Fake error is a small joke-script I wrote. It creates a generic Apache web-server page that lists random folders.

The script is designed to run on Apache webservers, but it could possibly be modifed to run on rival systems. The script uses random names, dates, and numbers. You can specify the names of the folders, and how many folders are listed on each page (an option for a random numbers is available). Sample code for MySQL error logging is included.

By : RobertDX

<?php
// Script Name: Fake Error
// Author: Robert Baird
/* Description:
Fake error is a small joke-script I wrote. It creates a generic Apache web-server page that lists random folders. The script is meant to be used in combination with a .htaccess file, so error pages are redirected to this script.

Lets say you have a protected folder on your website called "includes", instead of just denying the public access to this directoy, you can give them a fake page to look at. While they're there, you can be logging their IP address, the time, and how long they try to view the directory.

The script has some MySQL code (turned off by default), which can be customized to whatever type of database you prefer.

The script is designed to run on Apache webservers, but it could possibly be modifed to run on rival systems. The script reads a list of folder names from an array, creates random timestamps for the modification dates, and creates random folder sizes. You can specify the names of the folders, and how many folders are listed on each page (an option for a random number of folders is available).

See http://baremetal.com/gadgets/htaccess/ for help on setting up a .htaccess file.

Trademarked names such as Apache are held by Apache Software Foundation, code is copyrighted by Robert Baird.
*/

// This is the array of random folder names. If a name selected is longer than 23 characters it will be trunciated
$namelist = array("images", "documents", "programs", "utilities", "system folder", "publishing", "games");

// set the mininum number of folders to be created
$min = 2;

// set the maximum number of folders to be created
$max = 8;

/*
This is the mysql code I use on my server:

// connect to db
$db = mysql_connect("localhost", "username", "password");

// select the database
mysql_select_db("databasename", $db);

// program out the SQL INSERT
$sql = "INSERT INTO errors (time, ip, URI) VALUES (NOW(), '" . $_SERVER['REMOTE_ADDR'] . "', '" . $_SERVER['REQUEST_URI'] . "')";

// execute SQL command
$result = @mysql_query($sql);
*/

// nothing below this line needs to be modified normally

// this is a list of months to use in the random timestamp
$monthlist = array("Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec");

// set $pos to the position of the "." in the URI
$pos = strpos($_SERVER['REQUEST_URI'], ".");

// if there is a "." a specific file has been attempted to be accessed
if ($pos) {

// create a new URI that removes the "." and everything after it
$newuri = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], "."));

// redirect to the new URI
header("Location: http://" . $_SERVER['SERVER_NAME'] . $newuri);
exit;

};

// set $pos to the position of the "?" in the URI
$pos = strpos($_SERVER['REQUEST_URI'], "?");

// if there is a "?" in the URI delete it and everything after it
if ($pos) {

// creating the new URI
$newuri = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], "?"));

// redirect to the new URI
header("Location: http://" . $_SERVER['SERVER_NAME'] . $newuri);
exit;

};

// if the current URI ends in a "/"
if ((strrpos($_SERVER['REQUEST_URI'], "/") + 1) == strlen($_SERVER['REQUEST_URI'])) {

// get rid of the trailing "/"
$newuri = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], "/"));

// redirect to the new URI
header("Location: http://" . $_SERVER['SERVER_NAME'] . $newuri);
exit;

}

// the following HTML is default for the Apache webserver
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<TITLE>Index of <?php print($_SERVER['REQUEST_URI']); ?></TITLE>
</HEAD>
<BODY>
<H1>Index of <?php print($_SERVER['REQUEST_URI']); ?></H1>
<PRE>
<IMG SRC="http://<?php print($_SERVER['SERVER_NAME']); ?>/icons/blank.gif" ALT=" "> <A HREF="<?php print($_SERVER['REQUEST_URI']); ?>/?N=D">Name</A> <A HREF="<?php print($_SERVER['REQUEST_URI']); ?>/?M=A">Last modified</A> <A HREF="<?php print($_SERVER['REQUEST_URI']); ?>/?S=A">Size</A> <A HREF="<?php print($_SERVER['REQUEST_URI']); ?>/?D=A">Description</A>
<HR>
<IMG SRC="http://<?php print($_SERVER['SERVER_NAME']); ?>/icons/back.gif" ALT="[DIR]"> <A HREF="http://<?php print($_SERVER['SERVER_NAME']); ?>">Parent Directory</A> 10-Jun-2002 15:37 -
<?php

// run this loop a random number of times, using the $min and $max the user specified above
$a = rand($min,$max);
for ($i=0; $i < $a; $i++) {

// the name is a random name in the namelist
$name = array_rand($namelist);
$name = $namelist[$name];

// the month is a random month in the monthlist
$month = array_rand($monthlist);
$month = $monthlist[$month];

// the day is a random number from 1 to 30 (yes I know some months have 31 and 29 days, even 28 sometimes, but this isn't that elaborate of a script
$day = rand(1,30);

// the year is a random number from 1997 to 2002, you can expand this to go further back in time or into the future if you'd like
$year = rand(1997,2002);

// using the 24 hour timesystem the hour is a random number between 0 and 23
$hour = rand(0,23);

// minutes is a random number between 0 and 59
$minutes = rand(0,59);

// filesize is a random number between 1 and 999 (it could be larger in real life...)
$filesize = rand(1,999);

// if the random name selected is longer than 23 characters, cut it after the 23 character
if (strlen($name) > 23) {
$namecut = substr($name, 0, 23);
}

// for consistancy we use the name $namecut from now on for the cut name, even if it wasn't cut
else {
$namecut = $name;
}

// if $day only has one digit (1-9), add a preceding 0 to the number to match the format
if (strlen($day) == 1) {
$day = "0" . $day;
}

