3

Being the paranoid user I am. I always think I have an infected computer with trojans or malware or prying eyes to my work computer. I was wondering is there a service that lets you create a honey pot URL to collect user's IP + other browser data once the user visits the page and then email you once that page is accessed?

My main goal is to leave a text file on my desktop labeled "personal_stuff.txt" and in that text file will be a URL to somewhere and once someone visits it, I will get emailed with their IP address and other data associated with it. From there I can tell if my computer gets infected and take appropriate actions.

Patoshi パトシ
  • 195
  • 8
  • 4
    What makes you think malware is going to open a file on your desktop and go to the URL in it? – AlexH Jul 01 '15 at 16:12
  • 1
    This is like putting a phone number in an envelope on the kitchen counter, marking that envelope "personal stuff", and then waiting for a burglar to call that number. Even if your house does get robbed, chances are they're going to be too busy taking your TV, stereo, jewelry and other stuff to even notice the envelope let alone care enough to call the number inside. – Iszi Jul 01 '15 at 16:38
  • what if the file was labeled: "Bitcoin Passwords" – Patoshi パトシ Jul 01 '15 at 21:23

1 Answers1

2

Every website collects IP and browser information - all you need to do is set up a free server on a free hosting service and check the logs. Technologically, there is no service because it is trivial.

Your implementation of how the URL is discovered is going to be an issue. The Internet is full of crawlers looking for websites, so you are going to get a lot of hits in your logs. What you need is a username/password and a password protected service to use.

This concept is called a "Honey User". You can set this up on any service (Gmail?). Just make sure that you don't use the Honey User account for any other purpose. Google account services has some level of logging of when and where the account was accessed from, if it was accessed from a new location, etc. But, choose the service that meets your needs.

You can put the credentials in password files, your browser's password cache, etc, so that when an attacker goes for those high-value targets, they are more likely to discover the Honey User account.

schroeder
  • 129,372
  • 55
  • 299
  • 340