apache-honeypot
~~~~~~~~~~~~~~~

It's a silly little package to get apache-spawned processes 
to look in the specified directory first on their execution
PATH.  There's a sample "wget" script which would alert the
host administrator that a breakin attempt is being done.

This should help with skiddies typically starting awstats or
phpbb2 compromise (less-than-recent versions of these do have
known remote exec vulnerabilities) -- running "wget" will
invoke our version.  This won't help against a smarter,
dedicated, or just aggravated types who would get silent
and then try e.g. "/usr/bin/wget", supposedly another day
from a different IP.

So you're advised to install mod_security to aid with HTTP
request filtering, or better yet, implement site policy 
which would at least inhibit the public availability of
such broken scripts there.

Good luck, anyways.

-- 
Michael Shigorin <mike@altlinux.org>
