> pictools > doc > tarpit
> pictools > doc > tarpit
Pictools: Driver Pages
V3.3 (428)
Handles url requests for known vulnerabilities; not gentle
usage, in PHP code: include "tarpit.php"

(In urlHandler, fail() passes "tarpit.php" to succeed() which passes it to mimetype:sendpage, which makes it the reply.)

Webscum continuously probe all sites, sending requests for pages that are known entry points for exploitation. This summer the most popular have been /blog/, /wp/, /wordpress/, xmlrpc.php, and /wp-login.php. To these and simiilar requests urlHandler replies by sending page tarpit.php. Before responding, this page pauses for about ten seconds. This occupies a few resources on the villain's client. After the pause, tarpit.php sends a reply page with some boilerplate and a single link to click on. Naive web crawlers may follow this link, consuming even more of their resources.

Here is one instance of the tarpit response:

Welcome to physpics.com's /wp-login.php

Your are visitor number 13!

Please click here.

The link is live. Click it to experience the delay for yourself.

Copyright © 2018 ZweiBieren, All rights reserved. Dec 20, 2018 12:18 GMT Page maintained by ZweiBieren