|
Tuesday, 12 June 2007 |
As everyone who has ever read my blog probably knows by know, I have noticed a large increase in the number of hack attempts upon my Joomla based site. I currently have a little fun with these hackers, and have decided to make my noindex page a bit of a honeypot experiment. In the recent zipfile I posted of strings these hackers use, as well as their scripts, I copied the strings and pasted them in the bottom of my noindex.html page. Then, I stuffed the page with Google ads (may as well try to make a buck off of them, huh?), and ran it through the QUIT indexing tool. Hopefully, my site's hack attempts will all be constrained to only my noindex.html page, rather than my actual site from now on.
Some friends of mine, as well as myself have been discussing measures to further mess with these would-be hackers. Don't get me wrong, I consider myself a hacker, but more of a white/greyhat, and not a cracker or defacer. We are eventually going to build a noindex page to rule them all, one that will do lots of fun things to the attacker's browser/script, hopefully shutting or slowing him/her down. Some ideas we have had include the following:
- Millions of popup windows, going to user chosen locations, like ads, affiliate sites, Goatse, etc...
- Refresh every x seconds, popping up all of the windows again
- Create a memory leak somehow
- Have the hacker's machine attempt to calculate Pi through their browser
- Use portions of other crash scripts from around the web
- Offer to install weather spyware, bonzi buddy, etc...
- The list goes on
The only problem is that I stink at PHP, as well as Java. I can do templates, but that is about the full extent of my web language abilities. Anybody have any ideas, or code you would like to contribute? If so, just leave a comment and we can get in touch. Otherwise, go to I-Hacked and submit a worthwhile article to get a free membership. Then, you can discuss the project in there with us.
|
