Phillipp

Phillipp

Suspicidy - Detect suspicious web requests

Hello,

I just published version 0.1.0 of Suspicidy. It aims to detect suspicious web requests made by crawlers.

It all started when I naively set up prometheus_ex and its companion package for Plug to have rich request metrics in Grafana. It was quickly filled up with random requests made by crawlers who searched for .env files, config files, database dumps, and even bitcoin wallets. In the end, it took my Prometheus server down after executing a rather complex query.

I set up some honeypots to collect all activities that are made from these crawlers and up to this point, collected almost 800 unique paths that were called by them.

Currently, Suspicidy only matches on these collected paths and tells you whether a given path is suspicious or not.

For the future, I would like to implement checks by certain patterns to gain a bit more coverage and maybe also check some other data like user-agent or request headers.

I also plan to publish my honeypot application and the collected data.

You can find Suspicidy here:
https://github.com/suspicidy/suspicidy

Not sure how helpful this will be in a real production environment where one could just ignore all request paths that are not defined by the application but it’s definitely a fun project.

Most Liked

Phillipp

Phillipp

I just pushed my honeypot logs to a separate repository. In case someone wants to do any analysis on it.

https://github.com/suspicidy/dataset

Phillipp

Phillipp

I update the dataset every few days. If anyone does some analysis on it, please let me know, I am very interested in the results.

Where Next?

Popular in Announcing Top

mischov
import Meeseeks.CSS html = HTTPoison.get!("https://news.ycombinator.com/").body for story <- Meeseeks.all(html, css("tr.athing")) do...
New
Crowdhailer
The latest release of Ace (0.10.0) includes serving content over HTTP/2. I have started writing a webserver to teach my self more about...
New
pkrawat1
Presenting Aviacommerce, open source e-commerce platform in Elixir Aviacommerce is an open source e-commerce platform in Elixir. We at...
New
tmbb
I’ve been working on two packages (not on hex.pm yet) to build admin interfaces for phoenix apps: bureaucrat - which contains a bunch ...
New
type1fool
WebAuthnLiveComponent WebAuthnComponents See this post about renaming the package. Passwordless authentication for Phoenix LiveView app...
New
nikokozak
Hello all, I’ve been working on Svonix - a library for quickly integrating Svelte components into Phoenix views. It’s a much-needed succ...
New
sbs
Only 650 LOC, wrote for fun :slight_smile: https://github.com/sunboshan/qrcode
New
ahamez
Hi everyone, I’ve been working on this protobuf library for 3 years. We use it in the company I work for, EasyMile, to communicate with ...
New
fuelen
Hey folks! Want to present a toolkit for writing command-line user interfaces. It provides a convenient interface for colorizing text...
New
scohen
Lexical Lexical is a next-generation language server for the Elixir programming language. Features Context aware code completion As-you...
New

Other popular topics Top

sen
Hi All, I set a environment variables in dev.exs , like below code. when i start server, how can i set the ${enable} value? thanks. d...
New
New
chrismccord
As promised, the first release candidate of Phoenix 1.3.0 is out! This release focuses on code generators with improved project structure...
New
skosch
To my knowledge, put_in, Map.update etc. all have the one limitation of not automatically creating intermediate keys when needed (for exa...
New
lessless
I believe there are people here who are dealing with CSV files import on the daily basis, and since Excel is a really popular tool there ...
New
JeremM34
Hello, how can I check the Phoenix version ? Thanks !
New
jerry
Good day to you all. I have been struggling to get a query involving like and ilike to work. Can anyone assist me on this, please? pro...
New
freewebwithme
Using vs code and installed ElixirLS: support and debugger. And I got an error popped up on start up says Failed to run ‘elixir’ comma...
New
nobody
Hi! In PHP: $_SERVER[‘SERVER_ADDR’] - in Elixir? Searched the docs for ip address and the web, no good results. Thanks!
New
AstonJ
We’ve put together this wiki for Phoenix LiveView - please feel free to add any info you feel is worth including. What is Phoenix LiveV...
New

We're in Beta

About us Mission Statement