{"id":1496,"date":"2025-10-18T05:00:15","date_gmt":"2025-10-18T05:00:15","guid":{"rendered":"https:\/\/help.peacedoorball.blog\/ja\/?p=1496"},"modified":"2025-10-18T05:00:15","modified_gmt":"2025-10-18T05:00:15","slug":"%e3%83%8f%e3%83%8b%e3%83%bc%e3%83%9d%e3%83%83%e3%83%88%e3%81%a8%e3%81%af%e4%bd%95%e3%81%8b%e3%82%92%e7%90%86%e8%a7%a3%e3%81%99%e3%82%8b%e6%96%b9%e6%b3%95","status":"publish","type":"post","link":"https:\/\/help.peacedoorball.blog\/ja\/%e3%83%8f%e3%83%8b%e3%83%bc%e3%83%9d%e3%83%83%e3%83%88%e3%81%a8%e3%81%af%e4%bd%95%e3%81%8b%e3%82%92%e7%90%86%e8%a7%a3%e3%81%99%e3%82%8b%e6%96%b9%e6%b3%95\/","title":{"rendered":"\u30cf\u30cb\u30fc\u30dd\u30c3\u30c8\u3068\u306f\u4f55\u304b\u3092\u7406\u89e3\u3059\u308b\u65b9\u6cd5"},"content":{"rendered":"<p>\u30b5\u30fc\u30d0\u30fc\u304c\u7d76\u3048\u9593\u306a\u3044\u653b\u6483\u306e\u6a19\u7684\u306b\u306a\u3063\u3066\u3044\u308b\u5834\u5408\u3001\u7279\u306b\u30d5\u30a3\u30eb\u30bf\u30fc\u306a\u3057\u3067\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u306b\u76f4\u63a5\u63a5\u7d9a\u3055\u308c\u3066\u3044\u308b\u3068\u3001\u3042\u3089\u3086\u308b\u7a2e\u985e\u306e\u81ea\u52d5\u5316\u3055\u308c\u305f\u7121\u610f\u5473\u306a\u653b\u6483\u306b\u898b\u821e\u308f\u308c\u308b\u306e\u306f\u907f\u3051\u3089\u308c\u307e\u305b\u3093\u3002\u3053\u308c\u3089\u306f\u6a19\u7684\u578b\u653b\u6483\u3067\u306f\u306a\u304f\u3001\u30dc\u30c3\u30c8\u304c\u5e83\u7bc4\u56f2\u306eIP\u7a7a\u9593\u3092\u30b9\u30ad\u30e3\u30f3\u3057\u3001\u958b\u3044\u3066\u3044\u308b\u30dd\u30fc\u30c8\u3092\u7a81\u3063\u8fbc\u3093\u3060\u308a\u3001\u30e9\u30f3\u30c0\u30e0\u306a\u30da\u30a4\u30ed\u30fc\u30c9\u3092\u8a66\u3057\u3066\u4f55\u304b\u9762\u767d\u3044\u3082\u306e\u304c\u306a\u3044\u304b\u63a2\u3057\u305f\u308a\u3059\u308b\u3088\u3046\u306a\u3082\u306e\u3067\u3059\u3002Web\u30b5\u30a4\u30c8\u3001API\u3001\u305d\u306e\u4ed6\u4f55\u3067\u3082\u3001\u516c\u958b\u30b5\u30fc\u30d0\u30fc\u3092\u904b\u7528\u3057\u3066\u3044\u308b\u5834\u5408\u3001\u57fa\u672c\u7684\u306b\u30b9\u30ad\u30e3\u30f3\u3057\u3066\u3044\u308b\u8ab0\u306b\u3067\u3082\u3001\u4f55\u306b\u3067\u3082\u300c\u304b\u304b\u3063\u3066\u3053\u3044\u300d\u3068\u8a00\u3063\u3066\u3044\u308b\u3088\u3046\u306a\u3082\u306e\u3067\u3059\u3002\u305d\u308c\u304c\u73fe\u5b9f\u3067\u3059\u304c\u3001\u5e78\u3044\u306a\u3053\u3068\u306b\u3001\u3053\u3046\u3057\u305f\u30e9\u30f3\u30c0\u30e0\u306a\u30b9\u30ad\u30e3\u30ca\u30fc\u306e\u653b\u6483\u3092\u56f0\u96e3\u306b\u3059\u308b\u4fbf\u5229\u306a\u65b9\u6cd5\u304c\u3044\u304f\u3064\u304b\u3042\u308a\u307e\u3059\u3002Windows\u3084Linux\u306a\u3069\u306eOS\u306f\u3001\u5fc5\u8981\u4ee5\u4e0a\u306b\u653b\u6483\u3092\u56f0\u96e3\u306b\u3059\u308b\u5fc5\u8981\u304c\u3042\u308b\u306e\u306f\u5f53\u7136\u3067\u3059\u3002<\/p>\n<h2>\u653b\u6483\u8005\u3092\u6355\u3089\u3048\u308b\u305f\u3081\u306e\u57fa\u672c\u7684\u306a\u30cf\u30cb\u30fc\u30dd\u30c3\u30c8\u306e\u8a2d\u5b9a\u65b9\u6cd5<\/h2>\n<h3>\u65b9\u6cd51: \u507d\u306e\u7ba1\u7406\u30da\u30fc\u30b8\u3092\u4f7f\u7528\u3059\u308b\u304b\u3001\u30b7\u30f3\u30d7\u30eb\u306a\u30cf\u30cb\u30fc\u30dd\u30c3\u30c8\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u4f7f\u3063\u305f\u304a\u3068\u308a\u30b5\u30a4\u30c8\u3092\u4f5c\u308b<\/h3>\n<p>\u3053\u308c\u306f\u6bd4\u8f03\u7684\u624b\u9593\u306f\u304b\u304b\u308a\u307e\u305b\u3093\u304c\u3001\u8efd\u7387\u306a\u30b9\u30ad\u30e3\u30ca\u3084\u30b9\u30af\u30ea\u30d7\u30c8\u30ad\u30c7\u30a3\u3092\u6355\u307e\u3048\u308b\u306e\u306b\u52b9\u679c\u7684\u3067\u3059\u3002\u57fa\u672c\u7684\u306b\u306f\u3001\u507d\u306e\u30ed\u30b0\u30a4\u30f3\u753b\u9762\u3084\u7ba1\u7406\u753b\u9762\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u7279\u5225\u306a\u3053\u3068\u306f\u4f55\u3082\u305b\u305a\u3001<strong>\/admin<\/strong>\u3084<strong>\/wp-admin<\/strong>\u306e\u3088\u3046\u306a\u3001\u898b\u305f\u76ee\u306f\u9b45\u529b\u7684\u3067\u3059\u304c\u5b9f\u969b\u306b\u306f\u4f55\u3082\u3057\u306a\u3044\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u4f5c\u6210\u3057\u307e\u3059\u3002\u305d\u3057\u3066\u3001\u305d\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306b\u30a2\u30af\u30bb\u30b9\u3057\u3088\u3046\u3068\u3059\u308b\u3059\u3079\u3066\u306eIP\u30a2\u30c9\u30ec\u30b9\u3068\u30a4\u30f3\u30bf\u30e9\u30af\u30b7\u30e7\u30f3\u306e\u30ed\u30b0\u8a18\u9332\u3092\u8a2d\u5b9a\u3057\u307e\u3059\u3002\u5834\u5408\u306b\u3088\u3063\u3066\u306f\u3001\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u4f5c\u6210\u3057\u3001IP\u30a2\u30c9\u30ec\u30b9\u3068\u30ea\u30af\u30a8\u30b9\u30c8\u3092\u30d5\u30a1\u30a4\u30eb\u307e\u305f\u306f\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u306b\u8a18\u9332\u3059\u308b\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u914d\u7f6e\u3059\u308b\u3060\u3051\u3067\u6e08\u307f\u307e\u3059\u3002<\/p>\n<p>\u5f79\u7acb\u3064\u7406\u7531\uff1a\u8ab0\u304c\u3042\u306a\u305f\u306e\u6700\u3082\u6a5f\u5bc6\u6027\u306e\u9ad8\u3044\u30da\u30fc\u30b8\u3092\u8997\u304d\u898b\u3057\u3066\u3044\u308b\u306e\u304b\u3092\u77ac\u6642\u306b\u7279\u5b9a\u3067\u304d\u307e\u3059\u3002\u30b9\u30ad\u30e3\u30ca\u30fc\u304c\u507d\u306e\u7ba1\u7406\u30da\u30fc\u30b8\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3068\u3001\u6b63\u78ba\u306aIP\u30a2\u30c9\u30ec\u30b9\u3001\u6642\u523b\u3001\u5834\u5408\u306b\u3088\u3063\u3066\u306f\u30e6\u30fc\u30b6\u30fc\u30a8\u30fc\u30b8\u30a7\u30f3\u30c8\u307e\u3067\u53d6\u5f97\u3067\u304d\u307e\u3059\u3002\u3042\u308b\u8a2d\u5b9a\u3067\u306f1\u56de\u3067\u6210\u529f\u3057\u307e\u3057\u305f\u304c\u3001\u5225\u306e\u8a2d\u5b9a\u3067\u306f\u4f55\u5ea6\u304b\u8a66\u884c\u304c\u5fc5\u8981\u3067\u3057\u305f\u3002\u3057\u304b\u3057\u3001\u4e00\u822c\u7684\u306b\u3001\u3053\u308c\u3089\u306e\u304a\u3068\u308a\u306f\u30b5\u30a4\u30c8\u3092\u30af\u30ed\u30fc\u30eb\u3059\u308b\u81ea\u52d5\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u6355\u6349\u3059\u308b\u306e\u306b\u512a\u308c\u3066\u3044\u307e\u3059\u3002\u305f\u3060\u3057\u3001\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u304c\u4ed6\u306e\u5834\u6240\u304b\u3089\u30ea\u30f3\u30af\u3055\u308c\u3066\u3044\u306a\u3044\u3053\u3068\u3092\u78ba\u8a8d\u3057\u3066\u304f\u3060\u3055\u3044\u3002\u305d\u3046\u3057\u306a\u3044\u3068\u3001\u6b63\u5f53\u306a\u30e6\u30fc\u30b6\u30fc\u304c\u8aa4\u3063\u3066\u30a2\u30af\u30bb\u30b9\u3057\u3066\u3057\u307e\u3046\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u307e\u305f\u3001robots.txt\u30d5\u30a1\u30a4\u30eb\u306b\u300c<!