It was originally written as a drop-in for formmail, but since made more generic.
formmail is a fairly common CGI used for sending email via a web form. It seems to be fairly easy to misconfigure, though, and people can sometimes use it as an anonymiser for spamming or other purposes.
That's where this CGI comes in. It'll log as much data as it can about their hack attempt and give them a terse warning.
xx.xxx.xxx.xxx - - [27/Sep/2002:08:14:08 +0100] "POST /cgi-bin/formmail.pl HTTP/1.1" 404 297 "-" "Mozilla/4.06 (Win95; I)" "-" xx.xxx.xxx.xxx - - [27/Sep/2002:08:14:10 +0100] "POST /cgi-bin/FormMail.cgi HTTP/1.1" 404 298 "-" "Mozilla/4.06 (Win95; I)" "-" xx.xxx.xxx.xxx - - [27/Sep/2002:08:14:10 +0100] "POST /cgi-bin/FormMail.pl HTTP/1.1" 404 297 "-" "Mozilla/4.06 (Win95; I)" "-" xx.xxx.xxx.xxx - - [27/Sep/2002:08:14:11 +0100] "POST /cgi-bin/formmail.cgi HTTP/1.1" 404 298 "-" "Mozilla/4.06 (Win95; I)" "-"(IP addresses obscured to protect the stupid)
This'll upset some of them, maybe. If it puts only one of them off and makes them realise there's better things to do with life, it has to be worth it, no?
A much better solution is to add this to the .htaccess in your top-level cgi-bin directory.
RewriteEngine On
RewriteBase /cgi-bin/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule . honeypot.pl [L]
This is preferable to simply having honeypot.pl as your "ErrorDocument
404" since that won't preserve the POST data, in my experience.
| source | honeypot.pl |
Click here for some of my other pet projects