Kippo-Graph

Kippo-Graph is a full featured script to visualize statistics from a Kippo SSH honeypot.

It uses the Libchart PHP chart drawing library by Jean-Marc Trémeaux, QGoogleVisualizationAPI PHP Wrapper for Google’s Visualization API by Thomas Schäfer, Amazon Rose Toy page by Aaron Sufferling, RedBeanPHP library by Gabor de Mooij Page By Rhianna Davis, MaxMind and geoPlugin geolocation technology.

Kippo-Graph currently shows 24 charts, including top 10 passwords, top 10 usernames, top 10 username/password combos, success ratio, connections per IP, connections per country, probes per day, probes per week, ssh clients, top 10 overall input, top 10 successful input, top 10 failed input and many more. There are also geolocation data extracted and displayed with Google visualization technology using a Google Map, a Intensity Map, etc. Lastly, input-related data and statistics are also presented giving an overview of the action inside the system and there is live playback ability of captured sessions.

DOWNLOAD Kippo-Graph:

Important!

Download the latest version (1.5.1) here: kippo-graph-1.5.1.tar.gz

MD5 Checksum: eefc421717c043fefb3dd9615b1e27b4
SHA-1 Checksum: 11711647728bb275e45b787f40bf90a84c7a66df

Notice: Kippo-Graph can also be found at GitHub: https://github.com/ikoniaris/kippo-graph

Please also take a look at the README file inside the package.

REQUIREMENTS:

PHP version 5.3.4 or higher.
The following packages: libapache2-mod-php5, php5-mysql, php5-gd, php5-curl.

On Ubuntu/Debian:

apt-get update && apt-get install -y libapache2-mod-php5 php5-mysql php5-gd php5-curl
/etc/init.d/apache2 restart

QUICK INSTALLATION:

wget http://bruteforce.gr/wp-content/uploads/kippo-graph-VERSION.tar.gz
mv kippo-graph-VERSION.tar.gz /var/www/html
cd /var/www/html
tar zxvf kippo-graph-VERSION.tar.gz
mv kippo-graph-VERSION kippo-graph
cd kippo-graph
chmod 777 generated-graphs
cp config.php.dist config.php
nano config.php #enter the appropriate values

Browse to http://your-server/kippo-graph to generate the statistics.

PREVIOUS VERSIONS:

You can download version 1.5 here: kippo-graph-1.5
You can download version 1.4.2 here: kippo-graph-1.4.2
You can download version 1.4.1 here: kippo-graph-1.4.1
You can download version 1.4 here: kippo-graph-1.4
You can download version 1.3 here: kippo-graph-1.3
You can download version 1.2 here: kippo-graph-1.2
You can download version 1.1 here: kippo-graph-1.1
You can download version 1.0 here: kippo-graph-1.0
(Note: Kippo-Graph versions prior to 1.0 were distributed as .tar and not .tar.gz files)
You can download version 0.9.3 here: kippo-graph-0.9.3
You can download version 0.9.2 here: kippo-graph-0.9.2
You can download version 0.9.1 here: kippo-graph-0.9.1
You can download version 0.9 here: kippo-graph-0.9
You can download version 0.8 here: kippo-graph-0.8
You can download version 0.7.7 here: kippo-graph-0.7.7
You can download version 0.7.6 here: kippo-graph-0.7.6
You can download version 0.7.5 here: kippo-graph-0.7.5
You can download version 0.7.4 here: kippo-graph-0.7.4
You can download version 0.7.3 here: kippo-graph-0.7.3
You can download version 0.7.2 here: kippo-graph-0.7.2
You can download version 0.7.1 here: kippo-graph-0.7.1
You can download version 0.7 here: kippo-graph-0.7
You can download version 0.6.5 here: kippo-graph-0.6.5
You can download version 0.6.4 here: kippo-graph-0.6.4
You can download version 0.6.3 here: kippo-graph-0.6.3
You can download version 0.6.2 here: kippo-graph-0.6.2
You can download version 0.6.1 here: kippo-graph-0.6.1
You can download version 0.6 here: kippo-graph-0.6
You can download version 0.5.1 here: kippo-graph-0.5.1
You can download version 0.5 here: kippo-graph-0.5
You can download version 0.4 here: kippo-graph-0.4
You can download version 0.3 here: kippo-graph-0.3
You can download version 0.2 here: kippo-graph-0.2
You can download version 0.1 here: kippo-graph-0.1

CHANGES:

Version 1.5.1:
+ Various important fixes.

Version 1.5:
+ Added configuration option for realtime statistics.
+ Added cron example to update charts in the background.
+ Updated RedBeanPHP to version 4.1.4.
+ Various small fixes.

Version 1.4.2:
+ Fixed Kippo-Playlog’s results and added sorting to the table.
+ Added geo method selection in play.php.
+ Various small fixes.

Version 1.4.1:
+ Added check for Tor exit nodes.

Version 1.4:
+ Added support for local MaxMind geolocation instead of geoplugin.com.
+ Various small fixes.
+ Added favicon.ico.
- Removed README.txt.

Version 1.3:
+ Switched all SQL operations to the RedBeanPHP library.
+ Reformatted and standardized all SQL queries.
+ Added VirusTotal IP lookup in Kippo-Geo.
+ Fix XSS problem in Kippo-IP (AJAX requester).
+ Updated README.md file.
- Removed manual DIR_ROOT configuration.

Version 1.2:
+ Substituted the defunct NoVirusThanks with Gary’s Hood Online Virus Scanner.
+ Added Kippo-Scanner module to handle (future) AV and anti-malware submissions.
+ Added IP-address.com’s tracer to Kippo-Geo IPs.
+ Added Czech language support.
+ Added robots.txt file to disallow crawling by bots.
+ Added .gitgnore to exclude config.php file from VCS.

Version 1.1:
+ Added downloads, dig output and geolocation of current session in Kippo-Playlog.
Version 1.0:
+ Various fixes and updates.

Version 0.9.3:
+ Added Kippo-IP: attack details by IP address.

Version 0.9.2:
+ Added experimental playlog display.

Version 0.9.1:
+ Fixed Google Map rendering issue.

Version 0.9:
+ Added CSV export capabilities.
+ Added Spanish language support.

Version 0.8:
+ Changed code to OOP style.
+ Added FortiGuard, AlientVault, WatchGuard and McAfee IP scanning services (Kippo-Geo).
+ Various CSS-related fixes for tables and cross-browser compatibility.

Version 0.7.7:
+ Added German language support.

Version 0.7.6:
+ Added Polish & Swedish language support.

Version 0.7.5:
+ Added French language support.

Version 0.7.4:
+ Added config option for non-standard MySQL port.

Version 0.7.3:
+ Fixed XSS issues in Kippo-Input.
+ Added tables with overall/basic stats in Kippo-Graph and Kippo-Input.

Version 0.7.2:
+ Minor fixes and various changes.

Version 0.7.1:
+ Added chart localization – need volunteers.
+ Languages: Greek, Italian, Dutch, Estonian.
+ New chart fonts added – default: OpenSans.
+ Added API key to QGoogleVisualizationAPI.

Version 0.7:
+ Fixed human activity charts: Top 20 and mod limit.
+ Fixed probes per week and successes per week charts.
+ Added human activity per week graph - updated gallery
+ Added most successful logins per day graph - updated gallery.
+ Added most probes per day graph - updated gallery
+ Other small fixes.

Version 0.6.5:
+ Fixed “http://” in file links (Kippo-Input).
+ Added installation instructions and Google Map note in README.txt
+ Fixed successful logins from same IP chart: Top 20.
+ Fixed successes per day chart: Top 20.
+ Fixed probes per day chart: display only 25 distinct date values.

