PHP.Hop - PHP Honeypot Project Web-based Deception Framework

What's that ??

• Opensource project
• Application-based low-level interaction honeypot
• Dealing with web threats

PHP HoP has already been used to :

• Fool different kind of web attackers (audit tools, manual hax0rs...)
• Create real statistics about the first top10 commands used by an intruder
• Steal malware (PHP, C, Perl) that attackers wanted to upload
• Identify evil behaviours and learn about current web threats

---

Some news:

• 22 march 2006 - a new 0-day defense technique against web worms and security scanners has been added for PHP HoP, it's named HiP-HoP ("HiP" means "Hackers in Paradise" because they'll think that everything is open to hack...)
• 20 march 2006 - first public version
• 15 march 2006 - PHP HoP presented in Washington state, USA (Honeynet Workshop)
• february 2006 - new internal versions developped (Rstack.org and French Honeynet)
• year 2005 - lot of test of web based decoy technologies : decision to create one main tool with all of our tiny tests (Rstack.org)

---

Team:

• Francois.ROPERT (at) supinfo.com - Francois ROPERT (devel)
• jamesr (at) europe.com - Jamie Riden (devel)
• oudot (at) rstack.org - Laurent Oudot (creator - devel)

---

More information about the project (PDF)

---

Download current public version of PHP.HoP

---

Ezekiel 25:17. "The path of the righteous man is beset on all sides by the inequities of the selfish and the tyranny of evil men. Blessed is he who, in the name of charity and good will, shepherds the weak through the valley of darkness, for he is truly his brother's keeper and the finder of lost children. And I will strike down upon thee with great vengeance and furious anger those who attempt to poison and destroy my brothers. And you will know my name is the Lord when I lay my vengeance upon you."