overview
Rails 3 overviewRails 3 overview
Rails 3 overview
 
Persona: a federated and privacy-protecting login system for the whole Web
Persona: a federated and privacy-protecting login system for the whole WebPersona: a federated and privacy-protecting login system for the whole Web
Persona: a federated and privacy-protecting login system for the whole Web
 
Taking the pain out of signing users in
Taking the pain out of signing users inTaking the pain out of signing users in
Taking the pain out of signing users in
 
Writing Secure Code for WordPress
Writing Secure Code for WordPressWriting Secure Code for WordPress
Writing Secure Code for WordPress
 

Similaire à Protect you site with Honeypots

Php login system with admin features evolt
Php login system with admin features evoltPhp login system with admin features evolt
Php login system with admin features evoltGIMT
 
Creating a Simple PHP and MySQL-Based Login System
Creating a Simple PHP and MySQL-Based Login SystemCreating a Simple PHP and MySQL-Based Login System
Creating a Simple PHP and MySQL-Based Login SystemAzharul Haque Shohan
 
Secure Programming In Php
Secure Programming In PhpSecure Programming In Php
Secure Programming In PhpAkash Mahajan
 
LAMP security practices
LAMP security practicesLAMP security practices
LAMP security practicesAmit Kejriwal
 
12-security.ppt - PHP and Arabic Language - Index
12-security.ppt - PHP and Arabic Language - Index12-security.ppt - PHP and Arabic Language - Index
12-security.ppt - PHP and Arabic Language - Indexwebhostingguy
 
PHP SA 2014 - Releasing Your Open Source Project
PHP SA 2014 - Releasing Your Open Source ProjectPHP SA 2014 - Releasing Your Open Source Project
PHP SA 2014 - Releasing Your Open Source Projectxsist10
 
Security Function
Security FunctionSecurity Function
Security FunctionSamuel Soon
 
Complete Wordpress Security By CHETAN SONI - Cyber Security Expert
Complete Wordpress Security By CHETAN SONI - Cyber Security ExpertComplete Wordpress Security By CHETAN SONI - Cyber Security Expert
Complete Wordpress Security By CHETAN SONI - Cyber Security ExpertChetan Soni
 
Website Security
Website SecurityWebsite Security
Website SecurityCarlos Z
 
Website Security
Website SecurityWebsite Security
Website SecurityMODxpo
 

Similaire à Protect you site with Honeypots (20)

Web Security
Web SecurityWeb Security
Web Security
 
Php login system with admin features evolt
Php login system with admin features evoltPhp login system with admin features evolt
Php login system with admin features evolt
 
Creating a Simple PHP and MySQL-Based Login System
Creating a Simple PHP and MySQL-Based Login SystemCreating a Simple PHP and MySQL-Based Login System
Creating a Simple PHP and MySQL-Based Login System
 
Secure Programming In Php
Secure Programming In PhpSecure Programming In Php
Secure Programming In Php
 
LAMP security practices
LAMP security practicesLAMP security practices
LAMP security practices
 
Php session
Php sessionPhp session
Php session
 
12-security.ppt - PHP and Arabic Language - Index
12-security.ppt - PHP and Arabic Language - Index12-security.ppt - PHP and Arabic Language - Index
12-security.ppt - PHP and Arabic Language - Index
 
Security.ppt
Security.pptSecurity.ppt
Security.ppt
 
PHP SA 2014 - Releasing Your Open Source Project
PHP SA 2014 - Releasing Your Open Source ProjectPHP SA 2014 - Releasing Your Open Source Project
PHP SA 2014 - Releasing Your Open Source Project
 
Security Function
Security FunctionSecurity Function
Security Function
 
Complete Wordpress Security By CHETAN SONI - Cyber Security Expert
Complete Wordpress Security By CHETAN SONI - Cyber Security ExpertComplete Wordpress Security By CHETAN SONI - Cyber Security Expert
Complete Wordpress Security By CHETAN SONI - Cyber Security Expert
 