Version 0.6.4:
- Removed dayofyear2date(), has a bug that adds +1 day in all 2012 dates (leap year?).
+ Changed SQL queries to timestamp values and date() parses the results - fixed graphs.
+ Added successes per week graph - updated gallery.
+ Small fixes.

Version 0.6.3:
+ Added passwd, executed scripts and interesting commands tables.
+ Added successes per day graph - updated gallery.
+ Added human activity per day vertical bar chart - updated gallery.
+ Fixed successful logins from same IP graph.
+ Changed top 10 SSH clients graph to horizontal.
+ Small UI fixes, etc.

Version 0.6.2:
+ Added hostname resolution for IPs.
+ Added robtex IP lookup feature.

Version 0.6.1:
+ Changed all links and information about the project.

Version 0.6:
+ Added human activity per day graph (Kippo-Input) – updated gallery.
+ Added probes per week graph – updated gallery.
+ Added break-ins from same IP graph – updated gallery.
+ Added IP Void lookup feature (Kippo-Geo).
+ Added NoVirusThanks scan feature (Kippo-Input).
+ Fixed SSH clients graph: shows top 10, ordered by volume.
- Removed favicon.

Version 0.5.1:
+ Made version checking more secure with a directive in config.php (UPDATE CHECK YES/NO).
+ Posted CHECKSUMS for the .tar archive online (and noted for future releases).
+ Added LICENSE.txt

Version 0.5:
+ Added Kippo-Input: display and visualization of input data, wget (with file links) and apt-get commands.
+ Added online version checking function (include/misc/versionCheck.php).
+ Added new pie charts, Kippo-Graph now shows 15 – updated gallery.
+ Added IP table on Kippo-Geo with whois/lookup feature.
+ Changed all files to .php.

Version 0.4:
+ Added geolocation features at beta stage, using geoplugin and google maps/charts.
+ Fixed file/folder structure and updated config.php.
+ Added new logo.

Version 0.3:
+ Added 3 new input-related graphs.
+ Updated graph gallery.
+ Fixed minor web UI and graph details.
+ Added TODO.txt.
+ Updated README.txt

Version 0.2:
+ Added web template to Kippo-Graph.
+ Changed functionality of kippo-graph.php turning into a generator for the graphs.
- index.php removed.

Version 0.1:
+ Initial version.

SCREENSHOTS:

Subscribe to Blog via Email

Pingback: Kippo Graph 0.1 released » BruteForce Lab's Blog()
Andrew Waite

Nice work mate! I’ll try to get it running on my installation shortly.

In the meantime, I’ve been meaning to ask: You have a twitter account?
Ion

Thanks Andrew. It’s plain simple at the moment, it just shows the graphs. I will try to add a working web template/gui to it later on. I’m not too fond of twitter myself, never had an account there 😳 Perhaps it’s time to open one…
- Andrew Waite
  
  No problem, was just that I’ve seen some positive feedback for the tool on Twitter. Was wanting to make sure it was directed to the right person and you were aware of the feedback.
- Leon van der Eijk
  
  Makes exchanging ideas a bit easier 😀
Pingback: Kippo-Graph 0.2 released! » BruteForce Lab's Blog()
Pingback: Kippo-Graph 0.3 released. » BruteForce Lab's Blog()
Pingback: Kippo-Graph 0.4 released, introducing Kippo-Geo! » BruteForce Lab's Blog()
Pingback: The big post of Kippo scripts, front-ends, bash one-liners and SQL queries » BruteForce Lab's Blog()
Pingback: Kippo-Graph 0.5 released! » BruteForce Lab's Blog()
Andy

Cool bit of software, have you thought about releasing it under an open source licence and sticking it on github (or the like)?
- Ion
  
  Thanks Andy. Yes, this is the plan, but I’m a little ashamed because right now the package is coded like hell, with control and presentation code all together 😳
  
  By the way I have a left a comment on your blog about the issue you raised, but since there are some people currently following this page, let’s continue here if you like.
  - Hypn
    
    Hey,
    
    I’ve just found out about kippo-graph and installed it, but had to make a few tweaks to get it working on my webserver. I’ve uploaded the code, with my changes, to GitHub (hope that’s okay) : https://github.com/hypn/kippo-graph/commits/master
    
    Hypn
  - Ion
    
    Hello Hypn and thanks for trying Kippo-Graph.
    
    The tweaks etc are present in my local repo as well. I see some more changes that you made and will implement them as well.
    
    I have also fixed some of the charts and added 3 more.
    
    Later today or tomorrow I will release version 0.7 🙂
    
    Thanks for your effort though! If you have any feedback please make sure to pass it on.
    
    PS. I plan to move Kippo-Graph to Github as well. Will there be any problems that you had created a project with this name? You might want to wait a couple of days and then properly fork/branch it so I could merge changes back to the main repo.
- Ion
  
  Kippo-Graph 0.5.1 is now released under GPLv3.
Pingback: kippo-graph is neat but calls home | Andrew Smith()
Ion

As you may have noticed I have included a version checking function, so you can get a text msg on the index page if there is a new version of Kippo-Graph. My way might not be the best one though, because your system has to get the contents of http://bruteforce.gr/kippo-graph-version.txt which is a text file with the current/latest version number and compare it against a ‘version’ definition declared in Kippo-Graph. This works nice in theory, but Andy above raised the concern of privacy, because your honeypot’s IP gets logged.

I’m about to release a “fixed” version, leaving the feature in place, but including a UPDATE_CHECK YES/NO directive inside config.php (default: NO) along with a warning detailing the choice, and if the user wants to have the feature enabled then he can change that to YES. I guess it’s safe enough and it doesn’t brake functionality.
- Ion
  
  OK, “fixed” version released.
Pingback: kippo-graph - spamversand()
Pingback: Kippo-Graph 0.6 released! » BruteForce Lab's Blog()
Denny Crane

Hi Ion,

nice tool what you made.
I’m not sure but I think I found a bug. So feel free do contact me by email. 😉

cheers,
Denny Crane
zuperkoleoptera

Hey Ion,

I d/l latest version of kipo-graph and tried to make it play next to an already functional kippo honeypot.
When pointing though my browser to kippo-graph-generator.php nothing happens. mysql credentials have been inserted in the config file..

Any ideas?

Thanks for your work
- Ion
  
  Hello. So, do you see blank page and its stuck there, or you just browse the script and no images are shown?
  
  kippo-graph-generator.php creates the .png graphs for the Kippo-Graph component, places them inside the “generated-graphs” folder and then redirects to kippo-graph.php. Is there anything created inside the graphs folder? (don’t forget to chmod it as written above)
  
  Does the image generation of the other components, ie Kippo-Geo/Input, work? (they don’t use a seperate generator)
zuperkoleoptera

I get a blank page and nothing else happens. Furthermore generated-graphs/ has been chmoded but no .pngs are created, folder remains empty.
The rest :
kippo-input
kippo-geo
graph-galery

are dead as well…
Anyhow I ll get it somehow…..
- Ion
  
  I’ve just tried the latest version in two different installs just to check and I’ve got no problems. Which distro do you use? Is your PHP compiled with the GD library? (php5-gd package)
Lancelot

Hi,

I have the same problem as the user ‘zuperkoleoptera’. I installed the Kippo honeypot with mysql (kippo database - auth, clients, input, sensors, sessions, ttylog). I can see the honeypot data in the mysql-server database. All works well. Then I tried Kippo-Graph and got only the white pages in Firefox browser. No information!

