cgi-bin honeypot

What's this then?

A cgi-bin catch-all for people who don't need the functionality of the common CGIs with security holes, and would like to upset a few script kiddies and spammers.

It was originally written as a drop-in for formmail, but since made more generic.

formmail is a fairly common CGI used for sending email via a web form. It seems to be fairly easy to misconfigure, though, and people can sometimes use it as an anonymiser for spamming or other purposes.

That's where this CGI comes in. It'll log as much data as it can about their hack attempt and give them a terse warning.


I'm sick of my site being probed by script kiddies/spammers, e.g.: - - [27/Sep/2002:08:14:08 +0100] "POST /cgi-bin/ HTTP/1.1" 404 297 "-" "Mozilla/4.06 (Win95; I)" "-" - - [27/Sep/2002:08:14:10 +0100] "POST /cgi-bin/FormMail.cgi HTTP/1.1" 404 298 "-" "Mozilla/4.06 (Win95; I)" "-" - - [27/Sep/2002:08:14:10 +0100] "POST /cgi-bin/ HTTP/1.1" 404 297 "-" "Mozilla/4.06 (Win95; I)" "-" - - [27/Sep/2002:08:14:11 +0100] "POST /cgi-bin/formmail.cgi HTTP/1.1" 404 298 "-" "Mozilla/4.06 (Win95; I)" "-"
(IP addresses obscured to protect the stupid)

This'll upset some of them, maybe. If it puts only one of them off and makes them realise there's better things to do with life, it has to be worth it, no?

What do I do with it?

Oh, crikey, it's a CGI. If you don't know, you have bigger problems. Once it's installed, you have a few options. You can link to it as all the filenames you've seen in your logs. At least make sure that you link it as, formmail.cgi, and FormMail.cgi, though, since they're all the forms I've seen.

A much better solution is to add this to the .htaccess in your top-level cgi-bin directory.

RewriteEngine On
RewriteBase /cgi-bin/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule . [L]
This is preferable to simply having as your "ErrorDocument 404" since that won't preserve the POST data, in my experience.


Really really really free. zlib license.



Click here for some of my other pet projects

Valid HTML 4.01!

Page last modified (Amazon wishlist)