18.register login
18.register login18.register login
18.register login
 
Website Security
Website SecurityWebsite Security
Website Security
 
Website Security
Website SecurityWebsite Security
Website Security
 
Secure Coding
Secure Coding Secure Coding
Secure Coding
 
4.4 PHP Session
4.4 PHP Session4.4 PHP Session
4.4 PHP Session
 
PHP Secure Programming
PHP Secure ProgrammingPHP Secure Programming
PHP Secure Programming
 
Secure coding | XSS Attacks on current Web Applications
Secure coding | XSS Attacks on current Web ApplicationsSecure coding | XSS Attacks on current Web Applications
Secure coding | XSS Attacks on current Web Applications
 
XSS
XSSXSS
XSS
 
Owasp & php
Owasp & phpOwasp & php
Owasp & php
 

Dernier

Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapRishantSharmaFr
 
Double rodded leveling 1 pdf activity 01
Double rodded leveling 1 pdf activity 01Double rodded leveling 1 pdf activity 01
Double rodded leveling 1 pdf activity 01KreezheaRecto
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)simmis5
 
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdfIntze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdfSuman Jyoti
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxfenichawla
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...ranjana rawat
 
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Standamitlee9823
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Call Girls in Nagpur High Profile
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXssuser89054b
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Call Girls in Nagpur High Profile
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...roncy bisnoi
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfJiananWang21
 
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdfKamal Acharya
 
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELLPVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELLManishPatel169454
 

Dernier (20)

Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort ServiceCall Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leap
 
Double rodded leveling 1 pdf activity 01
Double rodded leveling 1 pdf activity 01Double rodded leveling 1 pdf activity 01
Double rodded leveling 1 pdf activity 01
 
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
 
Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)Java Programming :Event Handling(Types of Events)
Java Programming :Event Handling(Types of Events)
 
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdfIntze Overhead Water Tank Design by Working Stress - IS Method.pdf
Intze Overhead Water Tank Design by Working Stress - IS Method.pdf
 
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptxBSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
BSides Seattle 2024 - Stopping Ethan Hunt From Taking Your Data.pptx
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
 
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night StandCall Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
 
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
(INDIRA) Call Girl Bhosari Call Now 8617697112 Bhosari Escorts 24x7
 
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
Top Rated Pune Call Girls Budhwar Peth ⟟ 6297143586 ⟟ Call Me For Genuine Se...
 
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
 
Roadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and RoutesRoadmap to Membership of RICS - Pathways and Routes
Roadmap to Membership of RICS - Pathways and Routes
 
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
 
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
Call Girls Pimpri Chinchwad Call Me 7737669865 Budget Friendly No Advance Boo...
 
data_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdfdata_management_and _data_science_cheat_sheet.pdf
data_management_and _data_science_cheat_sheet.pdf
 
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Palanpur 7001035870 Whatsapp Number, 24/07 Booking
 
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
(INDIRA) Call Girl Aurangabad Call Now 8617697112 Aurangabad Escorts 24x7
 
University management System project report..pdf
University management System project report..pdfUniversity management System project report..pdf
University management System project report..pdf
 
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELLPVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
PVC VS. FIBERGLASS (FRP) GRAVITY SEWER - UNI BELL
 