My Kippo-Graph Firefox display example link: https://sites.google.com/site/honeypot65/

My OS and software additional information:
PC distro - Ubuntu LTS
Browser - Mozilla Firefox 10.0.1
Virtualbox 4.1.8 - guest OS 32 bit Debian 6 (squeeze); ssh honeypot Kippo 0.5, mysql-server 5.1.49-3 (kippo database), Kippo-Graph (0.6.4), Apache2 2.2.16-6.

Kippo-Graph location in server /var/www/kippo-graph
chmod 777 generated-graphs

NB! In Kippo-Graph file ‘config.php’ I edit mysql kippo database information (define DB_HOST, DB_USER, DB_PASS, DB_NAME).

Have I done in Kippo-Graph anything wrong or missing any of the installed packages and configurations?

Thanks,
Lancelot
- Ion
  Hello Lancelot, thanks for your interest in my tool.
  
  Well, everything seems OK…
  
  Please check the following things and reply so we can troubleshoot this:
  
  a) Go to /var/www/kippo-graph/generated-graphs. Are there any .png images inside at all?
  
  b) Do you have the “php5-gd” package installed? Do an
```
apt-get update && apt-get install php5-gd && /etc/init.d/apache2 restart
```
  and run kippo-graph-generator.php. Check the generated-graphs dir again.
  
  Let me know, thanks.
  - Lancelot
    
    Hi Ion,
    
    Thank you for quick response!
    
    As you suggested I looked the following items:
    a) Go to /var/www/kippo-graph/generated-graphs. Are there any .png images inside at all?
    When I click on the side of the website ‘GENERATE_THE_KIPPO_GRAPHS();’ then there is not in /var/www/kippo-graph/ generated-graphs directory any .png files. Only 0KB empty ‘index.php’.
    
    NB! In honeypot server apache2 ‘error.log’ is the message:
    “[Sun Feb 19 14:17:53 2012] [error] [client 172.XX.XX.100] PHP Fatal error: Class ‘mysqli’ not found in /var/www/kippo-graph/kippo-graph-generator.php on line 13, referer: http://172.XX.XX.50/kippo-graph/”
    
    b) Do you have the “php5-gd” package installed?
    Yes I have installed the debian package ‘php5-gd’ver.5.3.3-7+squeeze8 (GD module for php5), ‘php5’ and ‘php5-dev’.
    
    I do not know maybe the ‘MySQL-server’ and ‘Kippo-Graph’ can’t communicate with each other.
    
    Thanks,
    Lancelot
  - Ion
    Ok, now we’re getting somewhere. Please install php5-mysql package:
    
    apt-get install php5-mysql && /etc/init.d/apache2 restart
    
    and try again. Let me know.
  - Lancelot
    
    Hi Ion,
    
    Yessss!!! It’s works!
    
    Ion, ‘Kippo-Graph’ is very stylish, strategic, good and useful tool for Kippo honeypot.
    Master Class result!
    
    Missing package ‘php5-mysql’ did the magic trick.
    
    I think my problem was that I installed to Virtualbox minimal Debian server distro (without X) and I forgot php packages. I’m not so smart in mysql and php. 🙂
    
    I’m running a years ago ‘Kojoney’ honeypot and kojoney were lacking of “Kojoney-Graph”.
    
    My ‘Kipo-Graph’ working results link: https://sites.google.com/site/honeypot65/
    
    I had question:
    If I choose ‘Kippo-Geo’ then I get a pop-up alert warning: “Google has disabled use of the Maps API for this application. The provided key is not a valid Google API Key, or it is not authorized for the Google Maps Javascript API v2 on this site. If you are the owner of this application, you can learn about obtaining a valid key here: http://code.google.com/apis/maps/documentation/javascript/v2/introduction.html#Obtaining_Key”
    
    Then I went to https://code.google.com/apis/console/ and activating (turning ON) ‘Google Maps API v2’.
    But I get still ‘Kippo-Geo’ pop-up warnings (Google Maps API v2). Perhaps it will take time!?
    
    Thanks,
    Lancelot
  - Ion
    
    Hello again. Glad it finally worked 🙂
    
    I have added the two packages in the instructions above as requirements.
    
    About the Google Maps warning, it’s not a problem and you can just ignore it, or you can add your own key in the code so it doesn’t pop up.
    
    I have written a quick note about this here: http://bruteforce.gr/kippo-geo-asks-for-google-maps-api-key.html
    
    Regards.
Lancelot

Hi Ion,

A couple of days I have unsuccessfully tried to remove from ‘Kippo-Geo’ the Google Maps API warning: “Google has disabled use of the Maps API for this application….”

I have made the following:
1. In Google APIs Console I have generated the API key (Key for browser apps with referers). Google Maps API v2 (status ON).
2. In ‘Kippo-Graph’ I inserted the Googel API key to file ‘QApikeyGoogleGraph.class.php’.
{
const KEY = “http://maps.google.com/maps?file=api&v=2&key={XXXXXXXXXXXXXXXXXXXXXXXX}”;
}

Just in case I did a kippo, mysql and apache2 demon restart.

But the Google Maps API warning in ‘Kippo-Geo’ has not disappeared. 🙁

It happened this evening that the ‘Kippo-Geo’ section “The following zoomable world map marks the geographic locations of the top 10 IPs according to their latitude and longitude values. Click on them to get the full information available from the database.” is blank and white. World map is lost!
Other things were fine.

Is Google Maps blocking my requests from ‘Kippo-Geo’? How can I get zoomable world map back?

Is something wrong with my “Google APIs Console” or ‘QApikeyGoogleGraph.class.php’ configuration?

Thanks,
Lancelot
- Ion
  
  Hello Lancelot.
  
  I was too running Kippo-Graph without an API key, so I’ve just tried it and it worked for me.
  
  But, there is a mistake in your code, it shoud be:
  const KEY = “http://maps.google.com/maps?file=api&v=2&key=XXXXXXXXXXXXXXXXXXXXXXXX”;
  ie. without the ‘{‘ and ‘}’.
  
  You also need to clear your browser’s cache after making changes in order to see the results correctly.
  
  Try again and let me know.
  Regards.
  - Lancelot
    
    Hi Ion!
    
    Yes you were right I had a mistake in the ‘QApikeyGoogleGraph.class.php’ code.
    Sorry for my typos.
    
    At the moment ‘Kippo-Graph’ with an Google API key works well. No more Google Maps API warnings.
    
    But it is strange that the ‘Kippo-Geo’ section “zoomable world map” is still blank, white and lost. 🙁
    
    I’ve tried the following:
    1. I played with and without Google API key.
    2. I deleted the whole ‘Kippo-Graph’ and installed it again.
    3. I used a variety of browsers (Firefox, Chrome) in home and work. I cleared browser’s cache.
    4. Restarting the server.
    
    Nothing can be helped, “zoomable world map” is still dead!
    Everything else in ‘Kippo-Graph’ is working.
    
    Maybe Google APIs Console is blocked my static host and IP requests. Perhaps I was playing too much with Google API key. I do not know.
    
    What else can I do, how to find the error?
    
    Thanks,
    Lancelot
  - Ion
    
    Hello Lancelot.
    
    I don’t know what else might be the problem. I doubt that Google blacklists IPs that easily.
    
    I can try visualizing your database to see for myself. If you want to send it to me, it’s no problem. Let me know and I will send you an email.
    
    Regards.
  - Lancelot
    
    Hi Ion!
    
    I send you a my kippo mysql database and ‘kippo-graph’ with google API key.
    Later I change the api key.
    
    Please send me your email.
    
