#!/usr/bin/perl
###############################################################################
# Fake PHF v1.0 (970605) - by Daniel Lafraia (lafraia@urgentmail.com)
#
# Description:
# Shows to a hacker that is trying to crack your system via phf, that
# this CGI was not found and send a message to admin reporting
# information about the attempt such as IP Address (using Proxy or not),
# Host Name, Query String and finally date and time of the attempt.
#
# Installing:
# Just copy this file to your cgi-bin directory (usually /www/cgi-bin) and
# chmod it to executable. If someone try to do something like:
# http://www.yoursite.com/cgi-bin/phf?hack+stuff=to+grab+things
# you're going to be reported, try! Be sure that the filename is phf :)))
#
# Questions? Comments? Suggestions? E-mail me! :)
#
# Releases:
# 970605 - First release
###############################################################################

# Sendmail directory
$mailer='/usr/lib/sendmail';

# E-mail of person who's going to receive reports
$address="lafraia\@cpu.iron.com.br";

$date=`date`;
chop($date);
print "Content-type: text/html\n\n";
print <
File Not found
The requested URL /cgi-bin/phf was not found on this server.

EOM
open (out, "|$mailer $address") or die "Can't write a message";
 print out "To: $address\n";
 print out "From: $address\n";
 print out "Subject: phf report\n\n";
 print out "--------------------------------------------------------\n";
 print out "   Remote Host: $ENV{'REMOTE_HOST'}$ENV{'HTTP_X_FORWARDED_FOR'}\n";
 print out "   Remote IP: $ENV{'REMOTE_ADDR'}\n";
 print out "   Query String: $ENV{'QUERY_STRING'}\n";
 print out "   Date: $date\n";
 print out "--------------------------------------------------------\n";
 print out "Best Regards,\n  PHF Watchdog\n\nP.S. - Contact the admin of his/her provider!";
close (out);
exit;

# End of Fake PHF