Protect you site with Honeypots

  • 1. NETWORK SECURITY Page 22 http://pentestmag.comEXTRA 06/2012(10) I n general, when a hacker trying to break into a website, he will try to bypass the security of the administration functionality by exploiting a secu- rity breach (SQL injection, ...), or using a bot that will try all possible combinations to login and ac- cess and do whatever he wants. One technique of protection is to change the name and location of the folder for administration, this complicates the break in by making it more dif- ficult for the hacker to find the page. Instead of having a folder named “admin”, “ad- ministration” or “admin.php”, you can give it a name difficult to find, but that does not stop the hackers to adapt a strategy to discover the name of the folder. Then, while keeping the true administration fold- er hidden, we will simulate a fake of administration page that will attract hackers by the easy prey so that will not only be wasting valuable time trying to connect instead of seeking the real administration page, but also allow us to analyze the ways they use to exploit potential vulnerabilities in the web- site. You guessed it; in this tutorial I will show you how to create a fake administrative part which will serve as a honeypot. To do this, rename the real administration folder of your site by a name hard to guess but easy to remember (e.g. /my-real-secret-admin-folder/). Then create the fake administrative part in a fold- er under the name “admin” with an index.php file which will require the identifier of the administrator. Here we will record the steps hackers try to get in the administration of your site (Listing 1). Remember that the design of this fake adminis- tration interface should look similar to your site so that the attacker does not doubt that this is a real login page. We now retrieve the information sent by the login form and store them in a log file or send them by email, thus you will be immediately notified when someone try to connect. You can also add a tracking code to get more analytical information (from the country, city, time left on the page, etc.) on people who are trying to connect to the fake admin CP. Finally, I set the sleep function which allows the script to sleep for a few seconds in order to se- cure against brute force attacks caused by pos- sible bots, but also to annoy the hacker. And now the “Sniffer” PHP class (Listing 2) which will allow to recover most of the actions of the at- tacker, and add the possibility of automatically banning the hackers and bots who try to log into the administrative part (because these visitors of- ten bring nothing positive to your site). Protect you site with the Honeypots In all interactive websites, there is a part called "sensitive" such as administrative part which allows for control of almost the entire site. In this article, we'll learn how to create a honeypot, more precisely a fake administration panel that allows you to learn how the hacker is doing to exploit vulnerabilities in your site, but also discourage/stop the continuation of the act of piracy, like the principle of honey pot.
  • 2. Page 23 http://pentestmag.comEXTRA 06/2012(10) Listing 1. Index.php file which will serve as a fake login page <?php /** * This page is a fake admin login page of site. * Your real login page it just another URL (e.g. http://your-site.com/_ my-secret-admin-page/). */ require '../../_inc/Sniff.class.php'; // Include the class. $bErr = false; // Initialize the error variable. if(isset($_POST['usr'], $_POST['pwd'])) { sleep(6); // Security against brute-force attack and this will irritate the hacker... $bErr = true; // Display an error message indicating that the login is incorrect. new Sniff($_POST['usr'], $_POST['pwd']); // // Class declaration with initialization values connection. } /** * Checks if the IP address is banned. */ if(Sniff::isIpBlock()) { /** * Redirect to the index page. * Instead, you can display a message indicating that the user has been banned or another redirection. */ header('Location: ../'); exit; } ?> <!DOCTYPE html> <html> <head> <title>Honeypot | Standalone example</ title> <link rel="stylesheet" href="./../static/ css/general.css" /> <!-- Your Analytics Code here (e.g. Google Analytics: http://www.google. com/analytics/, Piwik: http:// piwik.org) --> </head> <body> <div id="container"> <header> <h1>Honeypot Example</h1> </header> <h2 class="blue">Admin Panel</h2> <form class="center" action="index. php" method="post"> <fieldset> <legend>Login</legend> <label for="usr">Username:</label> <input type="text" name="usr" id="usr" value="admin" onfocus="if('admin' == this. value) this.value='';" onblur="if('' == this. value) this.value = 'admin';" required="required" /> <label for="pwd">Password:</label> <input type="password" name="pwd" id="pwd" required="required" /> <div class="center"><button type="submit" name="submit">Login</button></ div> </fieldset> </form> <footer> <p>By <strong><a href="http:// ph-7.github.com">pH7</a></ strong> &copy; 2012.</p> </footer> </div> </body> </html>