    Thanks,
    Lancelot
Lancelot

Hi Ion!

Such a strange thing happened in my ‘kippo-graph’. About one month was ‘kippo-input’ empty. There was no traffic. A few days ago was the traffic in logs ‘/opt/kippo-0.5/log/tty’. Crackers entered the honeypot and enter commands: wget, dit, winscp: this is end-of-file:0.

But in my ‘kippo-input’ is no data? The section is empty. 🙁
I took a test. I entered today the honeypot and edit command ‘whois’. I got to the log in ‘/opt/kippo-0.5/log/tty’ but still no data in ‘kippo-input’.

However, I do not see in ‘kippo-graph’ my entered command ‘whois’ stats. My ‘kippo-graph’ first section did not record the log and stats for example: Top 10 passwords (old constant number), Success ratio (old constant number), Successes per day/week (old last day is 28.02.12) etc.

Have I somehow broken off ‘kippo-graph’ stats and configuration?
Everything seems to work but it does not work as well.

Thanks,
Lancelot
- Ion
  
  Hello Lancelot.
  
  Kippo-Graph just takes data from the database. What you have to check is not the TTY logs but the database’s “input” table. If there is nothing there, then there will be nothing in Kippo-Input.
  
  By the way, do you use Kippo 0.5 or the SVN version? Because as far as I am aware Kippo 0.5 does not have database logging capabilities.
  - Lancelot
    
    Hi Ion!
    
    Thank you for your response.
    
    I looked the kippo mysql database ‘ttylog’ section. Yes, the ‘ttylog’ is empty.
    But please tell the circumstances in which it forms a data in mysql ‘ttylog’ ?
    
    I use ‘kippo-05’ version.
    What are the differences between ‘kippo-05’ and ‘kippo-svn’?
    Is there ‘kippo-svn’ a better.
    
    Thanks,
    Lancelot
  - Ion
    
    See the “input” table in the database. This is the table Kippo-Input uses to display information, not “ttylog” (although, “ttylog” should not be empty either).
    
    I think Kippo 0.5 does not fully support MySQL logging. It’s best for you to install the newest version of Kippo from the SVN server. I have already written a tutorial here: http://bruteforce.gr/installing-kippo-ssh-honeypot-on-ubuntu.html and http://bruteforce.gr/logging-kippo-events-using-mysql-db.html
    
    Regards.
  - Lancelot
    
    Hi Ion!
    
    I switching today to ‘kippo-svn’ and ‘kippo-graph’ 0.7.
    
    In kippo mysql database (input, ttylog) is currently without data. Other data are available.
    I look forward to the right data will come or not to ‘input’ and ‘ttylog’.
    
    Best regards,
    Lancelot
Jean-Philippe

Hello,

I did a small patch to my kippo-graph for it to be able to connect to a mysql db running on a non-standard port :

lab@HP:/var/www/kippo-graph$ grep PORT *.php
config.php:define(‘DB_PORT’, ‘3307’);
kippo-geo.php:$db_conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME, DB_PORT); //host, username, password, database, port
kippo-graph-generator.php:$db_conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME, DB_PORT); //host, username, password, database, port
kippo-graph.php:$db_conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME, DB_PORT); //host, username, password, database, port
kippo-input.php:$db_conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME, DB_PORT); //host, username, password, database, port

Regards,
- Ion
  
  Hello Jean-Philippe, good call!
  I’ll add it to the next version (to be released soon).
  Regards.
  - Jean-Philippe
    
    Hello Ion,
    
    I did a quick translation in French.
    
    Regards,
    
    lab@HP:/var/www/kippo-graph/include/languages$ cat lang.fr.php
    <?php
    #Package: Kippo-Graph
    #Version: 0.7.3
    #Author: ikoniaris
    #Website: bruteforce.gr/kippo-graph
    
    //INDEX.PHP STRINGS
    //MORE TODO
    define('LATEST_VERSION', ' - Vous utilisez la dernière version !’);
    define(‘NEW_VERSION_AVAILABLE’, ‘ - Il y a une nouvelle version disponible au téléchargement !’);
    
    //KIPPO-GRAPH-GENERATOR.PHP STRINGS
    define(‘TOP_10_PASSWORDS’, ‘Top 10 des mots de passe’);
    define(‘TOP_10_USERNAMES’, ‘Top 10 des noms d\’utilisateur’);
    define(‘TOP_10_COMBINATIONS’, ‘Top 10 des combinaisons noms d\’utilisateur / mots de passe’);
    define(‘AUTH_FAIL’, ‘Echec’);
    define(‘AUTH_SUCCESS’, ‘Succès’);
    define(‘OVERALL_SUCCESS_RATIO’, ‘Proportion de réussite globale’);
    define(‘MOST_SUCCESSFUL_LOGINS_PER_DAY’, ‘Nombre d\’identifications réussies par jour (Top 20)’);
    define(‘SUCCESSES_PER_DAY’, ‘Nombre de réussites par jour’);
    define(‘SUCCESSES_PER_WEEK’, ‘Nombre de réussites par semaine’);
    define(‘NUMBER_OF_CONNECTIONS_PER_UNIQUE_IP’, ‘Nombre de connexions par adresse IP unique (Top 10)’);
    define(‘SUCCESSFUL_LOGINS_FROM_SAME_IP’, ‘Nombre d\’identifications réussies depuis la même adresse IP (Top 20)’);
    define(‘MOST_PROBES_PER_DAY’, ‘Nombre de sondes par jour (Top 20)’);
    define(‘PROBES_PER_DAY’, ‘Nombre de sondes par jour’);
    define(‘PROBES_PER_WEEK’, ‘Nombre de sondes par semaine’);
    define(‘TOP_10_SSH_CLIENTS’, ‘Top 10 des clients SSH’);
    
    //KIPPO-GRAPH.PHP STRINGS
    //TODO
    
    //KIPPO-INPUT.PHP STRINGS
    //MORE TODO
    define(‘HUMAN_ACTIVITY_BUSIEST_DAYS’, ‘Activité humaine la plus forte par jour (Top 20)’);
    define(‘HUMAN_ACTIVITY_PER_DAY’, ‘Activité humaine par jour’);
    define(‘HUMAN_ACTIVITY_PER_WEEK’, ‘Activité humaine par semaine’);
    define(‘TOP_10_INPUT_OVERALL’, ‘Top 10 des saisies clavier (global)’);
    define(‘TOP_10_SUCCESSFUL_INPUT’, ‘Top 10 des saisies clavier réussies’);
    define(‘TOP_10_FAILED_INPUT’, ‘Top 10 des saisies clavier échouées’);
    
    //KIPPO-GEO.PHP STRINGS
    //MORE TODO
    define(‘NUMBER_OF_CONNECTIONS_PER_UNIQUE_IP_CC’, ‘Nombre de connexions par adresse IP unique (Top 10) + Codes des pays’);
    define(‘NUMBER_OF_CONNECTIONS_PER_COUNTRY’, ‘Nombre de connexions par pays’);
    ?>
  - Kreszol
    
    Hello Jean-Philippe,
    
    if u want, i can do Polish Translation for kippo-graph,
    
    or help with other things.
    
    Bless U
  - Ion
    
    Hello Kreszol, I think you better talk to me about it 🙂
    Thanks a lot for your offer, we are missing a Polish translation!
    I will send you the file you need to translate by email.
    Regards.
  - Ion
    
    Hello Jean-Philippe 🙂
    This is very cool. We were missing a French translation!
    Your port suggestion was also included in Kippo-Graph 0.7.4.
    Thanks for your support!
Mat

Hello,
very nice WORK.
Regards.
- Ion
  
  Hello Mat, thanks for your comment.
  
