Confusing script kiddies with random default server pages

Haicen

2022-01-08 17:58

Anyone who runs a server connected to the internet can tell you that they get hammered all day every day by bots. Sometimes, a human is poking at things looking for vulnerable applications. Quite a while ago, I created a simple php script to randomly pretend to be one of the 3 web servers (Apache, Nginx, IIS).

Due to copyright, I am not sharing the source code from the html page for IIS. They are pretty easy to find without downloading/installing the package. The NGINX source is available on Github I tried to find the one served by Apache2, but could not find the page I wanted. Fortunately, it happened to be available on one of my other servers so I just copied it over from there.

The php script is included below:

<?php // I'm not providing the iis_index.html file, but savvy users can figure out how to get a copy. // the other two are just the default pages you can find in either projects public code. // use case: confusing skids $i = rand(0, 2); switch ($i) { case 0: //echo "nginx"; include "nginx.html"; break; case 1: //echo "apache"; include "apache_index.html"; break; case 2: //echo "IIS"; include "iis_index.html"; break; } ?>