  • 3. NETWORK SECURITY Page 24 http://pentestmag.comEXTRA 06/2012(10) Listing 2a. The class that is used to analyze and store the behavior of hacker <?php class Sniff { /** * Your informations here. */ // TRUE = enable sending email to each someone tries to connect to admin login. const EMAIL_REPORT = true; // Email address where reports will be sent emails if Sniff::EMAIL_REPORT is TRUE. const EMAIL_ADDRESS = 'you@your-domain.com'; /** * Settings of application. */ // TRUE = Automatically banned all those who attempt to log into the admin. const AUTO_IP_BLOCK = false; // Path where will be stored log files. const LOG_PATH = '../../_data/logs/ attackers/'; // Path from the list of IP addresses that are banned from the site. const BAN_IP_FULL_PATH = '../../_data/bans/ ip.txt'; private $_sUsername, $_sPassword, $_sIp, $_ sContents; /** * * @param string $sUsername The Username of the Admin Login. */ public function __construct($sUsername, $sPassword) { // Initializes login variables. $this->_sUsername = $sUsername; $this->_sPassword = $sPassword; // Creates the log message and adds it to the list of logs. $this->setLogMsg()->writeFile(); // Sends the email report. if(self::EMAIL_REPORT) $this- >sendMessage(); // Blocks IP address. if(self::AUTO_IP_BLOCK) $this- >blockIp(); } /** * Check if the IP address is banned. * * @return boolean Returns true if the ip is banned, otherwise returns false. */ public static function isIpBlock() { if(is_file(self::BAN_IP_FULL_PATH)) { $aIpBans = file(self::BAN_IP_FULL_ PATH); foreach($aIpBans as $sIp) { $sIp = trim($sIp); if(0 == strcmp(self::getIp(), $sIp)) return true; } } return false; } /** * Return the IP address of a client. * * @return string */ public static function getIp() { if (!empty($_SERVER['HTTP_X_FORWARDED_ FOR'])) { $sIp = $_SERVER['HTTP_X_FORWARDED_ FOR'];
  • 4. Page 25 http://pentestmag.comEXTRA 06/2012(10) Listing 2b. The class that is used to analyze and store the behavior of hacker } elseif (!empty($_SERVER['HTTP_CLIENT_ IP'])) { } else { $sIp = $_SERVER['REMOTE_ADDR']; } return preg_match('/^[a-z0-9:.]{7,}$/', $sIp) ? $sIp : '0.0.0.0'; } /** * Build the log message. * * @return this object */ protected function setLogMsg() { $sReferer = (!empty($_SERVER['HTTP_ REFERER'])) ? $_SERVER['HTTP_ REFERER'] : 'NO HTTP REFERER'; $sAgent = (!empty($_SERVER['HTTP_USER_ AGENT'])) ? $_SERVER['HTTP_ USER_AGENT'] : 'NO USER AGENT'; $sQuery = (!empty($_SERVER['QUERY_ STRING'])) ? $_SERVER['QUERY_ STRING'] : 'NO QUERY STRING'; $this->_sIp = self::getIp(); $this->_sContents = 'Date: ' . date('Y/m/d') . "n" . 'IP: ' . $this->_sIp . "n" . 'QUERY: ' . $sQuery . "n" . 'Agent: ' . $sAgent . "n" . 'Referer: ' . $sReferer . "n" . 'LOGIN - Username: ' . $this->_sUsername . ' - Password: ' . $this->_ sPassword . "nnn"; return $this; } /** * Write a log file with the hacher informations. * * @return this object */ protected function writeFile() { $sFileName = $this->_sIp . '.log'; $sFullPath = self::LOG_PATH . $sFileName; file_put_contents($sFullPath, $this->_ sContents, FILE_APPEND); return $this; } /** * * @return this object */ protected function blockIp() { $sContent = $this->_sIp . "n"; file_put_contents(self::BAN_IP_FULL_PATH, $sContent, FILE_APPEND); return $this; } /** * Send an email. * * @return this object */ protected function sendMessage() { $sHeaders = "From: "{$_SERVER['HTTP_ HOST']}" <{$_SERVER['SERVER_ ADMIN']}>rn"; mail(self::EMAIL_ADDRESS, 'Reporting of the Fake Admin Honeypot', $this->_sContents, $sHeaders); return $this; } }
