Collecting RFI Data
While thinking about current remote file inclusion (rfi) honeypot solutions, we came to the conclusion instead of providing a honeypot for download, install and configuration for system administrators how about redirecting rfi requests to our already running honeypots.
If you are interested in sharing remote file inclusion requests hitting your webserver with us, you can use the following .htaccess file:
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{QUERY_STRING} (.+=http:\/\/.+)
RewriteRule ^(.+)$ http://link.informatik.uni-mannheim.de/$1?%1 [R,NC]
The script checks for any variables in the GET request of a client, if an URL is given as parameter (RewriteCond). In case this is true the request is redirected to our webserver (RewriteRule). If you have any question, comments or suggestions do not hesitate to contact us.
hmm haven't seen provos log, but now that you mention it =)
what kind of interaction do you require?
cheers,
jan
Posted by jan — 24 Mar 2009, 19:08
i never tested it, but i will get 302 or 300 on doing so?
Posted by katsumi — 29 Mar 2009, 03:04