HTTP-Badbots

Simple HTTP honeypot capable of reading GeoIP databases and to output the informations in a SQLite or MySQL database.

Deployment

SQLite

Change user/pass and port if needed in the docker-compose.yml, create the database file, and then start the container :

  git clone https://git.rznet.fr/razian/http-badbots.git
  cd http-badbots
  vim docker-compose.yml
  touch logs.db
  docker-compose up -d

MySQL

Same as SQLite, but using the docker-compose-mysql.yml file :

  git clone https://git.rznet.fr/razian/http-badbots.git
  cd http-badbots
  vim docker-compose-mysql.yml
  docker-compose -f docker-compose-mysql.yml up -d

GeoIP

I use geoipupdate

Usage

Usage of http-badbots:
  --db string
    	Path to SQLite database (default "./logs.db")
  --geoip string
    	Path to GeoIP databases
  --mysql_db string
    	MySQL database (default "httpbadbots")
  --mysql_host string
    	MySQL host (default "localhost")
  --mysql_pass string
    	MySQL password
  --mysql_port string
    	MySQL port (default "3306")
  --mysql_user string
    	MySQL username
  --port string
    	Port to listen on (default "8080")

Here is an example haproxy config to protect some admin pages :

acl honeypot path_beg /ghost /login /admin /wp-admin /wp-login /auth /authentication /backend
use_backend http-badbots if honeypot
...

backend http-badbots
	mode http
	server http-badbots 127.0.0.1:8080 check

License

http-badbots is licensed under the MIT License. See the LICENSE file for more information.

1.6 KiB Raw Permalink Blame History