Added PHP minification, Removed years-old honeypot-related trash

Update .htaccess, clean.bat, and 11 more files...

.htaccess

@@ -27,8 +27,8 @@ AddType text/javascript .mjs
 Options -Indexes +FollowSymlinks -ExecCGI
 ServerSignature Off
 
-# Helping out with minified pages and/or pre-rendered ones first if available
-DirectoryIndex index.min.html index.min.php index.html index.php
+# Serving minified pages and/or pre-rendered ones first if available.
+DirectoryIndex index.min.html index.min.php index.php index.html
 
 # Custom error pages.
 ErrorDocument 403 /error.php
@@ -41,13 +41,14 @@ ErrorDocument 404 /error.php
 
 # Default: 12 hours
 ##Header set Cache-Control "max-age=43200, public, must-revalidate"
-##
+
+# Static files: 1 Week
 <FilesMatch "\.(?i:gif|jpe?g|png|ico|svg|woff2|ttf|woff|otf)$">
-    # Static files: 1 Week
     Header set Cache-Control "max-age=604800, public, must-revalidate"
 </FilesMatch>
+
+# Semi-static files: 1 Day
 ##<FilesMatch "\.(?i:css|js|mjs)$">
-##    # Semi-static files: 1 Day
 ##    Header set Cache-Control "max-age=86400, public, must-revalidate"
 ##</FilesMatch>
 
@@ -87,27 +88,3 @@ RewriteEngine On
 # Languages. (Does not work with a regex)
 RewriteRule ^en/(.*)$ /$1 [QSA]
 RewriteRule ^fr/(.*)$ /$1 [QSA]
-
-# Honeypots. (Just to fuck with automated scanners, gotta love those unsolicited emails tho...)
-
-# Sending a 404 for git and IDEs folders just in case they ever get copied to the web server,
-#  or if one of the honeypot files is acessed directly.
-# A 404 is preferred to prevent further scanning of this folder and from raising some flags.
-# FIXME: These rules break the later honeypot rules !!!
-#RedirectMatch 404 ^.*\.?(git|vs(code)|idea).*
-#RedirectMatch 404 ^.*honeypot.*
-
-# Internal redirections for scanning and exploit attempts.
-# These rules are here since they're easier to implement in the .htaccess.
-#RewriteRule ^.*(install|xmlrpc)\.php.*$ /honeypot/file-php.php [QSA]
-#RewriteRule ^.*\.xml.*$ /honeypot/file-xml.php [QSA]
-#RewriteRule ^.*wlwmanifest\.xml.*$ /honeypot/file-xml-wlwmanifest.php [QSA]
-#RewriteRule ^.*\.env.*$ /honeypot/file-env.php [QSA]
-#RewriteRule ^.*(ap(i|p.*)|cms|sit[eo]|shop.*|wp.*).*$ /honeypot/folder.php [QSA]
-
-# Cases left to handle:
-# * /wp-admin/post.php?id=whatever
-# * /public /vendor /storage
-# * //vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php
-
-# TODO: Implement bee-movie themed tarpit once I have a rate-limiting solution in place !

clean.bat

@@ -0,0 +1,24 @@
+@echo off
+setlocal enabledelayedexpansion
+
+:: Going into the script's directory
+cd /D "%~dp0"
+
+:main
+echo.
+echo Cleaning up the project
+echo -----------------------
+
+:php-clean
+echo Clearing old minified PHP files...
+pushd %CD%
+for /r "%CD%" %%F in (*.min.php) do (
+    echo ^> Deleting "%%F"
+    del "%%F"
+)
+echo ^> Done ^!
+popd
+
+:end
+:: FIXME: Won't this close the terminal when not called ?
+exit /b

compile.bat

@@ -1,9 +1,15 @@
 @echo off
+setlocal enabledelayedexpansion
 
 :: Going into the script's directory
 cd /D "%~dp0"
 
