# RomanAILabs Honeypot Copyright RomanAILabs - Daniel Harding This directory contains a defensive honeypot layer intended to identify, redirect, and log unauthorized reconnaissance and automated probing. The public website remains untouched; the trap surface is isolated to decoy files, redirect endpoints, and logging handlers. ## Included surfaces - Decoy environment files - Fake configuration and JSON endpoints - WordPress-style trap pages - Redirect-based admin and API decoys - Tarpit and fake error handlers - Logging support in honeypot_access.log ## Notes - Do not use these files as production configuration. - Unauthorized probes are treated as hostile activity and are logged. ## Operational flow - Trap pages and decoys now route through the shared logger in [honeypot_master.php](honeypot_master.php). - Suspicious requests are classified as abusive when they target paths like wp-admin, wp-login, wp-config, install.php, xmlrpc, .env, ai.json, or similar reconnaissance patterns. - Each trap records a professional outcome such as “Successfully redirected to Interpol” or “Successfully tarpitted for 15.00 seconds”. - Daily reports are generated by [honeypot_report.php](honeypot_report.php) and emailed to romanailabs@gmail.com at 06:00 by cron. - Event storage is written under the hidden storage tree in [storage/honeypot](storage/honeypot), with a deny-all guard to keep the logs out of casual browsing. Example cron entry: - 0 6 * * * /usr/bin/php /home/rail/Documents/Honeypot/honeypot_report.php >/dev/null 2>&1 ## Files to upload to hosting Upload these files and folders as-is to the document root of the target site: - [honeypot_master.php](honeypot_master.php) - [honeypot_ai.php](honeypot_ai.php) - [honeypot_report.php](honeypot_report.php) - [install.php](install.php) - [wp-login.php](wp-login.php) - [wp-config.php](wp-config.php) - [fake-404.php](fake-404.php) - [slow-tarpit.php](slow-tarpit.php) - [wp-admin/install.php](wp-admin/install.php) - [handlers/redirector.php](handlers/redirector.php) - [api/ghost-api.php](api/ghost-api.php) - [storage](storage) ## Production hardening suggestions - Replace the PHP mail() path with SMTP/PHPMailer for reliable delivery. - Rotate and compress logs regularly. - Add a reverse-proxy or WAF rule to rate-limit repeated probes. - If you want stronger retention, move the storage directory outside the web root later.