View difference between Paste ID: <a href="/6uSUKVbh">6uSUKVbh</a> and <a href="/TamkM8Tx">TamkM8Tx</a>

/*
1		/*
2		* .htaccess
3		*/
4		<FilesMatch "^honeypot_image.png$">
5		AddType application/x-httpd-php .png
6		</FilesMatch>
7
8		/*
9		* honeypot_image.png
10		*/
11		<?php
12		// We're an image. Really!
13		header("Content-type: image/png");
14
15		// Only do the logging for the desired IP.
16		if ($_SERVER['REMOTE_ADDR'] == "1.2.3.4") {
17
18		// Log file location - use pid as name.
19		$log = "path/to/log/" . getmypid() . ".log";
20
21		// When?
22		$result = date("d.m.Y H:i:s T") . "\n\n";
23
24		// From where?
25		$result .= "Client Port: {$_SERVER['REMOTE_PORT']}\n\n";
26
27		// Maybe whatever it is handles cookies, then it might have interesting session data
28		session_start();
29		$result .= "Current Session: " . print_r($_SESSION, true) . "\n\n";
30		// ... and interesting cookies, too. :)
31		$result .= "Cookies: " . print_r($_COOKIE, true) . "\n\n";
32
33		// Catch all running processes
34		$result .= shell_exec("ps aux") . "\n\n";
35
36	-	// Get all connections including handling processes. (Requires netstat to be run as root, a temporary suid root helps)
36	+	// Get all connections including handling processes.
37		// (Requires netstat to be run as root, a temporary suid root helps)
38		$result .= shell_exec("netstat -anp") . "\n\n";
39	-	// Grab the server status. If it's an apache process, we get the script that way. (needs mod_status)
39	+
40		// Grab the server status. If it's an apache process, we get the script that way.
41		// (needs mod_status)
42		$result .= shell_exec("lynx -dump http://1.2.3.4/server-status"). "\n\n";
43
44		// Write to disk.
45		file_put_contents($log, $result, FILE_APPEND);
46		}
47
48		// Didn't I say we're an image? :)
49		echo file_get_contents("the_real_image.png");