Detekce botnet? prost?ednictvím honeypot? s malou interakcí
24.03.2006
This paper describes a simple honeypot using PHP and emulating several vulnerabilities in Mambo and Awstats. We show the mechanism used to compromise the server and to download further malware. This honeypot is fail-safe in that when left unattended, the default action is to do nothing – though if the operator is present, exploitation attempts can be investigated. IP addresses and other details have been obfuscated in this version.