Fake error is a small joke-script I wrote. It creates a generic Apache web-server page that lists random folders.

The script is designed to run on Apache webservers, but it could possibly be modifed to run on rival systems. The script uses random names, dates, and numbers. You can specify the names of the folders, and how many folders are listed on each page (an option for a random numbers is available). Sample code for MySQL error logging is included.

By : RobertDX

<?php
// Script Name: Fake Error
// Author: Robert Baird
/* Description:
Fake error is a small joke-script I wrote. It creates a generic Apache web-server page that lists random folders. The script is meant to be used in combination with a .htaccess file, so error pages are redirected to this script.

Lets say you have a protected folder on your website called "includes", instead of just denying the public access to this directoy, you can give them a fake page to look at. While they're there, you can be logging their IP address, the time, and how long they try to view the directory.

The script has some MySQL code (turned off by default), which can be customized to whatever type of database you prefer.

The script is designed to run on Apache webservers, but it could possibly be modifed to run on rival systems. The script reads a list of folder names from an array, creates random timestamps for the modification dates, and creates random folder sizes. You can specify the names of the folders, and how many folders are listed on each page (an option for a random number of folders is available).

See http://baremetal.com/gadgets/htaccess/ for help on setting up a .htaccess file.

Trademarked names such as Apache are held by Apache Software Foundation, code is copyrighted by Robert Baird.
*/

// This is the array of random folder names. If a name selected is longer than 23 characters it will be trunciated
$namelist = array("images", "documents", "programs", "utilities", "system folder", "publishing", "games");

// set the mininum number of folders to be created
$min = 2;

// set the maximum number of folders to be created
$max = 8;

/*
This is the mysql code I use on my server:

// connect to db
$db = mysql_connect("localhost", "username", "password");

// select the database
mysql_select_db("databasename", $db);

// program out the SQL INSERT
$sql = "INSERT INTO errors (time, ip, URI) VALUES (NOW(), '" . $_SERVER['REMOTE_ADDR'] . "', '" . $_SERVER['REQUEST_URI'] . "')";

// execute SQL command
$result = @mysql_query($sql);
*/

// nothing below this line needs to be modified normally

// this is a list of months to use in the random timestamp
$monthlist = array("Jan", "Feb", "Mar", "Apr", "May", "Jun", "Jul", "Aug", "Sep", "Oct", "Nov", "Dec");

// set $pos to the position of the "." in the URI
$pos = strpos($_SERVER['REQUEST_URI'], ".");

// if there is a "." a specific file has been attempted to be accessed
if ($pos) {

// create a new URI that removes the "." and everything after it
$newuri = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], "."));

// redirect to the new URI
header("Location: http://" . $_SERVER['SERVER_NAME'] . $newuri);
exit;

};

// set $pos to the position of the "?" in the URI
$pos = strpos($_SERVER['REQUEST_URI'], "?");

// if there is a "?" in the URI delete it and everything after it
if ($pos) {

// creating the new URI
$newuri = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], "?"));

// redirect to the new URI
header("Location: http://" . $_SERVER['SERVER_NAME'] . $newuri);
exit;

};

// if the current URI ends in a "/"
if ((strrpos($_SERVER['REQUEST_URI'], "/") + 1) == strlen($_SERVER['REQUEST_URI'])) {

// get rid of the trailing "/"
$newuri = substr($_SERVER['REQUEST_URI'], 0, strrpos($_SERVER['REQUEST_URI'], "/"));

// redirect to the new URI
header("Location: http://" . $_SERVER['SERVER_NAME'] . $newuri);
exit;

}

// the following HTML is default for the Apache webserver
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<TITLE>Index of <?php print($_SERVER['REQUEST_URI']); ?></TITLE>
</HEAD>
<BODY>
<H1>Index of <?php print($_SERVER['REQUEST_URI']); ?></H1>
<PRE>
<IMG SRC="http://<?php print($_SERVER['SERVER_NAME']); ?>/icons/blank.gif" ALT=" "> <A HREF="<?php print($_SERVER['REQUEST_URI']); ?>/?N=D">Name</A> <A HREF="<?php print($_SERVER['REQUEST_URI']); ?>/?M=A">Last modified</A> <A HREF="<?php print($_SERVER['REQUEST_URI']); ?>/?S=A">Size</A> <A HREF="<?php print($_SERVER['REQUEST_URI']); ?>/?D=A">Description</A>
<HR>
<IMG SRC="http://<?php print($_SERVER['SERVER_NAME']); ?>/icons/back.gif" ALT="[DIR]"> <A HREF="http://<?php print($_SERVER['SERVER_NAME']); ?>">Parent Directory</A> 10-Jun-2002 15:37 -
<?php

// run this loop a random number of times, using the $min and $max the user specified above
$a = rand($min,$max);
for ($i=0; $i < $a; $i++) {

// the name is a random name in the namelist
$name = array_rand($namelist);
$name = $namelist[$name];

// the month is a random month in the monthlist
$month = array_rand($monthlist);
$month = $monthlist[$month];

// the day is a random number from 1 to 30 (yes I know some months have 31 and 29 days, even 28 sometimes, but this isn't that elaborate of a script
$day = rand(1,30);

// the year is a random number from 1997 to 2002, you can expand this to go further back in time or into the future if you'd like
$year = rand(1997,2002);

// using the 24 hour timesystem the hour is a random number between 0 and 23
$hour = rand(0,23);

// minutes is a random number between 0 and 59
$minutes = rand(0,59);

// filesize is a random number between 1 and 999 (it could be larger in real life...)
$filesize = rand(1,999);

// if the random name selected is longer than 23 characters, cut it after the 23 character
if (strlen($name) > 23) {
$namecut = substr($name, 0, 23);
}

// for consistancy we use the name $namecut from now on for the cut name, even if it wasn't cut
else {
$namecut = $name;
}

// if $day only has one digit (1-9), add a preceding 0 to the number to match the format
if (strlen($day) == 1) {
$day = "0" . $day;
}

// same for the hour, add a 0 if it's only one digit in length
if (strlen($hour) == 1) {
$hour = "0" . $hour;
}

// same for the minutes, add a 0 if it's only one digit in length
if (strlen($minutes) == 1) {
$minutes = "0" . $minutes;
}

// if the file name did not take up all 23 characters, we need to add some space
if (strlen($name) != 23) {
$space = str_pad("", (23 - strlen($namecut)));
}

// again with the number padding, this time add two spaces to the filesize if its only one digit in length
if (strlen($filesize) == 1) {
$filesize = " " . $filesize;
}

// add only one space to the filesize if its already two digits in length
if (strlen($filesize) == 2) {
$filesize = " " . $filesize;
}

// construct the entire line
print("<IMG SRC=\"http://" . $_SERVER['SERVER_NAME'] . "/icons/folder.gif\" ALT=\"[DIR]\"> <A HREF=\"http://" . $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'] . "/" . $name ."\">$namecut</A>$space $day-$month-$year $hour:$minutes " . $filesize . "k<br>");

// go back to the start of the for-loop, recreate the random names and numbers, print out all the needed lines
}

?>
</PRE><HR>
<?php print($_SERVER["SERVER_SIGNATURE"]); ?></BODY></HTML>

DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

More Miscellaneous Code Articles
More By Codewalkers

blog comments powered by Disqus