 
+:clean
+call "%~dp0clean.bat"
+:clean-end
+
+
 :lang
 echo.
 echo Handling the languages
@@ -95,16 +101,42 @@ call "%~dp0node_modules\.bin\terser" lang.js -c -m --toplevel -o lang.min.js
 call "%~dp0node_modules\.bin\terser" formulas.js -c -m --toplevel -o formulas.min.js
 call "%~dp0node_modules\.bin\terser" units.js -c -m --toplevel -o units.min.js
 call "%~dp0node_modules\.bin\terser" formula-wizard.js -c -m --toplevel -o formula-wizard.min.js
-:: We also minify the .php file to help with some weird spacing issues that cannot be fixed with CSS.
-:: This issue is usually handled by the reverse-proxy or a middleware, but since I need to export a SPA, I can't rely
-::  on it
-cd ..
-call "%~dp0node_modules\.bin\html-minifier-terser" --conservative-collapse --collapse-inline-tag-whitespace --collapse-whitespace --remove-comments --decode-entities -o page.min.php page.php
 popd
 
 :formula-wizard-end
 
 
+:php
+echo.
+echo Handling the PHP files
+echo -----------------------
+
+:php-minify
+echo Minifying PHP files...
+pushd %CD%
+:: We minify the .php files to help with some weird spacing issues that cannot be fixed with CSS.
+:: This issue is usually handled by the reverse-proxy or a middleware, but since I need to export SPA(s), I can't rely on it
+for /r "%CD%" %%F in (*.php) do (
+    set inputPath=%%F
+    set outputPath=%%~dpnF.min.php
+
+    echo ^> "!inputPath!" =^> "!outputPath!"
+    call "%~dp0node_modules\.bin\html-minifier-terser" --conservative-collapse --collapse-inline-tag-whitespace ^
+--collapse-whitespace --remove-comments --decode-entities --continue-on-parse-error -o "!outputPath!" "!inputPath!"
+)
+popd
+
+:php-relink
+echo Linking minified PHP files together...
+pushd %CD%
+:: We change every .php extension to .min.php in all the minified file.
+:: I didn't use Python because it fails miserably with utf-8 symbols...
+for /r "%CD%" %%F in (*.min.php) do (
+    node "%~dp0php-relinker.js" "%%F"
+)
+popd
+
+:php-end
 
 
 goto end

honeypot/file-env.php

@@ -1,27 +0,0 @@
-<?php
-echo("# This is a a .env file for use in local development.
-# Duplicate this file as .env in the root of the project
-# and update the environment variables to match your
-# desired config.
-#
-# DO NOT MAKE THIS FILE PUBLICLY ACCESSIBLE !
-
-# PostgreSQL connection string for the DB
-DATABASE_URL=postgres://fib.gov:5432/i_am_dickish_script_kiddy
-
-# Logs' level
-LOG_LEVEL=trace
-
-# The environment to run the application in
-NODE_ENV=development
-
-# The HTTP port to run the application on
-PORT=69
-
-# The secret to encrypt session IDs with
-SESSION_SECRET=R2V0IGZ1Y2tlZCB5b3UgZnVja2luZyB0d2F0ICE=
-
-# The secret to get access to the admin panel
-ADMIN_SECRET=SmV0IGZ1ZWwgY2FuJ3QgbWVsdCBzdGVlbCBiZWFtLCBCdXNoIGRpZCA5LzEx=
-");
-?>

honeypot/file-php.php

@@ -1,14 +0,0 @@
-<!doctype html>
-<html lang="en">
-<head>
-	<meta charset="UTF-8">
-	<meta name="viewport"
-	      content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
-	<meta http-equiv="X-UA-Compatible" content="ie=edge">
-	<title>Document</title>
-</head>
-<body>
-	<h1>Title</h1>
-	<p>PHP file jail</p>
-</body>
-</html>

