Disadvantages of a fake phpMyAdmin honeypot that causes ip blacklisting and robots.txt disallow/exclusion of the honeypot?
Posted
by
Tchalvak
on Pro Webmasters
See other posts from Pro Webmasters
or by Tchalvak
Published on 2011-05-11T17:22:24Z
Indexed on
2012/12/15
5:24 UTC
Read the original article
Hit count: 237
I'm trying to figure out whether I should set up a honeypot system with a fake phpMyAdmin (site gets hits all the time with people spidering for insecurities with that app).
My thought was to create a honeypot php script that would mimic a phpMyAdmin login, and then blacklist ips that hit that url (and aren't already whitelisted). I would then add the appropriate urls to the robots.txt so that spiders that actually respect my robots.txt wouldn't be caught by the blacklist.
Are there disadvantages to this approach, do legit robots sometimes not respect robots.txt in certain circumstances, are there any problems with this that I should consider in advance?
© Pro Webmasters or respective owner