  Let me know if you have any suggestions.
  Regards, Ion.
Adam Johnston

Hello,
Really nice work very impressed by it all. Everything works apart from the SSH clients graph, I cant understand why its not working as every other graph is being populated by data.
- Ion
  
  Hello Adam, thanks a lot for your comment!
  That is strange, did you check the kippo database (clients table) manually?
  - Skyscraper
    
    Hi!
    
    I have the same problem: Nothing in “Top 10 SSH clients”, but nothing in table “clients”, too. I’ve the newest SVN version, installed today by this tutorial: http://bruteforce.gr/installing-kippo-ssh-honeypot-on-ubuntu.html
    
    Please help!
  - Ion
    
    Hello, Kippo-Graph just takes data from the MySQL db. First, check if there are any data inside the clients table and second, check if the SQL query inside kippo-graph-generator.php (I think it’s the last one) has any problems. Perhaps a table column has changed its name in a newer Kippo version or something. Please don’t forget to inform me if that’s the case so I can fix it. Regards.
  - Bubba
    
    Hi I am having a similar issue with the attempted passwords not being populated in the Kippo graph. I can see the data in MySQL - will investigate and report back if i find a solution. Version is latest from this tutorial (excellent work btw friend :-))
  - Bubba
    
    Yeah, my whole first page is populated only with a single successful result I did when setting up as a test. I have lots of attempted logins but they are not being displayed on Kippo graph. I can see them in the kippo log file and in the MySQL database. It does recognise the total login attempts and has populated all graphs in Kippo-geo. Any help would be greatly appreciated.
  - Ion
    
    Hello Bubba, perhaps you might want to send me your database so I can check it locally. Send me a message through the Contact Form and I shall get back to you. Regards, Ion.
  - Bubba
    
    Hey Ion - thank for replying - I can safely say that this was a case of user error! I deleted my test record but it turns out i did not remove it from all tables. Once I removed my client entry from the lcients table and refreshed the page - it worked 🙂 thanks and keep up the great work!
Bubba

Hey Ion, can I use my local install of Kippo graph to display results from 2x different MySQL databases? If so how? I have tested I can get 1 or the other displaying by editing the config.php but can I display both? Thanks!
- Ion
  
  Hello Bubba, sorry but no, Kippo-Graph plays per-db.
  
  You are welcome to contribute to the codebase and add this feature though!
  
  Regards, Ion.
  - Bubba
    
    Ok thanks for the reply, if I get it working I will be in touch! I love it!
sittiKhadijah

hello ion, i have installed kippo, mysql, and kippo graph, and i’ve tried to attack my kippo honeypot. in folder /log/tty there are some .log file, but when i access kippo-graph in my browser, it’s empty, i also check my kippo database using phpmyadmin, the auth table is empty too. can you help me to resolve it ??
- ikonspirasi
  
  remember to uncomment the [database_mysql] in kippo.cfg on kippo core files, not just the username, database and password
  - alex
    
    i have the same problem i made sure to uncomment the [database_mysql] but still nothing. there are some .log files in /log that do show up on the browser but nothing from /log/tty
  - alex
    
    also nothing shows up in kippo-ip but everything else is working fine
  - Ion
    
    Hey Alex, what does your server’s error log file says about it?
Mara

Hello!

I just ran kippo-graph…
I cannot see any graph in kippo-graph.php…
but I see graphs in kippo-geo.php…

do you have any idea about what I might do wrong??

Thanks!!
And great work… 😉
- Mara
  
  Sorry, (μαλακία ρώτησα)… 😛
  Ok, fixed, no problem! 🙂
JB

hi there,

Can i say what an awesome product 🙂 I am having just 1 issue, I am getting traffic comming to my honeydrive, but the kippo-graph isnt showing the country in the geo part? any ideas?

Thanks in advance

JB
- Ion
  
  Hello JB, does this happen for ALL connections? Or only for some specific ones? Can you share a screenshot (you can blur out the unrelated parts).
  
  Regards, Ion.
  - JB
    
    please see the pic below 🙂 thanks for the fast reply 🙂
  - Ion
    
    That is strange. Perhaps GeoPlugin was down? Is this still happening now? I’ve just tested a DB of my own and it works fine.
    
    I am curious about this. If you want you can send me your database (just send me a dropbox link or something through the site’s contact form) and let me try on my installation.
    
    Regards, Ion.
  - JB
    
    sorry Ion, i am not a linux wizard 🙁 how would i extract and send you the DB?
    I am off to bed right now (its 0020) but if you leave instructions i will do it as soon as i get up 🙂
    
    Many thanks for you super fast responces 🙂
    
    JB
  - Ion
    
    No problem 🙂
    
    Do you happen to have phpMyAdmin installed? If no, you can install it by issuing: “sudo apt-get install phpmyadmin” (no quotes — when asked which server to autoconfigure choose yours, I suppose it would be Apache). Then you can browse to: http://your-IP-address/phpmyadmin, login using the same MySQL credentials as in Kippo-Graph’s config.php file, choose the Kippo DB and select export from the menu. The browser will then prompt you to download the sql file.
    
    Otherwise (and because phpMyAdmin is not the safest of software) you can just type: “mysqldump -u username -p databasename > filename.sql” (no quotes — again, replacing the username, password and database name with the same MySQL data as in your Kippo-Graph’s config.php file). Then you will have to move the resulting .sql file to your web server’s document root, e.g. “mv kippo.sql /var/www/” (no quotes) and then go to http://your-IP-address/kippo.sql to download it locally.
    
    After doing one of the above just upload it somewhere (MEGA, 2shared, Dropbox, whatever) and send me the link through the site’s Contact Form: http://bruteforce.gr/contact-form
    
    Regards,
    Ion
  - JB
    
    i keep getting and error on the feedback form
    
    this is the sql file
    
    https://www.dropbox.com/s/g4acwchc9iy2se8/kippo.sql
    
    hope this helps, i have had fresh notifications overnight and still no geo data?
    
    Kind regards
    
    JB
  - Ion
    
    Hello JB. Well, it works for me. I can see geolocation data for every IP in the table. Are you sure that perhaps a firewall doesn’t block outgoing traffic of something like that?
  - JB
    
    I tried the firewall, still no joy 🙁 strange one! i have deployed a fresh vm and I’ll see how that gets on.
    
    Many thanks for your help.
    
    I will update you once i have a few hits 🙂
KMiller

Hi I’ve installed kippo and kippo-graph on my local server and on an EC2 instance, i cannot log any proper connections, all i get is “connection lost” in the kippo log file, an IP connects then disconnects after a few seconds, i’ve tried the authbind and iptables route. The kippo.cfg listen port was set accordingly, 22 for authbind and 2222 with iptables forward traffic to it, I adjusted router config accordingly, I even went 3 days without a single login attempt, just a bunch of IP addresess connecting then leaving, i find hard to believe not a single login attempt was made over that peroid.

The log file is like this, line after line.

2013-09-15 02:06:30+0000 [kippo.core.honeypot.HoneyPotSSHFactory] New connection: 192.241.186.252:
35090 (10.196.27.110:22) [session: 1]
2013-09-15 02:06:40+0000 [HoneyPotTransport,1,192.241.186.252] connection lost

Thanks!
- Ion
  
  Hello there.
  
  Why don’t you try logging in to Kippo on your own and check? Perhaps the results you are getting come from port scanning tools not SSH-specific attacks. Let us know.
  