// same for the hour, add a 0 if it's only one digit in length
if (strlen($hour) == 1) {
$hour = "0" . $hour;
}

// same for the minutes, add a 0 if it's only one digit in length
if (strlen($minutes) == 1) {
$minutes = "0" . $minutes;
}

// if the file name did not take up all 23 characters, we need to add some space
if (strlen($name) != 23) {
$space = str_pad("", (23 - strlen($namecut)));
}

// again with the number padding, this time add two spaces to the filesize if its only one digit in length
if (strlen($filesize) == 1) {
$filesize = " " . $filesize;
}

// add only one space to the filesize if its already two digits in length
if (strlen($filesize) == 2) {
$filesize = " " . $filesize;
}

// construct the entire line
print("<IMG SRC=\"http://" . $_SERVER['SERVER_NAME'] . "/icons/folder.gif\" ALT=\"[DIR]\"> <A HREF=\"http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'] . "/" . $name ."\">$namecut</A>$space $day-$month-$year $hour:$minutes " . $filesize . "k<br>");

// go back to the start of the for-loop, recreate the random names and numbers, print out all the needed lines
}

?>
</PRE><HR>
<?php print($_SERVER["SERVER_SIGNATURE"]); ?></BODY></HTML>

DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

More Miscellaneous Code Articles
More By Codewalkers

 

developerWorks - FREE Tools!

NEW! Build Web services with transport-level security using Rational Application Developer V7, Part 1: Build Web services and Web services clients Build secure Web services with transport-level security using IBM Rational Application Developer V7 and IBM WebSphere Application Server V6.1. Follow this three-part series for step-by-step instructions about how to develop Web services and clients, configure HTTP basic authentication, and configure HTTP over SSL (HTTPS). This first part of the series walks you through building a Web service for a simple calculator application. You generate and test two different types of Web services clients: a Java Platform, Enterprise Edition (Java EE) client and a stand-alone Java client. You also handle user-defined exceptions in Web services. FREE! Go There Now!

NEW! Develop Systems Software Assets with IBM Rational Asset Manager Join us for this on demand webcast to learn about developing complex systems more quickly and efficiently. We'll cover market drivers for developing, governing and reusing systems software assets and how you can develop system software assets with Rational Asset Manager. FREE! Go There Now!

NEW! IBM Enterprise Modernization Sandbox for System z: Architecture Analysts, architects, and developers who have existing COBOL or PL/I skills and want to extend those skills to deploy new workloads on the mainframe can use the IBM Enterprise Modernization Sandbox for System z to find hands-on walkthroughs of common real world scenarios. The scenarios provide examples of how to rapidly design, create, assemble, test, and deploy high-quality Web, Web services, portal, and SOA applications for IBM CICS, IBM IMS, and IBM WebSphere Application Server. FREE! Go There Now!

NEW! Info 2.0: Harnessing the power of Web 2.0 and Enterprise Mashups Listen to this webcast to get an overview of Info 2.0 and a technical demo of how to quickly build an enterprise mashup. IBM's Info 2.0 technology leverages emerging Web 2.0 technologies such as mashups, feeds, AJAX, and JSON in order to simplify assembly of information using feeds and services. Come learn about the technical elements of Info 2.0 including the Feed Generation framework, Mashup Engine, and mashup assembly components. Learn how to pull information from databases, departmental information, and the Web to create mashups critical to your company’s success. We will also discuss best practices to help you get started. FREE! Go There Now!

NEW! Krugle, developerWorks, and code search Ken Krugler, co-founder of code search company Krugle, and Laura Merling, vice president of Marketing and Business Development for Krugle, join to talk about the ins and outs of code search and what it means as a new feature for developerWorks users. FREE! Go There Now!

NEW! Rational Asset Manager eKit Learn how to do more with your reusable assets with the free Rational Asset Manager eKit. The eKit includes demos on how Rational Asset Manager tracks and audits your assets in order to utilize them for reuse. Plus you’ll find white papers and a Webcast that discuss the challenges of a Service Oriented Architecture and how Rational Asset Manager can provide quick and effective solutions. FREE! Go There Now!

NEW! Rational Talks to You:Per Kroll on Rational Method Composer Plug-in customization Join this Rational Talks to You teleconference on December 11 at 1:00 pm ET to get tips on building your own plugins with Rational Method Composer. Get your questions answered! FREE! Go There Now!

NEW! Using Rational Business Developer to enhance your developer productivity Join this Rational Talks to You teleconference, to hear how Enterprise Generation Language (EGL) eliminates the need for tedious and error-prone low level coding, so developers can focus on business requirements. EGL extends the Rational software development platform with a simplified programming language that enables developers who have little or no experience with Java, Web technologies or Service Oriented Architecture, to create enterprise-class applications and services quickly and easily. It also allows developers who may have little or no mainframe programming experience to quickly create traditional mainframe components. FREE! Go There Now!

NEW! Webcast: Application security testing and Web compliance Join the IBM Watchfire team for an informative discussion on techniques and best practices to proactively manage Web application security and how to effectively build application security testing into the software development lifecycle (SDLC). In this Software Delivery Platform webcast you will learn: How to better understand potential web application security vulnerabilities, best practices and how to effectively integrate application security testing into the software development lifecycle, the importance of detecting and removing software vulnerabilities during application development. FREE! Go There Now!

NEW! Webcast: Eclipse: Empowering the universal platform The Eclipse community is constantly working to extend Eclipse's functionality. In this webcast, learn about some of the most important and feature-rich projects under development. From multi-language support to plug-in development, tune in to see what Eclipse is capable of now. FREE! Go There Now!

All FREE IBM® developerWorks Tools!