Setting up filtering code
The easiest and most convenient method for installing a filter on a website is to download a ready-made filtering file. It will be generated for you automatically depending on the selected settings.
What are target and dummy sites?
Target and dummy sites can be presented as file, domain or URL.
- Target site, sometimes called the "black" site - this is your valuable resource that we need to show real visitors and hide from bots, spammers and intruders.
- Dummy site also known as "white" site - it is a resource that cybercriminals and bots see instead of the target site. This could be a fake site, an error page, a third-party resource, or a honeypot.
Website working methods
You can choose your method of work for the target and dummy sites. The service will automatically generate the optimal file for you, depending on the selected method.
Redirect by link
The visitor will be redirected to the link you specified. You need to specify the full URL in the site field to make this method working. You can change links on the fly without downloading a new file.
Redirect by link via separate page
The visitor will be redirected to the link you specified and shown a redirect page. The page displays a message about checking the user's browser. This technique allows you to fool attackers who parse the Location headers.
Redirect by link and glue domain
The visitor will be redirected to the link you specified using the 301 Moved Permanently header. It is believed that this way search engines will show your target domain in search results, and not the filter domain. A normal redirect uses the 302 Found header.
Open the file with the name specified
The script will open a file located on the server using the include PHP method. In the site field, you must specify the name of the file, if it is located in the same folder as the script, or the full path to the file. You can change this name on the fly in campaign settings without downloading a new file.
Do not use standard filenames: target.php, dummy.php, black.php, white.php, bl.php, wh.php, w.php or b.php - to prevent an attacker from gaining access to your site with a simple search. If no file name is specified, black-index.php and white-index.php are used for the target and dummy sites, respectively.
Show the link in the iframe
The visitor will see an iframe inside which your target or dummy site will open. You need to specify the full URL in the site field to make this method working. You can change links on the fly in campaign settings without downloading a new file.
Make sure your site does not contain elements that are blocked when running inside an iframe. For example, requests for location or access to peripheral devices.
Show the contents by the link
The script will make a CURL request for the specified link and show its content to the visitor. You need to specify the full URL in the site field to make this method working. You can change links on the fly in campaign settings without downloading a new file.
The request can be sent using either the GET method or the POST method. Both content display and 301/302 redirection are supported. The request is made to the URL specified in the settings, additional GET and POST parameters are sent to this address.
Make sure that all resources used in the server response (images, scripts, styles, forms) have absolute paths with domain. The script will not parse requests to third-party paths and show the whole site - this feature requires a proxy.
Show the contents by the link with base replacement
It works like the previous option, but it automatically replaces all the paths of images, styles, scripts and forms through the base href attribute in the site header. In this case, it is not necessary to use absolute resource paths, relative paths will also work well. Sometimes
Build into WordPress
You can embed your filter directly into your WordPress site. To install, disable WordPress updates and upload the index.php file to the server instead of the same WordPress file.
Important! You cannot use WordPress on both the target and the dummy sites at the same time, you'll just have one site open. Use different working methods for the target and dummy sites.
A WordPress site is the perfect way to create a honeypot. From the point of view of an attacker, this is a completely legitimate site, which is also subject to classic hacking techniques. Do not forget to leave realistic contacts and information on the dummy site so that attackers do not try to dig deeper and be satisfied with getting to this resource.