How to use this?

[ribtoks]

Hi

Thank you for this awesome project!

It really looks cool, but what are the actual use-cases? Is it a protection against "AI bots"? If yes, how exactly would you recommend to use it?

Thank you

[ginger51011]

Hi!

The use case is usually to annoy web scrapers looking for security issues or leaked secrets by scanning some paths on your website.

For example, /wp-login.php is used to checked if the site is using wordpress, /.env is used for leaked environment variables (perhaps a database password or API token?) etc.

Usually paths that should not be scanned is published in /robots.txt. The point of HellPot and friends is to serve enough data to crash web scrapers not respecting that file.

[ribtoks]

@ginger51011 Thank you for the explanation. I understand that point, I meant more "how to use it with existing application", because HellPot seems to be quite self-standing. Do you intend to have a bunch of route redirects on "nginx level" (or other proxy) to the HellPot's process, running alongside? Or is there a better intended way to make use of it?

[ginger51011]

You can use it without a reverse proxy in front of it, but then you likely just have a whole hellhole website. Funny, but perhaps not the common use case. You kind of need a real website as bait.

There are some configuration options in the README for nginx/apache I think, so yes you basically add some paths like /.env, /.git to redirect to HellPot, the rest just serving your website.

[ribtoks]

All right, thank you!