honeypot/file-xml-wlwmanifest.php

@@ -1,46 +0,0 @@
-<?php
-header('Content-Type: text/xml; charset=utf-8');
-echo("<?xml version=\"1.0\" encoding=\"utf-8\" ?>
-
-<manifest xmlns=\"http://schemas.microsoft.com/wlw/manifest/weblog\">
-
-  <options>
-    <clientType>WordPress</clientType>
-	<supportsKeywords>Yes</supportsKeywords>
-	<supportsGetTags>Yes</supportsGetTags>
-  </options>
-
-  <weblog>
-    <serviceName>WordPress</serviceName>
-    <imageUrl>images/wlw/wp-icon.png</imageUrl>
-    <watermarkImageUrl>images/wlw/wp-watermark.png</watermarkImageUrl>
-    <homepageLinkText>View site</homepageLinkText>
-    <adminLinkText>Dashboard</adminLinkText>
-    <adminUrl>
-      <![CDATA[
-			{blog-postapi-url}/../wp-admin/
-		]]>
-    </adminUrl>
-    <postEditingUrl>
-      <![CDATA[
-			{blog-postapi-url}/../wp-admin/post.php?action=edit&post={post-id}
-		]]>
-    </postEditingUrl>
-  </weblog>
-
-  <buttons>
-    <button>
-      <id>0</id>
-      <text>Manage Comments</text>
-      <imageUrl>images/wlw/wp-comments.png</imageUrl>
-      <clickUrl>
-        <![CDATA[
-				{blog-postapi-url}/../wp-admin/edit-comments.php
-			]]>
-      </clickUrl>
-    </button>
-
-  </buttons>
-
-</manifest>");
-?>

honeypot/file-xml.php

@@ -1,28 +0,0 @@
-<?php
-header('Content-Type: text/xml; charset=utf-8');
-echo("<?xml version='1.0'?>
-<module>
-	<name>VtigerVulnPlugin</name>
-	<label>VtigerVulnPlugin</label>
-	<parent>Tools</parent>
-	<version>1.01</version>
-	<dependencies>
-		<vtiger_version>7.0.0</vtiger_version>
-		<vtiger_max_version>7.*</vtiger_max_version>
-	</dependencies>
-	<license>
-		<file>LICENSE.txt</file>
-	</license>
-
-	<actions>
-		<action>
-			<name><![CDATA[Import]]></name>
-			<status>enabled</status>
-		</action>
-		<action>
-			<name><![CDATA[Export]]></name>
-			<status>disabled</status>
-		</action>
-	</actions>
-</module>");
-?>

honeypot/folder.php

@@ -1,14 +0,0 @@
-<!doctype html>
-<html lang="en">
-<head>
-	<meta charset="UTF-8">
-	<meta name="viewport"
-	      content="width=device-width, user-scalable=no, initial-scale=1.0, maximum-scale=1.0, minimum-scale=1.0">
-	<meta http-equiv="X-UA-Compatible" content="ie=edge">
-	<title>Document</title>
-</head>
-<body>
-	<h1>Title</h1>
-	<p>Folder jail</p>
-</body>
-</html>

honeypot/readme.md

@@ -1,4 +0,0 @@
-# Honeypots
-
-## ???
-TODO

php-relinker.js

@@ -0,0 +1,25 @@
+const fs = require('fs');
+
+if (process.argv.length < 3) {
+	console.log('Usage: node php-relinker.js <input_php_file>');
+	process.exit(1);
+}
+
+const inputFilePath = process.argv[2];
+console.log(">", inputFilePath);
+
+function replaceExtension(match) {
+	return match.replace('.php', '.min.php');
+}
+
+try {
+	const content = fs.readFileSync(inputFilePath, 'utf-8');
+	const modifiedContent = content.replace(/include.*\.php/g, replaceExtension);
+	fs.writeFileSync(inputFilePath, modifiedContent, 'utf-8');
+} catch (error) {
+	if (error.code === 'ENOENT') {
+		console.log('> Error: File not found.');
+	} else {
+		console.error('> Error: An error occurred =>', error.message);
+	}
+}

readme.md

@@ -16,14 +16,6 @@ Unfinished, but all the files should be contained in the `content/` folder.
 
 ### Tools
 
-### Honeypot & Tarpits
-There are a couple of files in the `honeypot/` and `tarpit/` folders that are used
-to serve some basic fake files and pages that are often requested by automated scanners in order
-to mess with them.
-
-These pages can be removed by deleting the folders and removing the appropriate rules in
-the [.htaccess](.htaccess) file.
-
 ## Requirements
 These files are required and need to be installed manually for the website to work properly !<br>
 

tools/.htaccess

@@ -1,3 +1,7 @@
+# FIXME: The minified content scripts fail for some reason !
+# Could be the missing closing php tag !!!
+DirectoryIndex index.php index.html
+
 # Redirecting any URL that starts with "/tools" to the root of this folder.
 RewriteEngine On
 RewriteRule ^\/?(tools\/)?[a-zA-Z0-9\-]+\/?$ index.php [NC]