-- honeypot -- >` can dissuade bots from ignoring the trap.<\/p>\n\n \n\n<p>Expect to see automated IPs getting flagging and maybe, if you want, to automatically block them with rules in your firewall or web server config. For example, if you\u2019re using Nginx, you could add something like:<\/p>\n\n \n\n<pre><code>location \/admin { # Log attempts access_log \/var\/log\/nginx\/honeypot.log; # Block after certain number of hits, or do something else } <\/code><\/pre>\n\n \n\n<p>Just keep in mind, this isn't foolproof\u2014some smarter bots might ignore the fake pages, and legit crawlers could act weird. But it\u2019s a quick way to catch the baddies or at least see who\u2019s scanning.<\/p>\n\n \n\n<h3>Method 2: Leverage robots.txt cleverly<\/h3>\n\n \n\n<p>Most websites will have a <strong>robots.txt<\/strong> file in the root folder\u2014say, `<strong>\/robots.txt<\/strong>`.You can configure it to tell bots what not to crawl, but oddly enough, many malicious bots and scanners ignore those directives and just go straight for the sensitive stuff anyway. Still, you can use this to your advantage by placing a fake or enticing filename or directory\u2014like `<strong>\/secret-admin-area<\/strong>`\u2014and tell bots to stay away (which, of course, they usually ignore).If you make this directory look juicy but is basically a trap, anyone scanning that area is probably up to no good. Logging hits here can help identify malicious actors.<\/p>\n\n \n\n<p>Why bother? Because any interaction that happens with these honeypots can be logged easily, giving insight into attacker behavior. When someone tries to access that fake admin page, you get an IP, user agent, and request details\u2014probably with no risk of affecting your real site.<\/p>\n\n \n\n<p>Pro tip: Add some fake credentials or dummy login prompts that don\u2019t do anything\u2014just enough to lure in attackers and log their details. Be cautious to ensure these decoys aren\u2019t linked from anywhere your real users might stumble onto\u2014no accidental tripping of legit visitors.<\/p>\n\n \n\n<h3>Method 3: Improve detection with interaction-based blocking<\/h3>\n\n \n\n<p>This is a step up in sophistication. Instead of just blocking anyone who hits the honeypot page, monitor if they interact further\u2014say, by submitting a form or trying to run commands. If they do, you can automatically trigger tighter restrictions or even temporarily ban them. This makes your honeypot a better tool for grabbing serious offenders rather than just catching random scans. It\u2019s kind of a fake login page with a trap\u2014pretend to be real, but log all activity and block suspicious behavior.