Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/msigley/PHP-HTTP-Tarpit

Confuse and waste bot scanners time.
https://github.com/msigley/PHP-HTTP-Tarpit

http-tarpit php

Last synced: 14 days ago
JSON representation

Confuse and waste bot scanners time.

Host: GitHub
URL: https://github.com/msigley/PHP-HTTP-Tarpit
Owner: msigley
Created: 2014-05-05T15:22:10.000Z (over 10 years ago)
Default Branch: master
Last Pushed: 2023-09-26T20:40:16.000Z (about 1 year ago)
Last Synced: 2024-08-02T06:15:29.611Z (4 months ago)
Topics: http-tarpit, php
Language: PHP
Homepage:
Size: 29.3 KB
Stars: 39
Watchers: 3
Forks: 8
Open Issues: 0
Metadata Files:
- Readme: README.md

Awesome Lists containing this project

README

PHP-HTTP-Tarpit
===============

Confuse and waste bot scanners time.
Url rewrite unwanted bot traffic to the la_brea.php file. It is important you use Url rewrites not redirects as most bots ignore location headers.

Based on research done by Chris John Riley. http://github.com/ChrisJohnRiley/

Defense Techinques Implemented
------------------------------
* Blinding Mode
* Return 200 Founds for all requests.
* Outputs random alphanumeric content to client.
* Special phrases and characters injected into the content.
* Increases amount of false positives in scanners' results.
* Ninja Mode
* Return 404 Not Founds for all requests.
* Sometimes outputs random content as described above.
* Increases amount of negatives in scanners' results.
* HTTP Tarpit
* Returns a 101, 102, 103, or 401 for all requests.
* Generates long response wait times to client.
* Wastes time of scanners.
* Chained Redirection
* Returns a 301, 302, or 307 for all requests.
* Redirects to a randomly generated url many times in succession.
* Wastes time of scanners.
* Punishes bad web crawlers for not respecting the robots.txt. Looking at you Baidu.
* Sometimes ends in Bounceback Redirection (see below).
* Bounceback Redirection
* Returns a 301, 302, or 307 for all requests.
* Redirects request back to requesting ip on common http/https ports.
* Wastes time of scanners.
* Could potentially tie up resources on attackers edge node.
* Random Defense Selection
* For each request
* By the minute
* By the minute is very effective in baiting the bots and by not looking too random or predictable.

Wishlist
--------
* ~~Robots.txt file emulation to not punish good web crawlers.~~
* This is handled better by hosting an actual robots.txt and creating an exemption in the url rewrite to allow access to it.
* Support for dumping contents of random files in a folder for the Blinding Mode defense.

Wordpress Implementation
------------------------
I have implemented this tarpit script into a Wordpress security plugin here to help with brute force attacks:
https://github.com/msigley/WP-Simple-Security