Fake error is a small joke-script I wrote. It creates a generic Apache web-server page that lists random folders.

The script is designed to run on Apache webservers, but it could possibly be modifed to run on rival systems. The script uses random names, dates, and numbers. You can specify the names of the folders, and how many folders are listed on each page (an option for a random numbers is available). Sample code for MySQL error logging is included.

By : RobertDX

<?php
// Script Name: Fake Error
// Author: Robert Baird
/* Description:
Fake error is a small joke-script I wrote. It creates a generic Apache web-server page that lists random folders. The script is meant to be used in combination with a .htaccess file, so error pages are redirected to this script.

Lets say you have a protected folder on your website called "includes", instead of just denying the public access to this directoy, you can give them a fake page to look at. While they're there, you can be logging their IP address, the time, and how long they try to view the directory.

The script has some MySQL code (turned off by default), which can be customized to whatever type of database you prefer.

The script is designed to run on Apache webservers, but it could possibly be modifed to run on rival systems. The script reads a list of folder names from an array, creates random timestamps for the modification dates, and creates random folder sizes. You can specify the names of the folders, and how many folders are listed on each page (an option for a random number of folders is available).

See http://baremetal.com/gadgets/htaccess/ for help on setting up a .htaccess file.

Trademarked names such as Apache are held by Apache Software Foundation, code is copyrighted by Robert Baird.
*/

// This is the array of random folder names. If a name selected is longer than 23 characters it will be trunciated
$namelist = array("images", "documents", "programs", "utilities", "system folder", "publishing", "games");

// set the mininum number of folders to be created
$min = 2;

// set the maximum number of folders to be created
$max = 8;

/*
This is the mysql code I use on my server:

// connect to db
$db = mysql_connect("localhost", "username", "password");

// select the database
mysql_select_db("databasename", $db);

// program out the SQL INSERT
$sql = "INSERT INTO errors (time, ip, URI) VALUES (NOW(), '" . $_SERVER['REMOTE_ADDR'] . "', '" . $_SERVER['REQUEST_URI'] . "')";

// execute SQL command
$result = @mysql_query($sql);
*/

// nothing below this line needs to be modified normally

// this is a list of months to use in the random timestamp
$monthlist = array("Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec");

// set $pos to the position of the "." in the URI
$pos = strpos($_SERVER['REQUEST_URI'], ".");

// if there is a "." a specific file has been attempted to be accessed
if ($pos) {

// create a new URI that removes the "." and everything after it
$newuri = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], "."));

// redirect to the new URI
header("Location: http://" . $_SERVER['SERVER_NAME'] . $newuri);
exit;

};

// set $pos to the position of the "?" in the URI
$pos = strpos($_SERVER['REQUEST_URI'], "?");

// if there is a "?" in the URI delete it and everything after it
if ($pos) {

// creating the new URI
$newuri = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], "?"));

// redirect to the new URI
header("Location: http://" . $_SERVER['SERVER_NAME'] . $newuri);
exit;

};

// if the current URI ends in a "/"
if ((strrpos($_SERVER['REQUEST_URI'], "/") + 1) == strlen($_SERVER['REQUEST_URI'])) {

// get rid of the trailing "/"
$newuri = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], "/"));

// redirect to the new URI
header("Location: http://" . $_SERVER['SERVER_NAME'] . $newuri);
exit;

}

// the following HTML is default for the Apache webserver
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<TITLE>Index of <?php print($_SERVER['REQUEST_URI']); ?></TITLE>
</HEAD>
<BODY>
<H1>Index of <?php print($_SERVER['REQUEST_URI']); ?></H1>
<PRE>
<IMG SRC="http://<?php print($_SERVER['SERVER_NAME']); ?>/icons/blank.gif" ALT=" "> <A HREF="<?php print($_SERVER['REQUEST_URI']); ?>/?N=D">Name</A> <A HREF="<?php print($_SERVER['REQUEST_URI']); ?>/?M=A">Last modified</A> <A HREF="<?php print($_SERVER['REQUEST_URI']); ?>/?S=A">Size</A> <A HREF="<?php print($_SERVER['REQUEST_URI']); ?>/?D=A">Description</A>
<HR>
<IMG SRC="http://<?php print($_SERVER['SERVER_NAME']); ?>/icons/back.gif" ALT="[DIR]"> <A HREF="http://<?php print($_SERVER['SERVER_NAME']); ?>">Parent Directory</A> 10-Jun-2002 15:37 -
<?php

// run this loop a random number of times, using the $min and $max the user specified above
$a = rand($min,$max);
for ($i=0; $i < $a; $i++) {

// the name is a random name in the namelist
$name = array_rand($namelist);
$name = $namelist[$name];

// the month is a random month in the monthlist
$month = array_rand($monthlist);
$month = $monthlist[$month];

// the day is a random number from 1 to 30 (yes I know some months have 31 and 29 days, even 28 sometimes, but this isn't that elaborate of a script
$day = rand(1,30);

// the year is a random number from 1997 to 2002, you can expand this to go further back in time or into the future if you'd like
$year = rand(1997,2002);

// using the 24 hour timesystem the hour is a random number between 0 and 23
$hour = rand(0,23);

// minutes is a random number between 0 and 59
$minutes = rand(0,59);

// filesize is a random number between 1 and 999 (it could be larger in real life...)
$filesize = rand(1,999);

// if the random name selected is longer than 23 characters, cut it after the 23 character
if (strlen($name) > 23) {
$namecut = substr($name, 0, 23);
}

// for consistancy we use the name $namecut from now on for the cut name, even if it wasn't cut
else {
$namecut = $name;
}

