Had an interesting thought today. If someone tries to brute force your login screen then why not after so many failed logins redirect them to a page that looks legitimate. This would cause the tool they are using to report that they cracked the password and logged in. The attacker would then have physically verify the login only to see some garbage page and start all over again. This would probably make a script kiddie attack some other site as they would probably not have the programming knowledge to alter the brute forcing engine.
I would have it so that after 10-20 failed logins to redirect to the fake page so that legitimate users have a very low change of being redirected to it.
Just an interesting thought / theory.
Could you also have an empty shell of your site and allow them to enter some information? The more info they enter and the longer the time they spend on your site the more evidence you collect in case of court proceedings or such. Also just a thought/theory.
If you wanted to spend the time to make a fake site then that would also slow them down.
Not sure how much this would help a case. The thing that a case would hinge on would mainly be the fact that they broke into (or tried to break into) a system. I guess they may enter in some of their personal details into your "fake" site but they would probably use fake information anyways.
It is pretty rare that these people get pursued unfortunately. Most attackers will launch attacks through another compromised system (or systems) to get at yours. Most likely this would involve three countries now (yours, the attackers, and the compromised intermediary). This means that law enforcement from each country would have to work to track the person down which is unlikely to happen depending on the severity/damage of the attack and the countries involved.
The unfortunate reality is that building something like this has a cost that is often offset by delivering other business value. Protecting data, sadly, often loses.
Best idea EVER!
And then execute a script that loops 400 times to send them to multiple web sites that spawn many more websites on close. And make those websites g@y Pr0n!!!
True story. I did this with a forum once. You should have seen the amount of reduced spam the forum got AFTER I implemented that feature.
If you want to get that advanced why not just create a honeypot? The n00bs would be giggling like little school girls as they download a 586MB document that is nothing but null characters. and you too would be giggling as your logs grew bigger and bigger with all that personal information.
But i also love to build and run open squid proxys online and sniff the traffic through them. Fun stuff!
gay