kfriend/gist:5048470

## gistfile1.php
<?php

/*
 * Simple Honeypot
 *
 * Takes request and stores the users IP, user-agent, and request into separate files. Useful
 * for logging requests to locations that no one should be poking around.
 *
 * To do:
 * 	- Add user-agent blocking
 */

// Debug flag
define('DEBUG', FALSE);

if ( ! DEBUG)
{
	error_reporting(0);
}

if (DEBUG) dump(array($_SERVER['REMOTE_ADDR'], $_SERVER['REQUEST_URI'], $_SERVER['HTTP_USER_AGENT']));

// Send 404
header("HTTP/1.0 404 Not Found");

// Echo 404 error
echo <<<EOS
<!doctype html>
<html lang="en">
<head>
	<meta charset="utf-8">
	<title>Error</title>
</head>
<body>
	<p>
		Something went wrong and your request couldn't be completed.
	</p>
</body>
</html>
EOS;

// Settings

// A file containing regex IP addresses to consider already "blocked." One per line
$blocked_ip_file = './blocked_ip.txt';

// A file containing regex URIs to consider "bad." One per line.
$blocked_uri_file = './blocked_uri.txt';

// A log containing all requests that should be reviewed occasionally
$review_file = './review.csv';

// Log of requests matching "bad" URIs
$log_file = './bad_uri_log.csv';

// Regex of IPs to ignore
$good_ip = '192\.168\.1\.';

// What to escape or remove
$escape = array('"', ',', "\n", "\r");
$escape_to = array('\"', '\,');

// Normalize request
$ip = $_SERVER['REMOTE_ADDR'];
$ua = str_replace($escape, $escape_to, $_SERVER['HTTP_USER_AGENT']);
$uri = str_replace($escape, $escape_to, $_SERVER['REQUEST_URI']);

// Exit if IP is white listed
if (preg_match("/{$good_ip}/", $ip)) exit;

// Get naughty IPs
$blocked_ip = '';

if (file_exists($blocked_ip_file))
{
	$blocked_ip = trim(str_replace(array("\n", '.'), array('|', '\.'), file_get_contents($blocked_ip_file)));
}

// Get naughty URIs
$blocked_uri = '';

if (file_exists($blocked_uri_file))
{
	$blocked_uri = trim(str_replace("\n", '|', file_get_contents($blocked_uri_file)));
}

// Compare requester IP to blocked list
if (preg_match("/({$blocked_ip})/", $ip))
{
	if (DEBUG) puts('Blocked IP!');

	// Don't do anything at this time as the IP has already been blocked.
}

// Compare requested URI to blocked list
elseif (preg_match("/({$blocked_uri})/", $uri))
{
	if (DEBUG) puts('Blocked URI!');

	// Add IP to blocked list
	file_put_contents($blocked_ip_file, "\n{$ip}", FILE_APPEND);

	// Log the request
	file_put_contents($review_file, "\nUA,{$ip},{$ua},{$uri}", FILE_APPEND);
	file_put_contents($log_file, "\nURI Request,{$ip},{$ua},{$uri}", FILE_APPEND);
}

else
{
	if (DEBUG) puts('New item for review');
	file_put_contents($review_file, "\nNew,{$ip},{$ua},{$uri}", FILE_APPEND);
}

// Debugging Functions
function dump($array, $format = FALSE)
{
	if ( ! empty($format))
	{
		echo '<hr>';
	}

	echo '<pre>';
	print_r($array);
	echo '</pre>';

	if ( ! empty($format))
	{
		echo '<hr>';
	}
}

function puts($string)
{
	echo $string.'<br />';
}
	<?php

	/*
	* Simple Honeypot
	*
	* Takes request and stores the users IP, user-agent, and request into separate files. Useful
	* for logging requests to locations that no one should be poking around.
	*
	* To do:
	* - Add user-agent blocking
	*/

	// Debug flag
	define('DEBUG', FALSE);

	if ( ! DEBUG)
	{
	error_reporting(0);
	}

	if (DEBUG) dump(array($_SERVER['REMOTE_ADDR'], $_SERVER['REQUEST_URI'], $_SERVER['HTTP_USER_AGENT']));

	// Send 404
	header("HTTP/1.0 404 Not Found");

	// Echo 404 error
	echo <<<EOS
	<!doctype html>
	<html lang="en">
	<head>
	<meta charset="utf-8">
	<title>Error</title>
	</head>
	<body>
	<p>
	Something went wrong and your request couldn't be completed.
	</p>
	</body>
	</html>
	EOS;

	// Settings

	// A file containing regex IP addresses to consider already "blocked." One per line
	$blocked_ip_file = './blocked_ip.txt';

	// A file containing regex URIs to consider "bad." One per line.
	$blocked_uri_file = './blocked_uri.txt';

	// A log containing all requests that should be reviewed occasionally
	$review_file = './review.csv';

	// Log of requests matching "bad" URIs
	$log_file = './bad_uri_log.csv';

	// Regex of IPs to ignore
	$good_ip = '192\.168\.1\.';

	// What to escape or remove
	$escape = array('"', ',', "\n", "\r");
	$escape_to = array('\"', '\,');

	// Normalize request
	$ip = $_SERVER['REMOTE_ADDR'];
	$ua = str_replace($escape, $escape_to, $_SERVER['HTTP_USER_AGENT']);
	$uri = str_replace($escape, $escape_to, $_SERVER['REQUEST_URI']);

	// Exit if IP is white listed
	if (preg_match("/{$good_ip}/", $ip)) exit;

	// Get naughty IPs
	$blocked_ip = '';

	if (file_exists($blocked_ip_file))
	{
	$blocked_ip = trim(str_replace(array("\n", '.'), array('\|', '\.'), file_get_contents($blocked_ip_file)));
	}

	// Get naughty URIs
	$blocked_uri = '';

	if (file_exists($blocked_uri_file))
	{
	$blocked_uri = trim(str_replace("\n", '\|', file_get_contents($blocked_uri_file)));
	}

	// Compare requester IP to blocked list
	if (preg_match("/({$blocked_ip})/", $ip))
	{
	if (DEBUG) puts('Blocked IP!');

	// Don't do anything at this time as the IP has already been blocked.
	}

	// Compare requested URI to blocked list
	elseif (preg_match("/({$blocked_uri})/", $uri))
	{
	if (DEBUG) puts('Blocked URI!');

	// Add IP to blocked list
	file_put_contents($blocked_ip_file, "\n{$ip}", FILE_APPEND);

	// Log the request
	file_put_contents($review_file, "\nUA,{$ip},{$ua},{$uri}", FILE_APPEND);
	file_put_contents($log_file, "\nURI Request,{$ip},{$ua},{$uri}", FILE_APPEND);
	}

	else
	{
	if (DEBUG) puts('New item for review');
	file_put_contents($review_file, "\nNew,{$ip},{$ua},{$uri}", FILE_APPEND);
	}

	// Debugging Functions
	function dump($array, $format = FALSE)
	{
	if ( ! empty($format))
	{
	echo '<hr>';
	}

	echo '<pre>';
	print_r($array);
	echo '</pre>';

	if ( ! empty($format))
	{
	echo '<hr>';
	}
	}

	function puts($string)
	{
	echo $string.'<br />';
	}