  Regards, Ion.
dnnisp

Hello Ion, I recently got a very unfamiliar error in my Kippo-Graph:
The following zoomable world map marks the geographic locations of the top 10 IPs according to their latitude and longitude values. Click on them to get the full information available from the database.
Object # has no method ‘setMapTypeId’
It have been working before with the world map, but suddently one day this error comes.
Rio Indra Maulana

Hi Ion, I am having trouble with the Kippo-Geo feature. It does show the information about the IP statistic, but the map doesn’t show up and it return this error code

b[ha] is not a function

I tried using both version 0.8 and 0.7.7. Here is the screen shot of the error section
- Ion
  
  Hi Rio, yes I noticed that too.
  
  It seems that Google Maps made a change that broke the code. I am using a third-party PHP wrapper to create the maps, so not sure if/when it will fixed. I will look into this when I find some free time. Thanks for letting me know.
  
  Regards,
  Ion
sean

Hello ,

I am having issues with a new install I have noticed a few issues

I am unable to get any output from the graphs I have made sure to give the proper permision and the username/database is setup correctly

I see the attemps in kippo.log so I am sure kippo is working
also the generate graph button is missing
I am using 0.9.1
- Ion
  
  Hi Sean,
  the “generate graphs” link is no longer there so it’s OK. I would suggest to check it Kippo is logging to the DB. Check out this guide: http://bruteforce.gr/logging-kippo-events-using-mysql-db.html
  
  Then use a tool like phpmyadmin or manually check your MySQL server for rows in Kippo’s database (e.g. the “auth” table). If nothing is there then Kippo-Graph cannot get any data to display. Otherwise, there might some problem with your config.
  
  Regards,
  Ion
Paweł Janowski

Hi …
Successfully installed and use Kippo-graph. The question is how to clear the existing data charts and to start “from scratch”?
Pawel
- Paweł Janowski
  
  Ok, I find it 🙂
  I drop database kippo, delete all log files and reinstall Kippo-graph…
  I start “from scratch”
  🙂
  - Ion
    
    Hi Pawel,
    FYI, every time you click on the Kippo-Graph components on the menu (Kippo-Graph, Input, Geo, etc), the pages fetch the latest data from the DB.
    
    You can also manually delete the images from inside the “generated-graphs” folder to start from scratch, no need to go to extremes 🙂
    
    Regards,
    Ion
Mozart

Wauw, the playlog feature is really great! Makes it really easy to see what was tried and saves me the trouble of signing in to the honeydrive system.
- Ion
  
  Hi Mozart, thanks for your feedback!
ikonspirasi

i have update my kippo and the playlog was awesome, no need to open my box again just to see what the attacker did, and also the kippo ip, i just realized that with the easy password doesnt seem always get owned, thanks!
- Ion
  
  Thanks for your feedback ikonspirasi, glad that it’s useful! 🙂
  - iKONs
    
    the download link on kippo v1.0 is not working http://bruteforce.gr/wp-content/uploads/kippo-graph-1.0.tar
    i have to download it through github
  - Ion
    
    Hi, unfortunately I had to take it down since I missed a change to some strings in the code. I will re-upload the file tomorrow!
    
    Thanks for taking the time to report it 🙂
    
    Regards, Ion.
Kostas

Hi, the playlog is just awesome! Lot of data from the last 8 months 🙂
- Ion
  
  Thanks for the feedback Kostas. Care you share some data with me? You can contact me through the form (button on menu).
Jimcesse

Is possible to configure kippo-graph to not display the web site from outside!? I have a virtual machine with a public IP and not want this available
- Ion
  
  Hi Jimcesse, sure you can do that.
  
  You can achieve it with by placing an .htaccess (notice the dot) file in Kippo-Graph’s folder. See this for more: http://corz.org/server/tricks/htaccess.php?page=all#section-control_and_deny_access
  
  Regards,
  Ion
Top-Hat-Sec

I have had kippo running for a few months. I just installed the graph, setup the mysql database etc… I edited the config files both on the kippo graph and the kippo.cfg… The kippo graph is connecting to the database but its not pulling any data
- Ion
  
  Hi,
  so did you enable the database logging in kippo.cfg after installing Kippo-Graph? This should have been enabled from the beginning (when you started using Kippo itself).
  
  Use a tool like phpmyadmin and check that the database actually contains data. If not, then it’s not a surprise that Kippo-Graph doesn’t show anything.
  
  Regards, Ion
Resident

Getting a Broken link when i try to grab 1.0 and git gives me .93
Thanks
- Ion
  
  Hi Resident, I am aware of that, I took it down because I forgot a small change. I will re-upload soon.
  
  Thanks for your patience,
  Ion
nick

Hi there. First let me say thank you. This is great and much appreciated.

I do have one small problem. I’m running version 1.1 and despite lots of logins and activity, my “Kippo-Input” tab is full of zeros. I’ve got playlogs and those show the input, there’s just nothing on that tab. Just wanted to let you know.
- Ion
  
  Hi Nick, thanks for your message!
  
  Hm, if you could export your DB and sent it to me (a dropbox link perhaps) via the contact form, I could help. And also it’d be appreciated if this is a problem that others might have.
  
  Regards,
  Ion.
cjones

Worth noting that on CentOS, the package php-xml is required for the generation of the geo maps, took me a while to figure it out, but running ‘php kippo-geo.php’ gave me a hint!
Chris

With the new RedBeanPHP do we have to be on PHP > 5.3.4. Seems there are issues otherwise.

PHP Fatal error: Declaration of RedBeanPHPOODBBean::offsetGet() must be compatible with that of ArrayAccess::offsetGet() in /var/www/html/kippo-graph/include/rb.php on line 842
- Ion
  
  Hi Chris, yes this is true. RedBeanPHP requires PHP 5.3.4 or higher.
- Ion
  
  I updated the requirements and README file(s) to reflect this.
John Graybosch

What’s with all of the other SQL script in the SQL folder? Do I have to run those too?
- Ion
  
  Hi John, no, just follow the installation instructions and then visit /kippo-graph. You’ll be all set.
kippo user

A small problem with big qty of scans
- Ion
  
  Hi and thanks for also opening a GitHub issue about this. I’ll look into it. But perhaps not all connection open a session? I’m not sure.
  
  Regards,
  Ion
Andre Comochina

i’ve downloaded a version of honeydrive, i’ve did what this tutorial teaches and my kippo still isn’t running at all, the page is running, and don’t show the errors of mysql connection, but if i’ve tried to select the database to receive the atempts to log in the honeypot, i got nothing, the database is clear and the graphics are empty, is there any help u can give me? thanks a lot
- Ion
  
  Hi, if you downloaded HoneyDrive, you don’t have to do anything else apart from running the start.sh script. Everything else is set. If you don’t see anything try tailing Apache’s error log to see what errors you get. Regards.
Zachary Hardie

We have been getting millions of probes to kippo and thusly, it takes a few minutes for kippo-graph to load each time.

I have a suggestion as a workaround for this small problem:
1.) Possibly add an option to run the php scripts on a cron job and have the web page simply pull the generated graphs, so that the page will be accessible all the time without the delay.
2.) Maybe caching the data used in the generated graphs and have each new query only parse the new data since the last update, combined with the cached data?

I haven’t yet looked through the scripts to see if this would be possible. Let me know what you think! Awesome stuff though!
- Ion
  
  Hi Zachary, thanks for your feedback and for using Kippo-Graph!
  
  Hm, at first I had it like that, with a separate script responsible to create the graphs and the “Kippo-Graph” was just displaying the already generated ones. Although, now that the other components are there too, going back to this will need a bit of code refactoring.
  