  • 5. NETWORK SECURITY Page 26 http://pentestmag.comEXTRA 06/2012(10) Listing 3. File used to manage the router correct login page <?php define('IS_INDEX', 1); session_start(); if (strcmp(@$_SESSION['joomla_admin_sess'], 'YOUR_SECRET_WORD') != 0) { require '_honeypot_index.inc.php'; // The fake admin interface. } else { require '_joomla_index.inc.php'; // OK, the URL from where the person is the URL custom administration. } ?> Listing 4a. Fake login admin page <?php /** * Architecture and design reproduced of Joomla version 2.5.6 defined('IS_INDEX') or die; // Security check session_start(); /** * Generate a random token name field of the login form. */ if(empty($_SESSION['login_token'])) $_SESSION['login_token'] = md5(uniqid(mt_ rand(), true)); /** * Gets the root URL. * It is useful to get the URL to reproduce exactly the same source code as the original Joomla administration. * * @return string */ function get_url() { // URL Association for SSL and Protocol Compatibility $sHttp = (!empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS'] == 'on')) ? 'https://' : 'http://'; return $sHttp . $_SERVER['HTTP_HOST'] . dir name(dirname(htmlspecialchars ($_SERVER['PHP_SELF']))); } /** * Gets the root relative URL. * It is useful to get the URL relative to reproduce exactly the same source code as the original Joomla administration. * * @return string */ function get_relative_url() { return dirname(dirname(htmlspecialchars($_ SERVER['PHP_SELF']))); } /** * This page is a fake admin login page of site. * Your real login page it just another URL (e.g. http://your-site.com/_ my-secret-admin-page/). */ require '../../_inc/Sniff.class.php'; $bErr = false; // Default value if(isset($_POST['username'], $_POST['passwd'])) { sleep(6); // Security against brute-force attack and this will irritate the hacker... $bErr = true; } /** * Check if the IP address is banned. */ if(Sniff::isIpBlock()) { header('Location: ../'); // Go to index.
  • 6. Page 27 http://pentestmag.comEXTRA 06/2012(10) Listing 4b. Fake login admin page exit; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www. w3.org/TR/xhtml1/DTD/xhtml1- transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir="ltr" > <head> <meta http-equiv="content-type" content="text/ html; charset=utf-8" /> <meta name="generator" content="Joomla! - Open Source Content Management" /> <title>Honeypot Joomla Example - Administration</title> <link href="<?php echo get_relative_ url() ?>/administrator/ templates/bluestork/favicon. ico" rel="shortcut icon" type="image/vnd.microsoft.icon" /> <link rel="stylesheet" href="templates/system/ css/system.css" type="text/ css" /> <link rel="stylesheet" href="templates/ bluestork/css/template.css" type="text/css" /> <style type="text/css"> html { display:none } </style> <script src="<?php echo get_relative_url() ?>/ media/system/js/mootools-core. js" type="text/javascript"></ script> <script src="<?php echo get_relative_url() ?>/media/system/js/core.js" type="text/javascript"></ script> <script type="text/javascript"> function keepAlive() { var myAjax = new Request({method: "get", url: "index.php"}).send();} window. addEvent("domready", function() { keepAlive.periodical(840000); }); window.addEvent('domready', function () {if (top == self) {document. documentElement.style.display = 'block'; } else {top.location = self.location; }}); </script> <!--[if IE 7]> <link href="templates/bluestork/css/ie7.css" rel="stylesheet" type="text/ css" /> <![endif]--> <script type="text/javascript"> window.addEvent('domready', function () { document.getElementById('form-login'). username.select(); document.getElementById('form-login'). username.focus(); }); </script> </head> <body> <div id="border-top" class="h_blue"> </div> <div id="content-box"> <div id="element-box" class="login"> <div class="m wbg"> <h1>Joomla! Administration Login</h1> <div id="system-message-container"> </div> <div id="section- box"> <div class="m"> <form action="<?php echo get_relative_url() ?>/ administrator/index.php" method="post" id="form-login"> <fieldset class="loginform"> <label id="mod-login- username-lbl" for="mod-login- username">User Name</label> <input name="username" id="mod- login-username" type="text" class="inputbox" size="15" />
