A server which open to the internet might be scanned or crawled by attackers We could trap them with honeypot endpoint like /login, /admin and etc.. in this endpoint we could: 1. Detect malicious IPs 2. Make them think they have achieved their goals 3. Attack the attackers to prevent the attack (for e.g. a path traversal honeypot might download a malicious file)
The implementation should be adding endpoints with common names (if a controller uses one - don't use it obviously). Some endpoints will generate HTML with hidden forms containing other honeypots to detect the attacker path.
Currently when I want to make something like that I'm adding those endpoints of my own, sometime even combine them hidden in the custom HTML.
Comment From: jzheaux
Thanks for the suggestions, @OfekRv. I think the idea of honeypots is clever, though perhaps too much of an art to place it inside a framework at this point.
Perhaps a RequestMatcher-based filter that fires a BadActorDetectedEvent would help applications accomplish 1. Like you pointed out, though, many honeypots want to issue a response (your 2 and 3), which Spring MVC is quite a bit better at than Spring Security.
I wonder what @rwinch's thoughts are on this one.
Comment From: rwinch
I'm going to close this as honey pots are beyond the scope of Spring Security