RewriteEngine On RewriteBase / # ============= HONEYPOT PATTERNS ============= # Only try to detect what you do NOT use! # At the end, rename the PHP file: honeypot-strike.php to something unique, so that scanners cannot find or detect it! # WordPress & CMS Admin Panels RewriteCond %{REQUEST_URI} ^/(wp-admin|wp-includes|wp-content/plugins|wp-content/themes|wp-json|xmlrpc\.php|wp-login\.php|wp-config\.php|license\.txt)(/.*)?$ [NC,OR] # Admin & Control Panels RewriteCond %{REQUEST_URI} ^/(admin|administrator|admincp|controlpanel|cpanel|phpmyadmin|pma|adminer|dbadmin|mysql|myadmin)(/.*)?$ [NC,OR] # Configuration & Sensitive Files RewriteCond %{REQUEST_URI} ^/(\.env|\.git|\.svn|\.hg|\.bzr|config\.php|database\.php|db\.php|settings\.php|configuration\.php)$ [NC,OR] # Backup & Old Files RewriteCond %{REQUEST_URI} ^/(backup|backups|old|test|dev|temp|tmp|bak|_old|_backup)(/.*)?$ [NC,OR] # Shell & Upload Attempts RewriteCond %{REQUEST_URI} ^/(shell|uploader|upload|file|files|c99|r57|webshell|backdoor)\.php$ [NC,OR] # API & Keys RewriteCond %{REQUEST_URI} ^/api/(config|keys|secrets|admin|private|internal)(/.*)?$ [NC,OR] # Cloud & Container Files RewriteCond %{REQUEST_URI} ^/(\.aws|\.docker|\.kube|Dockerfile|docker-compose\.yml|\.dockerignore)$ [NC,OR] # Server Info Pages RewriteCond %{REQUEST_URI} ^/(phpinfo|info|test)\.php$ [NC,OR] # Common Exploits RewriteCond %{REQUEST_URI} ^/(cgi-bin|editor|htmleditor|ckfinder|elfinder|filemanager)(/.*)?$ [NC,OR] # File Extensions (last rule, no OR) RewriteCond %{REQUEST_URI} \.(env|git|svn|sqlite|db|bak|log|ini|conf|yml|yaml|key|pem|ppk|htpasswd)$ [NC] # Redirect to honeypot handler RewriteRule .* /honeypot-strike.php [L] # OR: Remote IP. Remember, this will show the script URI! # RewriteRule ^.*$ https://7.7.7.7/honeypot-strike.php [R,L] # Prevent directory listing Options -Indexes