  • 7. NETWORK SECURITY Page 28 http://pentestmag.comEXTRA 06/2012(10) Listing 4c. Fake login admin page <label id="mod-login- password-lbl" for="mod-login- password">Password</label> <input name="passwd" id="mod- login-password" type="password" class="inputbox" size="15" /> <label id="mod-login-language- lbl" for="lang">Language</ label> <select id="lang" name="lang" class="inputbox"> <option value="" selected="selected">Default</ option> <option value="en-GB">English (United Kingdom)</option> </select> <div class="button-holder"> <div class="button1"> <div class="next"> <a href="#" onclick="document. getElementById('form-login'). submit();"> Log in</a> </div> </div> </div> <div class="clr"></div> <input type="submit" class="hidebtn" value="Log in" /> <input type="hidden" name="option" value="com_login" /> <input type="hidden" name="task" value="login" /> <input type="hidden" name="return" value="aW5kZXgucGhw" /> <input type="hidden" name="<?php echo $_SESSION['login_token'] ?>" value="1" /> </fieldset> </form> <div class="clr"></div> </div> </div> <p>Use a valid username and password to gain access to the administrator backend.</p> <div id="lock"></div> </div> </div> <noscript> Warning! JavaScript must be enabled for proper operation of the Administrator backend. </noscript> </div> <div id="footer"> <p class="copyright"> <a href="http://www.joomla. org">Joomla!&#174;</a> is free software released under the <a href="http://www.gnu.org/ licenses/gpl-2.0.html">GNU General Public License</a>. </p> </div> </body> </html> Listing 5. File that initializes the session to the login page Joomla <?php define('IS_INDEX', 1); session_start(); $_SESSION['joomla_admin_sess'] = 'YOUR_SECRET_ WORD'; // Joomla Login is OK header('Location: ../administrator/'); ?>
  • 8. Page 29 http://pentestmag.comEXTRA 06/2012(10) In this class, we create five constants. The first two concerns the report email, the fol- lowing is the activation of the automatic ban an IP address, then the last two are the paths of the log file and the file list of IP addresses banned from the site. Then we create the constructor that initializes the variables entered login via the admin interface. After we initialize and write the log message with the setLogMsg() and writeFile() methods, then we send an email with using the sendMessage() meth- od if the constant EMAIL_REPORT is TRUE and we ban the IP address of spammer using the blockIp() method if the constant AUTO_IP_BLOCK is TRUE. For more information about this class, see the URL of the source code for this article in the links section. Use the honeypot fake admin in a CMS This technique is perfectly usable in a CMS (even recommended). Indeed, the CMS are generally more at risk of this kind of attack, because the per- son who wants to hack your site will first scrutinize the source code of the script question in order to know its architecture and the distribution of files as well as any piece of code that contains a security vulnerability that could be exploited. In this example, we will use the famous CMS Joomla 2.5, but it should be easy to adapt the code to another CMS. Joomla, we will use a slightly different technique, because Joomla does not allow it renames the folder “administrator”, so we'll leave everything in that folder. We will rename the file “index.php” from the folder “_joomla_index.inc.php” and add the code defined('IS_INDEX') or die; at the beginning of the file, just after the <?php, this, line is used to pre- vent a person from access without going through the routing file access that we will create later. Thus, only those who know the secret folder admin will have a session variable that will have access to the original login page, others get a fake login page. Always in the same folder, create a file “_hon- eypot_index.inc.php” with the content of Listing 4. It is the fake login page including class listening, etc. Finally, create the real administration folder on the name of your choice, but difficult to guess and to create an index.php file containing the code in Listing 5. Keep in mind that in general you rename the real name of the administration folder so that it is diffi- cult to guess and to create an erroneous adminis- trative section with the name of the former (e.g. / admin/) and then modify a variable or a constant that is the way of the administrative part (usually it is in the configuration file of your site). The previous example is different because Joom- la does not allow that the folder "administrator" be renamed under a different name. Different techniques of honeypots In this tutorial, we use the honeypot to fool hackers or spammers (robots, etc.) that tried to misuse the login page of the administrative part, but in reality this is a trap. But this technique of honeypots can be used for other things. For example, to create a fake captcha that will be invisible to the naked eye to users, but visible to spam bots. It would also be interesting to examine the behavior and the technique used by the bot, for example improving our true captcha to make it more effective. We can also banish these robots by its IP ad- dress in the same way that we did in "Sniff" class. Another example is email spam (also known as e-mail trap or spamtrap) which is used to receive spam. This technique is often considered a spam honeypot. Figure 1. Honeypot standalone example
