kfriend · February 27, 2013 14:54
diff --git a/gistfile1.php b/gistfile1.php
 <?php

 /*
 * Simple Honeypot
 *
 * Takes request and stores the users IP, user-agent, and request into separate files. Useful
 * for logging requests to locations that no one should be poking around.
 *
 * To do:
 * 	- Add user-agent blocking
 */

 // Debug flag
 define('DEBUG', FALSE);

 if ( ! DEBUG)
 {
 	error_reporting(0);
 }

 if (DEBUG) dump(array($_SERVER['REMOTE_ADDR'], $_SERVER['REQUEST_URI'], $_SERVER['HTTP_USER_AGENT']));

 // Send 404
 header("HTTP/1.0 404 Not Found");

 // Echo 404 error
 echo <<<EOS
 <!doctype html>
 <html lang="en">
 <head>
 	<meta charset="utf-8">
 	<title>Error</title>
 </head>
 <body>
 	<p>
 		Something went wrong and your request couldn't be completed.
 	</p>
 </body>
 </html>
 EOS;

 // Settings

 // A file containing regex IP addresses to consider already "blocked." One per line
 $blocked_ip_file = './blocked_ip.txt';

 // A file containing regex URIs to consider "bad." One per line.
 $blocked_uri_file = './blocked_uri.txt';

 // A log containing all requests that should be reviewed occasionally
 $review_file = './review.csv';

 // Log of requests matching "bad" URIs
 $log_file = './bad_uri_log.csv';

 // Regex of IPs to ignore
 $good_ip = '192\.168\.1\.';

 // What to escape or remove
 $escape = array('"', ',', "\n", "\r");
 $escape_to = array('\"', '\,');

 // Normalize request
 $ip = $_SERVER['REMOTE_ADDR'];
 $ua = str_replace($escape, $escape_to, $_SERVER['HTTP_USER_AGENT']);
 $uri = str_replace($escape, $escape_to, $_SERVER['REQUEST_URI']);

 // Exit if IP is white listed
 if (preg_match("/{$good_ip}/", $ip)) exit;

 // Get naughty IPs
 $blocked_ip = '';

 if (file_exists($blocked_ip_file))
 {
 	$blocked_ip = trim(str_replace(array("\n", '.'), array('|', '\.'), file_get_contents($blocked_ip_file)));
 }

 // Get naughty URIs
 $blocked_uri = '';

 if (file_exists($blocked_uri_file))
 {
 	$blocked_uri = trim(str_replace("\n", '|', file_get_contents($blocked_uri_file)));
 }

 // Compare requester IP to blocked list
 if (preg_match("/({$blocked_ip})/", $ip))
 {
 	if (DEBUG) puts('Blocked IP!');

 	// Don't do anything at this time as the IP has already been blocked.
 }

 // Compare requested URI to blocked list
 elseif (preg_match("/({$blocked_uri})/", $uri))
 {
 	if (DEBUG) puts('Blocked URI!');

 	// Add IP to blocked list
 	file_put_contents($blocked_ip_file, "\n{$ip}", FILE_APPEND);

 	// Log the request
 	file_put_contents($review_file, "\nUA,{$ip},{$ua},{$uri}", FILE_APPEND);
 	file_put_contents($log_file, "\nURI Request,{$ip},{$ua},{$uri}", FILE_APPEND);
 }

 else
 {
 	if (DEBUG) puts('New item for review');
 	file_put_contents($review_file, "\nNew,{$ip},{$ua},{$uri}", FILE_APPEND);
 }

 // Debugging Functions
 function dump($array, $format = FALSE)
 {
 	if ( ! empty($format))
 	{
 		echo '<hr>';
 	}

 	echo '<pre>';
 	print_r($array);
 	echo '</pre>';

 	if ( ! empty($format))
 	{
 		echo '<hr>';
 	}
 }

 function puts($string)
 {
 	echo $string.'<br />';
 }
	<?php

	/*
	* Simple Honeypot
	*
	* Takes request and stores the users IP, user-agent, and request into separate files. Useful
	* for logging requests to locations that no one should be poking around.
	*
	* To do:
	* - Add user-agent blocking
	*/

	// Debug flag
	define('DEBUG', FALSE);

	if ( ! DEBUG)
	{
	error_reporting(0);
	}

	if (DEBUG) dump(array($_SERVER['REMOTE_ADDR'], $_SERVER['REQUEST_URI'], $_SERVER['HTTP_USER_AGENT']));

	// Send 404
	header("HTTP/1.0 404 Not Found");

	// Echo 404 error
	echo <<<EOS
	<!doctype html>
	<html lang="en">
	<head>
	<meta charset="utf-8">
	<title>Error</title>
	</head>
	<body>
	<p>
	Something went wrong and your request couldn't be completed.
	</p>
	</body>
	</html>
	EOS;

	// Settings

	// A file containing regex IP addresses to consider already "blocked." One per line
	$blocked_ip_file = './blocked_ip.txt';

	// A file containing regex URIs to consider "bad." One per line.
	$blocked_uri_file = './blocked_uri.txt';

	// A log containing all requests that should be reviewed occasionally
	$review_file = './review.csv';

	// Log of requests matching "bad" URIs
	$log_file = './bad_uri_log.csv';

	// Regex of IPs to ignore
	$good_ip = '192\.168\.1\.';

	// What to escape or remove
	$escape = array('"', ',', "\n", "\r");
	$escape_to = array('\"', '\,');

	// Normalize request
	$ip = $_SERVER['REMOTE_ADDR'];
	$ua = str_replace($escape, $escape_to, $_SERVER['HTTP_USER_AGENT']);
	$uri = str_replace($escape, $escape_to, $_SERVER['REQUEST_URI']);

	// Exit if IP is white listed
	if (preg_match("/{$good_ip}/", $ip)) exit;

	// Get naughty IPs
	$blocked_ip = '';

	if (file_exists($blocked_ip_file))
	{
	$blocked_ip = trim(str_replace(array("\n", '.'), array('\|', '\.'), file_get_contents($blocked_ip_file)));
	}

	// Get naughty URIs
	$blocked_uri = '';

	if (file_exists($blocked_uri_file))
	{
	$blocked_uri = trim(str_replace("\n", '\|', file_get_contents($blocked_uri_file)));
	}

	// Compare requester IP to blocked list
	if (preg_match("/({$blocked_ip})/", $ip))
	{
	if (DEBUG) puts('Blocked IP!');

	// Don't do anything at this time as the IP has already been blocked.
	}

	// Compare requested URI to blocked list
	elseif (preg_match("/({$blocked_uri})/", $uri))
	{
	if (DEBUG) puts('Blocked URI!');

	// Add IP to blocked list
	file_put_contents($blocked_ip_file, "\n{$ip}", FILE_APPEND);

	// Log the request
	file_put_contents($review_file, "\nUA,{$ip},{$ua},{$uri}", FILE_APPEND);
	file_put_contents($log_file, "\nURI Request,{$ip},{$ua},{$uri}", FILE_APPEND);
	}

	else
	{
	if (DEBUG) puts('New item for review');
	file_put_contents($review_file, "\nNew,{$ip},{$ua},{$uri}", FILE_APPEND);
	}

	// Debugging Functions
	function dump($array, $format = FALSE)
	{
	if ( ! empty($format))
	{
	echo '<hr>';
	}

	echo '<pre>';
	print_r($array);
	echo '</pre>';

	if ( ! empty($format))
	{
	echo '<hr>';
	}
	}

	function puts($string)
	{
	echo $string.'<br />';
	}