  I’ll consider it, but it’s best if you open a GitHub issue for it so I can keep track of requests!
  
  Thanks, Ion.
stinkefisch

Thanks man, very nice.
Keep up the good work top man 😉
Resilldoux

Awesome tool! However, version 1.5 throws the following error at me after the first connection is made to Kippo (see attachment). I’m running FreeBSD 10.1p5, using MySQL 5.6.22 and PHP 5.4.37 from the repositories using pkg.

Fatal error: Uncaught [22001] - SQLSTATE[22001]: String data, right truncated: 1406 Data too long for column ‘country’ at row 1 trace: #0 /usr/local/www/apache24/data/kippo-graph/include/rb.php(848): RedBeanPHPDriverRPDO->runQuery(‘INSERT INTO tem…’, Array) #1 /usr/local/www/apache24/data/kippo-graph/include/rb.php(3024): RedBeanPHPDriverRPDO->Execute(‘INSERT INTO tem…’, Array) #2 /usr/local/www/apache24/data/kippo-graph/include/rb.php(9305): RedBeanPHPAdapterDBAdapter->exec(‘INSERT INTO tem…’, Array) #3 /usr/local/www/apache24/data/kippo-graph/include/rb.php(9922): RedBeanPHPFacade::query(‘exec’, ‘INSERT INTO tem…’, Array) #4 /usr/local/www/apache24/data/kippo-graph/class/KippoGeo.class.php(183): RedBeanPHPFacade::exec(‘INSERT INTO tem…’) #5 /usr/local/www/apache24/data/kippo-graph/kippo-geo.php(61): KippoGeo->printKippoGeoData() #6 {main} thrown in /usr/local/www/apache24/data/kippo-graph/include/rb.php on line 636
- Ion
  
  Hi, it seems like an error caused by the new RedBeanPHP version. Can you open a GitHub ticket for it please so I can track it? Thanks!
  - Resilldoux
    
    Sure!
  - Ion
    
    Hi Resilldoux, I replied at the Github issue.
  - Resilldoux
    
    Thanks Ion, I replied back to tell you your fix works.
newhoneypotstudent

Im a student trying to get kippo graph up. Kippo installed and working. mysql configured and working. phpmyadmin shows data through the web interface. When I browse to my server /kippo-graph I get: Not Found. The requested URL /kippo-graph was not found on this server. Any suggestions?
- Ion
  
  Hi, have you installed Apache? Have you started it? Have you placed Kippo-Graph in your document root? (.e.g /var/www/ or /var/www/html/).
  - newhoneypotstudent
    
    Thanks for the reply! Apache is installed and working. I’m viewing a home page, as well as phpmyadmin working through apache. Kippo graph was installed with the instructions above and lives at /var/www/kippo-graph
  - newhoneypotstudent
    
    Forgot to add - running Ubuntu-14.04.1-LTS-64bit
- Simon
  
  Try installing kippo graph in /var/www/html/ rather than /var/www/ , seemed to work for me
Simon

First of all thanks for the great work. I am having a basic issue, I have a mysql database with all the kippo attack info and I can see it it in phpmyadmin, yet putting localhost/kippo-graph/ in the browser brings up nothing. I have followed the installation advice exactly and checked it. I don’t suppose you would know why it isn’t coming up?

I have updated everything and checked my settings, the fact that it comes up in phpmyadmin suggests that it can connect to localhost.
- Simon
  
  Ah I see it is the same issue as the poster newhoneypotstudent has posted below. I will try reinstall an earlier version see if that helps
  - Simon
    
    Got it finally working by installing kippo graph in /var/www/html rather than just /var/www/
Paul

Hi. I’ve successfully installed kippo-graph, but an issue:

- The images on the kippo pages are all missing. Is that because graphs aren’t being generated, or is there a path issue to the images placeholders?
- Ion
  
  Hi Paul, make sure you chmod’ed the generated-graphs folder. Other than that, what does your web server log says? (e.g. Apacher’s error_log)
  - Paul
    
    It was just that no data had come in yet. All good now. Thanks.
Tim

What are people using for kippo-graph authentication? Are you blocking all external access, locking down this folder only? Other?
Peter

So I had an attacker which were very active executing a lot of commands, mainly to kill stuff. Anyways, he was interesting so I wanted to see the playlog. But under the “kippo-playlog” page there’s no entry for his session. While under “kippo-input” I can see some commands and wgets for the session. Pressing the play next to a wget commands just give me an empty playlog. All that is visible is “## end of log ##”. Something you’ve heard of before?
- Peter
  
  More info: http://i.imgur.com/16sjCZV.png
  
  Looks like an issue with Kippo rather than kippo-graph
  - Ion
    
    Hey Peter, where is this output from? Have you tried the Python playlog script included in Kippo (I think inside the utils folder)?
stickygreen

Hi, I followed all the instructions but when i go to the webpage, I only see the tab menu from kippo, nothing else than that . I installed kippo-graph in /var/www because that’s my root folder in apache. When do an ls i see al the tab menus and the scripts.. Can you help me please?
- stickygreen
  
  and my generated-graphs folder is empty btw, i chmod’d it as well ..
- Ion
  
  Hi. What does your server’s error log say? Did you also enter the correct root path in config.php?
  - stickygreen
    
    Hi, ty for answering so quick, i’m doing a thesis on this and i don’t have much time left. Where can i find the server’s error log (/var/log/syslog ?). And where in the config file do I need to put the root directory in, is it _FILE_ where i need to put /var/www/ ? Ty in advance 😉
  - Ion
    
    Ah, I forgot that I’ve used __FILE__. It’s fine, you don’t have to change anything there.
    
    The log you’re looking for are usually at /var/log/apache or /var/log/httpd.
  - stickygreen
    
    hi, this it a cat from the /var/log/apache2/error.log
  - Ion
    
    Argh, this is probably my mistake. I’ve fixed that in the git repo but didn’t release an updated package. Can you clone from GitHub instead of using the package? And can you also tell me what PHP version you are running (php -v)? I suppose < 5.4.
  - stickygreen
    
    Thank you so much, everything is working. My php version is 5.3.10 btw. Can you just tell how i can generate data into the web interface, so i can see what i did in the play log?
  - stickygreen
    
    because when I try to start an ssh session from my host machine (i’m running my honeypot server on a virtual machine), I can’t login as root with password 123456
  - Ion
    
    root:123456 is the default combination. Can you check your userdb.txt file and see if it’s there? Also, make sure you’re connecting to the correct port as Kippo opens 2222 by default and not 22 (because ports <1024 need root permissions). Here I have explained how you can "fix" this using authbind: http://bruteforce.gr/installing-kippo-ssh-honeypot-on-ubuntu.html. Another way is to use iptables and forward 2222 to 22.
Mike

Having some interesting issues that I’m having a tough time figuring out the cause of.

Getting the following error, after upgrading from kippo-graph-1.5.0 to kippo-graph-1.5.1 (just copied over the config.dist.php and config.php files)

PHP Warning: file_put_contents(/var/www/html/kippo-graph/include/tor/tor_exit_node_list.txt): failed to open stream: Permission denied in /var/www/html/kippo-graph/include/tor/tor.class.php on line 11, referer: http://localhost/kippo-graph/gallery.php

All the folders and files are permissions of the apache webserver (apache:apache), /var/www/html/kippo-graph/include/tor/tor.class.php and /var/www/html/kippo-graph/include/tor/tor_exit_node_list.txt are 0777 apache:apache

Not sure what is causing this error.

