Table of contents

• Definition
• Details
• Usage
• Contact

Simple honeypot that logs access attempts on web server directories.

For an enhanced version with a fake username and password prompt see honeypot-hornet.

Top

Many websites provide administrative access to a management interface for the webmaster, mostly via a sub-directory called /admin and also /login.

In case your website does not have such a directory (or with a different name), you can create a fake one and use this honeypot to see the access attempts.

Top

Installing the honeypot is simple.

1. Edit honeypot-wasp.php and change the name of the log file to something less guessable than logfile.txt.

   $file = 'logfile.txt';

2. Create an empty text file with that name.

3. Rename honeypot-wasp.php to index.php or index.html.

4. Create the desired directory where you want to install the honeypot on your web server, e.g. /admin.

5. Upload the renamed file as well as the empty text file into that directory.

Use your web browser to navigate to the directory on your website which contains the honeypot file. The page will return code 500 (Internal server error).

After that, the attempted access has been logged into the given log file. For example:

[2018-04-28 - 09:42:10] Attempt to access 'https://www.foo.bar/admin'
[2018-04-28 - 09:42:10] IP address: 192.168.1.2
[2018-04-28 - 09:42:10] User agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.108 Safari/537.36

Top

Any suggestions, questions, bugs to report or feedback to give?

You can contact me by sending an email to [email protected].

Top