  • 9. NETWORK SECURITY Page 30 http://pentestmag.comEXTRA 06/2012(10) A project under the name Project Honey Pot also been created to fight against spam and collect all email addresses for spam or other similar purpos- es, such as bulk mail and email fraud. These examples are far from complete, as the technique of honeypots is very broad and is not only meant for the Web. The honeypot are also often used in Internet net- works. For more information, I added a Wikipedia article in the links section. Categories of honeypot Before concluding this article, I suggest you to dis- cover broadly two types of honeypots. Low-interaction honeypots It is easier to implement and more secure family honeypots. Their goal is to collect as much information while providing minimum privileges to attackers to mini- mize security risks. High-interaction honeypots They can be considered as the extreme side, be- cause they are based on the principle of access to real interactions and functions of the department. The risks are much greater than for the low inter- action honeypots. It therefore appears necessary to secure maximum service architecture for the at- tacker cannot kick back and take in and access to other features and services with which they are not intended. In this tutorial, we learned how to create a low- interaction honeypot, which is generally recom- mended. Conclusion This technique allows a better understanding of the intentions and hacking attempts on your site. For example, now you will receive an email or a message in the log files whenever a person tries to connect, you can also see if the person uses the same user name or password, if such is the case, it means that someone else knows your log- in password; you must protect yourself by chang- ing your password. It also helps to lose precious time trying to hack anyone your site and thus reduce the risk of at- tempted hacking elsewhere (on your site or on an- other). You can block IP addresses malicious people to further reduce any risks of hacking your site, even though this is debatable, in fact you can easily change your IP address using proxy servers, many more operator provides a dynamic IP Internet (ad- dress that changes periodically). Finally, bots that try to use all possible combina- tions to access the site administration, will also be banned if you have enabled the protection of IP banning automatic. Pierre-Henry Soria Pierre-Henry Soria worked in web de- velopment for several years. He spe- cializes in accessibility, SEO and se- curity and possible techniques to avoid intrusions. It also works on parsers and lexical and syntac- tic analyzers in low-level languag- es. He can be contacted by email at: phenrysoria@gmail.com. Information on theWeb • http://github.com/pH-7/Honeypots – The entire source code discussed in this article. • http://github.com/pH-7/fake-admin-honeypot-V1.1 – A module that's fake administration panel that you can inspire the source code. • http://github.com/dmpayton/django-admin-honeypot – A fake Django admin CP login screen to notify admins of attempted unauthorized access. • http://sourceforge.net/projects/spamhole/ – The fake open SMTP relay in the fight against spam. • http://projecthoneypot.org – Project Honey Pot is a network IP address harvesting spam to fight against unwanted mail. • http://en.wikipedia.org/wiki/Honeypot_(computing) – Brief explanation of the operating principles of the honey- pot. • http://www.tracking-hackers.com/papers/honeypots.html – Old article, but still interesting on the definition and explanation of the honeypot. • http://old.honeynet.org/papers/gen2/ – Article also very interesting on Honeynets. • http://www.symantec.com/connect/articles/honeypots-are-they-illegal – Interesting article that I suggest you read on legality of honeypots. Indeed, you must not abuse the way you use the honeypot and confidentiality of users on log files.