Overview

WebLabyrinth - A simple tool that creates a maze of bogus web pages to 
confuse web scanners. It's main goal is to delay and occupy malicious 
scanners that scan websites in order for incident handlers to detected 
and respond to them before damage is done.

WebLabyrinth code Copyright (c) 2010, Ben Jackson and Mayhemic Labs -
bbj@mayhemiclabs.com. All rights reserved.

Dissociated Press functions based off of David Pascoe-Deslauriers' 
<dpascoed@csiuo.com> dissociatedpress class. Copyright 2000-2009 
David Pascoe-Deslauriers. All rights reserved.

Original Dissociated Press code available at 
http://www.csiuo.com/drupal/node/13

PREREQUISITES

* Apache
* mod_rewrite
* PHP
* sqlite
* PHP sqlite extension
* PHP mail() support

SETUP AND CONFIGURATION

Configuration is broken up into two parts, setting up the web 
application, and configuring the database. First, copy all the files in 
a web accessible directory and edit the config.inc.php to reflect the 
directory name. If you installed it as /labyrinth, it should be all set. 

Next, you also need to create a .htaccess file in the same directory 
as the installation. There is an example in EXAMPLE.htaccess, built 
with theassumption that you have WebLabyrinth installed in a web path 
called /labyrinth and the index.php file has not been renamed. The only two 
variables in the .htaccess that should ever need to be changed is 
RewriteBase which should be the web path that WebLabyrinth is installed
in and RewriteRule which is the web path that the main index.php file
is located. 

Finally, you need to configure the database. This database should be
installed in a non web accessible directory. The directory should both 
readable and writeable by the Apache user. The SQL script to create the
database is labyrinth.sql. The following commands do this on my (Debian) 
system:

 	mkdir /opt/weblabyrinth/
 	cat labyrinth.sql | sqlite /opt/weblabyrinth/labyrinth.db
	chown -R www-data:www-data /opt/weblabyrinth

Once the database is created, edit the config.inc.php 'tracking_db'
variable to point to your freshly created database.

ALERTING

One of the new features (as of the 0.3 branch) is the ability to generate 
alerts if a crawler reaches a certain level. The two ways weblabyrinth can
do this is by generating an e-mail or by generating text that an IDS system
can trigger on. All of these options are controlled in the config.inc.php
file. If you use snort, the following rule should generate an alert if the 
word used by default is found.

alert tcp any 80 -> any any (content:"honorificabilitudinitatibus"; msg: "WebLabyrinth alert keyword detected";)

By default the system will generate an alert if the crawlers get three 
levels deep within the labyrinth. The system will generate the alert maximum
once an hour for an ongoing scan. 

NOTE ABOUT APACHE

Please note that you may need to reconfigure apache to allow .htaccess
files to control configuration options. This is done in the apache site's
configuration file (/etc/apache2/sites-available/<your site here>). Below 
is an example from my installation on a Debian server:

<Directory /var/www/labyrinth>
	Options Indexes FollowSymLinks MultiViews
	AllowOverride FileInfo Options
	Order allow,deny
	allow from all
</Directory>

The "AllowOverride FileInfo Options" is the important bit. Remember to 
restart Apache when you're done.