// if $day only has one digit (1-9), add a preceding 0 to the number to match the format
if (strlen($day) == 1) {
$day = "0" . $day;
}

// same for the hour, add a 0 if it's only one digit in length
if (strlen($hour) == 1) {
$hour = "0" . $hour;
}

// same for the minutes, add a 0 if it's only one digit in length
if (strlen($minutes) == 1) {
$minutes = "0" . $minutes;
}

// if the file name did not take up all 23 characters, we need to add some space
if (strlen($name) != 23) {
$space = str_pad("", (23 - strlen($namecut)));
}

// again with the number padding, this time add two spaces to the filesize if its only one digit in length
if (strlen($filesize) == 1) {
$filesize = " " . $filesize;
}

// add only one space to the filesize if its already two digits in length
if (strlen($filesize) == 2) {
$filesize = " " . $filesize;
}

// construct the entire line
print("<IMG SRC=\"http://" . $_SERVER['SERVER_NAME'] . "/icons/folder.gif\" ALT=\"[DIR]\"> <A HREF=\"http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'] . "/" . $name ."\">$namecut</A>$space $day-$month-$year $hour:$minutes " . $filesize . "k<br>");

// go back to the start of the for-loop, recreate the random names and numbers, print out all the needed lines
}

?>
</PRE><HR>
<?php print($_SERVER["SERVER_SIGNATURE"]); ?></BODY></HTML>

DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

More Miscellaneous Code Articles
More By Codewalkers

 

developerWorks - FREE Tools!

Be the first to hear about i5/OS V6R1! Hold your calendar on January 30, 2008 for this free webcast on the new i5/OS. Rational's Enterprise Modernization products will be discussed at this webcast as they help to drive the application development environment for this new System i OS. <br />And learn how i5/OS will take you to the next step of efficient, resilient business processing. You will hear about the new i5/OS capabilities as it will be the most significant i5/OS release in years. If you cannot join the webcast on 1/30/08 you can still use this link to listen to the replay.<br /> FREE! Go There Now!

NEW! BlammoSplat: Build a community Web site of OpenLaszlo animations, Part 3: The community animation Learn to enable users to both rate existing animations and to combine existing animations into new snippets. This is the third in a series of three tutorials that chronicle the building of a site that enables collaborative discussion and animation building using Domino and OpenLaszlo. FREE! Go There Now!

NEW! Download IBM WebSphere Portal V6.1 beta code Download the IBM WebSphere Portal V6.1 beta code and learn more about the rich features and enhancements in IBM WebSphere Portal V6.1. WebSphere Portal provides a composite application or business mashup framework and the advanced tooling needed to build flexible, SOA-based solutions, and scalability to meet the needs of any size organization. FREE! Go There Now!

NEW! Improve your build process with IBM Rational Build Forge, Part 2: Automate builds for a real-world Tomcat project Learn how Rational Build Forge can extend a simple compile and package build process by adding customization and deployment capability. Go from a manual method to automating: checking for code changes; getting the latest source; compiling and packaging; customizing; copying to and restarting a deployment server; and sending e-mail notification that a new version is available. FREE! Go There Now!

NEW! Info 2.0: Harnessing the power of Web 2.0 and Enterprise Mashups Listen to this webcast to get an overview of Info 2.0 and a technical demo of how to quickly build an enterprise mashup. IBM's Info 2.0 technology leverages emerging Web 2.0 technologies such as mashups, feeds, AJAX, and JSON in order to simplify assembly of information using feeds and services. Come learn about the technical elements of Info 2.0 including the Feed Generation framework, Mashup Engine, and mashup assembly components. Learn how to pull information from databases, departmental information, and the Web to create mashups critical to your company’s success. We will also discuss best practices to help you get started. FREE! Go There Now!

NEW! Trial download: IBM Rational Functional Tester V7.0.1 Get a free trial download of the latest version of IBM Rational Functional Tester V7.0.1. Rational Functional Tester is an automated functional and regression testing solution for QA teams concerned with the quality of their Java, Microsoft Visual Studio .NET, and Web-based applications. FREE! Go There Now!

NEW! Understanding Web application security challenges As businesses grow increasingly dependent upon Web applications, these complex entities grow more difficult to secure. Most companies equip their Web sites with firewalls, Secure Sockets Layer (SSL), and network and host security, but the majority of attacks are on applications themselves – and these technologies cannot prevent them. This paper explains what you can do to help protect your organization, and it discusses an approach for improving your organization’s Web application security. FREE! Go There Now!

NEW! Webcast: Accelerating Software Innovation with System z Attend this launch webcast with Scott Hebner, Vice President of IBM Rational Marketing and Strategy, where he will overview Rational’s new offerings and programs to help customers accelerate software innovation on System z. He will discuss how these solutions help organizations extend their core business processes toward modern architectures such as SOA and web technologies to deliver business improvements that stand the test of time. FREE! Go There Now!

NEW! Webcast: Eclipse: Empowering the universal platform The Eclipse community is constantly working to extend Eclipse's functionality. In this webcast, learn about some of the most important and feature-rich projects under development. From multi-language support to plug-in development, tune in to see what Eclipse is capable of now. FREE! Go There Now!

NEW! Webcast: IBM Rational Build Forge - Beyond the Build The discipline of assembling and delivering software is maturing beyond standard developer-centric compile/test software builds. The end-to-end software development lifecycle is emerging as the new focus moves “Beyond the Build.” Join this on demand webcast to learn about methods for streamlining software delivery and key capabilities of the IBM Rational Build Forge framework for automating build and release management in environments of any size. FREE! Go There Now!

All FREE IBM® developerWorks Tools!