[Dshield] webhoneypot
Johannes Ullrich
jullrich at euclidian.com
Thu Nov 27 23:55:37 GMT 2008
Manuel:
The data will eventually be used like DShield data. We will make it
available via web-based reports and in raw form to researchers. At this
point, I am still debugging some of the details and the problem with the
"post" page should be fixed as of yesterday. Once I am convinced that the
system is stable and delivers good results, they will be published.
E-Mail the modifications and templates directly to me (jullrich at
euclidian.com ). Zip them up as an attachment. One of the missing pieces I
still need to fix is a script to push updated templates to users.
FWIW: DShield is 8 years old as of today. I started the first version on
Thanksgiving weekend 2000.
Sorry for the missing reply from info at dshield . I will see where it ended
up. May just have gotten lost in the inbox.
On Thu, Nov 27, 2008 at 1:48 PM, Manuel <lists at grospolina.org> wrote:
> Hello people at dshield.org, hello Mr. Ullrich!
> I need to know,
> wether this maillist is the correct one to post to regarding
> the "Web Application Honeypot" - project you started.
> Mail to info at dshield.org was ignored.
>
> Questions:
> How the data will be used (POSTed to isc1)?
> (I won't be amused to see my adresses caused by testing in one of your
> lists)
>
> Yesterday POSTing to isc1 fails,
> so no document had been delivered to the attackers clients.
> I changed the "index.php" of webhoneypot in a way,
> so that it will first deliver the document and POST to isc1 when done.
> Isn't it a good idea to change it in the webhoneypots tarball, too?
>
> I added two new templates,
> one for s9y blog and another for joomla and joomla administrator page.
> I'm using href to existing sites for css, js, pictures.
> Do you see issues doing it this way?
> (I used existing sites of my own to build the templates claiming 1600
> f for me)
>
> greets,
> Manuel
> (user 65964441)
>
> p.s.
> (I hope that it is not needed to post with full name to the list,
> you already know it)
>
>
> _______________________________________________
> Dshield mailing list
> Dshield at lists.sans.org
> To change your subscription options (or unsubscribe), see:
> https://lists.sans.org/mailman/listinfo/list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sans.org/pipermail/list/attachments/20081127/77c0308e/attachment.htm
More information about the Dshield
mailing list