mohrt
February 17th, 2012, 07:17 PM
I get thousands of HTTP requests hunting for mysqladmin setup scripts, etc. It would be nice to throw them into the ufw deny list upon a probe to one of these files.
So, I'd like to make a honeypot PHP script that simply adds a client's IP address to the ufw deny list. Has anyone made something like this? The biggest hurdle would be getting the IP address added to ufw from PHP, and getting that list to survive a system restart. PHP obviously doesn't run as root, so an intermediary step may be necessary, such as storing a list of IPs, and a separate cron job checks this list and adds them to the ufw deny rules. The list also needs to be part of the ufw startup ruleset. Anyways, if someone has done this please point the way, thanks!
So, I'd like to make a honeypot PHP script that simply adds a client's IP address to the ufw deny list. Has anyone made something like this? The biggest hurdle would be getting the IP address added to ufw from PHP, and getting that list to survive a system restart. PHP obviously doesn't run as root, so an intermediary step may be necessary, such as storing a list of IPs, and a separate cron job checks this list and adds them to the ufw deny rules. The list also needs to be part of the ufw startup ruleset. Anyways, if someone has done this please point the way, thanks!