<\/p>\n\n \n\n<p>Why it helps: Most automated attack scripts will go straight for the fake login and try to brute-force or probe further. If you record that activity, you can analyze attack patterns or block entire ranges.<\/p>\n\n \n\n<p>One practical example: create a \"login\" form at `\/admin`, but make sure it does nothing special\u2014just logs the attempt. Then, set up a script or firewall rule (like Fail2ban) to ban IPs that submit the form multiple times. This way, you\u2019re not just passively watching\u2014you\u2019re actively responding.<\/p>\n\n \n\n<h2>Wrap-up<\/h2>\n\n \n\n<p>A honeypot isn\u2019t about stopping every attack\u2014most automated scans will ignore or get confused by simple traps. But it\u2019s a good way to identify malicious IPs and slow down scripts. The real goal is to make attackers waste their time on decoys while you gather intel or block them before they cause trouble. Just be careful not to turn your honeypots into a backdoor for legit users\u2014stuff should be hidden well and not linked from anywhere public.<\/p>\n\n \n\n<p>Sometimes, a simple fake page and logging approach is enough, other times, more advanced interaction traps work better. Either way, it\u2019s better than just letting everything slide. Plus, with logs from these setups, you can improve your overall attack response.<\/p>\n\n \n\n<h2>Summary<\/h2>\n\n \n\n<ul> \n\n<li>Set up fake admin or sensitive pages to log any hits.<\/li>\n\n \n\n<li>Use robots.txt as a bait to lure scanners and log interactions.<\/li>\n\n \n\n<li>Implement interaction-based blocking for more targeted defense.<\/li>\n\n \n\n<li>Always confirm decoys aren\u2019t linked from real pages to avoid accidental banning.<\/li>\n\n <\/ul>\n\n \n\n<h2>Fingers crossed this helps<\/h2>\n\n --><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u30b5\u30fc\u30d0\u30fc\u304c\u7d76\u3048\u9593\u306a\u3044\u653b\u6483\u306e\u6a19\u7684\u306b\u306a\u3063\u3066\u3044\u308b\u5834\u5408\u3001\u7279<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1496","post","type-post","status-publish","format-standard","hentry","category-1"],"_links":{"self":[{"href":"https:\/\/help.peacedoorball.blog\/ja\/wp-json\/wp\/v2\/posts\/1496","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/help.peacedoorball.blog\/ja\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/help.peacedoorball.blog\/ja\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/help.peacedoorball.blog\/ja\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/help.peacedoorball.blog\/ja\/wp-json\/wp\/v2\/comments?post=1496"}],"version-history":[{"count":0,"href":"https:\/\/help.peacedoorball.blog\/ja\/wp-json\/wp\/v2\/posts\/1496\/revisions"}],"wp:attachment":[{"href":"https:\/\/help.peacedoorball.blog\/ja\/wp-json\/wp\/v2\/media?parent=1496"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/help.peacedoorball.blog\/ja\/wp-json\/wp\/v2\/categories?post=1496"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/help.peacedoorball.blog\/ja\/wp-json\/wp\/v2\/tags?post=1496"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}