You've already forked http-badbots
HTTP-Badbots
Simple HTTP honeypot capable of reading GeoIP databases and to output the informations in a SQLite or MySQL database.
Deployment
SQLite
Change user/pass and port if needed in the docker-compose.yml, create the database file, and then start the container :
git clone https://git.rznet.fr/razian/http-badbots.git
cd http-badbots
vim docker-compose.yml
touch logs.db
docker-compose up -d
MySQL
Same as SQLite, but using the docker-compose-mysql.yml file :
git clone https://git.rznet.fr/razian/http-badbots.git
cd http-badbots
vim docker-compose-mysql.yml
docker-compose -f docker-compose-mysql.yml up -d
GeoIP
I use geoipupdate
Usage
Usage of http-badbots:
--db string
Path to SQLite database (default "./logs.db")
--geoip string
Path to GeoIP databases
--mysql_db string
MySQL database (default "httpbadbots")
--mysql_host string
MySQL host (default "localhost")
--mysql_pass string
MySQL password
--mysql_port string
MySQL port (default "3306")
--mysql_user string
MySQL username
--port string
Port to listen on (default "8080")
Here is an example haproxy config to protect some admin pages :
acl honeypot path_beg /ghost /login /admin /wp-admin /wp-login /auth /authentication /backend
use_backend http-badbots if honeypot
...
backend http-badbots
mode http
server http-badbots 127.0.0.1:8080 check
License
http-badbots is licensed under the MIT License. See the LICENSE file for more information.