Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Honeypot Processors: Hidden Link Processor

    When trying to exploit a site, hackers will often scan the contents of the site in search of directories and files that are of interest. Because this activity is done at the source level, the hacker finds every file referenced, whereas when a user views a website, they can only see the links that are visible according to the HTML. This processor injects a fake link into documents that references a file that looks interesting. The link is injected in such a way that prevents it from being rendered when the browser loads the page. This means that no normal user would ever find/click on the link, but that a scanner or hacker who is looking at the source code likely will.

    Table 1: Hidden Link Processor Configuration Parameters

    Parameter

    Type

    Default Value

    Description

    Basic

    Processor Enabled

    Boolean

    True

    Whether traffic should be passed through this processor.

    Advanced

    Hidden Links

    Configurable

    Hidden Links

    The set of hidden links that can be injected into the site.

    Inject Link Enabled

    Boolean

    True

    Whether to inject the link into HTTP responses.

    Incident: Link Directory Indexing

    Boolean

    True

    The user requested a directory index on one of the fake parent directories of the linked file.

    Incident: Link Directory Spidering

    Boolean

    True

    The user requested a resource inside the fake directory of the linked file.

    Incident: Malicious Resource Request

    Boolean

    True

    The user requested the fake linked resource.

    Published: 2015-02-04