You've already forked http-badbots
70 lines
1.6 KiB
Markdown
70 lines
1.6 KiB
Markdown
# HTTP-Badbots
|
|
|
|
Simple HTTP honeypot capable of reading GeoIP databases and to output the informations in a SQLite or MySQL database.
|
|
|
|
## Deployment
|
|
|
|
### SQLite
|
|
|
|
Change user/pass and port if needed in the docker-compose.yml, create the database file, and then start the container :
|
|
|
|
```bash
|
|
git clone https://git.rznet.fr/razian/http-badbots.git
|
|
cd http-badbots
|
|
vim docker-compose.yml
|
|
touch logs.db
|
|
docker-compose up -d
|
|
```
|
|
|
|
### MySQL
|
|
|
|
Same as SQLite, but using the docker-compose-mysql.yml file :
|
|
|
|
```bash
|
|
git clone https://git.rznet.fr/razian/http-badbots.git
|
|
cd http-badbots
|
|
vim docker-compose-mysql.yml
|
|
docker-compose -f docker-compose-mysql.yml up -d
|
|
```
|
|
|
|
### GeoIP
|
|
|
|
I use [geoipupdate](https://github.com/maxmind/geoipupdate)
|
|
|
|
## Usage
|
|
|
|
```
|
|
Usage of http-badbots:
|
|
--db string
|
|
Path to SQLite database (default "./logs.db")
|
|
--geoip string
|
|
Path to GeoIP databases
|
|
--mysql_db string
|
|
MySQL database (default "httpbadbots")
|
|
--mysql_host string
|
|
MySQL host (default "localhost")
|
|
--mysql_pass string
|
|
MySQL password
|
|
--mysql_port string
|
|
MySQL port (default "3306")
|
|
--mysql_user string
|
|
MySQL username
|
|
--port string
|
|
Port to listen on (default "8080")
|
|
```
|
|
|
|
Here is an example haproxy config to protect some admin pages :
|
|
```
|
|
acl honeypot path_beg /ghost /login /admin /wp-admin /wp-login /auth /authentication /backend
|
|
use_backend http-badbots if honeypot
|
|
...
|
|
|
|
backend http-badbots
|
|
mode http
|
|
server http-badbots 127.0.0.1:8080 check
|
|
```
|
|
|
|
## License
|
|
|
|
http-badbots is licensed under the MIT License. See the [LICENSE](https://git.rznet.fr/razian/http-badbots/src/branch/main/LICENSE) file for more information.
|