• Home
  • Get help
  • Ask a question
Last post 1 hour 16 min ago
Posts last week 82
Average response time last week 34 min
All time posts 68061
All time tickets 10515
All time avg. posts per day 20
Collected over 9 years 1 months 7 days and updated each hour automatically. Last updated 2024-05-14 13:18 UTC

Helpdesk is open from Monday through Friday CET

Please create an (free) account to post any question in the support area.
Please check the development versions area. Look at the changelog, maybe your specific problem has been resolved already!
All tickets are private and they cannot be viewed by anyone. We have made public only a few tickets that we found helpful, after removing private information from them.

#1545 – Feature request: redirect to honeypot

Posted in ‘sh404SEF’
This is a public ticket. Everybody will be able to see its contents. Do not include usernames, passwords or any other sensitive information.
Tuesday, 15 December 2015 19:46 UTC
jtechwebdev
Sometimes there are URL's that have a 99.9% change of coming from an automated hacker script, It would be nice to redirect these to a honeypot.

Since this is essentially a security enhancement, and could have people accidentally redirecting valid pages, it should have an additional confirmation question before creating.

common bad URLs found in the 404 lists
cgi-bin
wordpress
wp
phpmyadmin
wp-content
cgi-sys
cgi-mod
node_modules
testproxy.php
server/php/
html/webedit/
Wednesday, 16 December 2015 21:50 UTC
wb_weeblr
Hi

We already had that on our tracker for a while, however it's a bit low priority. We definitely will NOT add a preliminary question, as this would be totally overkill from my standpoint; Also, we didn't really plan on redirecting to a honeypot, but rather simply 403.
Basically, this would be one more input box on the security config tab: "URLs to 403", which would come pre-filled with the values you mention and some more.

As a side note, and certainly one of the reasons this never was done is because this is much better and much more efficiently done at web server lever (nginx config, apache .htaccess) and extensions such as Akeeba Admin tools already maintain and enforce such list.

Rgds
 
This ticket is closed, therefore read-only. You can no longer reply to it. If you need to provide more information, please open a new ticket and mention this ticket's number.