How to use this?
Closed this issue · 4 comments
Hi
Thank you for this awesome project!
It really looks cool, but what are the actual use-cases? Is it a protection against "AI bots"? If yes, how exactly would you recommend to use it?
Thank you
Hi!
The use case is usually to annoy web scrapers looking for security issues or leaked secrets by scanning some paths on your website.
For example, /wp-login.php is used to checked if the site is using wordpress, /.env is used for leaked environment variables (perhaps a database password or API token?) etc.
Usually paths that should not be scanned is published in /robots.txt. The point of HellPot and friends is to serve enough data to crash web scrapers not respecting that file.
@ginger51011 Thank you for the explanation. I understand that point, I meant more "how to use it with existing application", because HellPot seems to be quite self-standing. Do you intend to have a bunch of route redirects on "nginx level" (or other proxy) to the HellPot's process, running alongside? Or is there a better intended way to make use of it?
You can use it without a reverse proxy in front of it, but then you likely just have a whole hellhole website. Funny, but perhaps not the common use case. You kind of need a real website as bait.
There are some configuration options in the README for nginx/apache I think, so yes you basically add some paths like /.env, /.git to redirect to HellPot, the rest just serving your website.
All right, thank you!