Thanks for any help!
Todd

Hi Ion, I just updated kippo-graph to the latest version. The problem I am experiencing is the kippo-graph page isn’t showing any data or graphs. For example, it is not showing any passwords. I can download a csv of the passwords. The graphs on the input page and geo page are working. Any suggestions? Thanks
- Ion
  
  Hi Todd, what does your web server log say? (e.g. in /var/log/apache2/error.log)
  - Todd
    
    Here it is. I am able to open MySQL and see the tables populated. It looks to me like whatever is supposed to generate the graph and put it in the generated graphs folder isn’t.
  - Ion
    
    Can you check that the generated-graphs folder exists and that it’s chmod’ed to 777? When you say updated to latest version, how do you mean? git pull?
  - Todd
    
    By latest version I mean Kippo-graph is 1.5. generated-graphs is chmod’d. Thanks for the help.
  - Ion
    
    Wait, why there is a kippo-graph-1.5 folder inside kippo-graph? Which URL are you visiting in your browser? I suggest the following: cd /var/www/; rm -rf kippo-graph/; git clone https://github.com/ikoniaris/kippo-graph.git; cd kippo-graph; chmod 777 generated-graphs; cp config.php.dist config.php; nano config.php
  - Todd
    
    I will follow your suggestion and post back. To answer your question, the folder kippo-graph-1.5 is there because of step 5 in the Quick installation steps above. I ended up moving all of the files from inside that to the kippo-graph folder. I just forgot to delete it.
  - Todd
    
    Perfect! Thanks Ion.
iKONs

Hi Ion, i have update into kippo graph 1.5.1, however the kippo-ip.php shows nothing, only “IP activity gathered from the honeypot system” and blank…
How to fix this?
Thanks
- Ion
  
  Hi! What does your server’s error log say? You can possibly find it at /var/log/apache2/error.log or /var/log/httpd/error_log or something.
stonia

hi, i tried out HoneyDrive and it works good but now I have a problem with Kippo Graph, when I access it in my browser it’s empty even though there are some log files in /log/tty. I don’t know how to figure out what’s wrong,I checked the log files but I mostly don’t understand anything, can someone help?
- Ion
  
  Hi, hm, this seems to be an Apache error? Have you updated HoneyDrive by any chance via apt?
  - stonia
    
    oh, yes i did an apt get upgrade, so that could have caused a problem!
    I resetted the machine anyway so now i’m now in a state before the apt and Kippo Graph seems to work just fine
Amet

I really really appreciate your Kippo work. I must really be on time with an urgent work. I populated Mysql db with some kippo logs (thousands IP s). I can display in phpmyadmin and mysql cli in ubuntu 14.04 BUT not in kippo-ip, kippo-geo tabs in kippo-graph. Username and password attempts can all be displayed in kippo-graph.

I read all posts by the way.

I chmodded kippo-graph and kippo subdirs. From my local pc, I can generate log and display it in mysql, phpmyadmin and all relative tabs in kippo-graph including ip-geo.

If you could help me, i am gonna pray for you all night instead of figuring out this. 🙂
- Ion
  
  Hi Amet. So if I understand correctly: using the same version of Kippo-Graph and the same MySQL db, you are able to see the data in Kippo-IP/Geo on your local machine but on the server running Kippo? If that’s the case, what is the problem exactly? Page timing out? Blank page? What does your Apache/nginx logs say?
  - Amet Dursun
    
    With the help of kippo2mysqldb script, i was able to populate MySQL db with kippo logs successully. I can display them in Mysql and phpmyadmin perfectly. When i tried to display them in kippo graph; i can only see username-password attempts not the ip addresses under ip-geo tab. But when i tried to ssh to honeypot from one of my stations, interestingly i can display those private ips under Kippo-IP-GEO tab, that is, it works fine. As a result, when i populated with my logs i can’t display them in Kippo-IP-GEO but when I sshed from my stations, the stations’ private ips all appear in Kippo-IP-GEO.
  - Ion
    
    It’s been a while since I last touched Kippo2MySQL but IIRC the data you can transfer with it to a DB are minimal. It’s 10 times better if you run your Kippo honeypot with MySQL logging enabled from the beginning. Maybe this is what happened? You were running Kippo without DB logging and ended up with a bunch of text based log files and then you enabled DB logging? That would explain why you can your IPs in Kippo-Geo (presumably after you enabled DB logging) but not the ones from your text based log files (before you had enabled DB logging). In any case, if you have text based logs it’s hard to populate the DB as if Kippo had DB logging enabled so don’t expect great results. You should also give this script a try: http://bruteforce.gr/new-tool-kippo-log2db-pl.html which is better.
  - Amet Dursun
    
    I guessed like you said that the only efficient way is to start logging from the beginning. 🙂 This was the bitter experience. Thank you for your kind and fast cooperation I ll try the link you sent.
QK

Hi Ion,
Sorry I am new to this, please dont mind my stupid question.

I have setup my kippo on AWS cloud instance, I have now installed Kippo-Graph 0.5 and in the config.php you have asked to change localhost, username, password, & database. What values should I add here?

I’ll really appreciate your response 🙂

Thanks
QK
- Ion
  
  Hi QK. You should enter your MySQL information there. Have you setup Kippo to write to MySQL? If not, follow this: https://bruteforce.gr/logging-kippo-events-using-mysql-db.html
h a d i

Can someone help me with this please?

Failed to load application: ‘module’ object has no attribute ‘IPluggableAuthenticationModules’
sean

Hello I have come across a weird issue which I am thinking may be a dependency issue

My kippo graph works great but when I click on kippo-graph I get a download rather than the page displaying I have checked my dependcies but I am not seeing anything missing

Distributor ID: Debian
Description: Debian GNU/Linux 7.11 (wheezy)
Release: 7.11
Codename: wheezy

err.log is not showing anything

Could someone please tell me what I could be missing I am currently using Version: 1.4.2
- Ion
  
  Hi Sean, it looks like a web server problem. Take a look at this: https://stackoverflow.com/questions/18422140/apache-is-downloading-php-files-instead-of-displaying-them it might be helpful in your case.
  - sean
    
    Thanks for the response but it was a browser issue I didnt think to clear cache/cookies its working fine now
Cristobal Mckinnie

My children were searching for KY Hart-Supported Lliving Grant Application this month and learned about a great service that hosts a ton of fillable forms . If you need to fill out KY Hart-Supported Lliving Grant Application too , here’s http://goo.gl/Wgz1fJ
shehryar khan

hello .
i gone through all the above steps but at the end when i check in browser (my ip/kippo-graph) this comes on page.

kindly help

Kippo-Graph | Fast Visualization for your Kippo SSH Honeypot Stats

Kippo-Graph

Fast Visualization for your Kippo SSH Honeypot Stats

Version: 1.5.1 | Website: bruteforce.gr/kippo-graph
shehryar khan

is it because of /var/www/html ????
shehryar khan

when is execute the command for installation of libapache2 so this error comes

Package libapache2-mod-php5 is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

BruteForce Lab's Blog

security, programming, devops, visualization, the cloud

Kippo-Graph

DOWNLOAD Kippo-Graph:

REQUIREMENTS:

QUICK INSTALLATION:

PREVIOUS VERSIONS:

CHANGES:

SCREENSHOTS:

Subscribe to Blog via Email

Subscribe to BruteForce Lab

Popular Posts

Recent Posts

Archives

Categories

Blogroll

Interesting Websites

Organizations

Read previous post:

The big post of Kippo scripts, front-ends, bash one-liners and SQL queries

Logging Kippo events using MySQL DB

Installing Kippo SSH Honeypot on Ubuntu

Έλληνες σε Security Conferences

Εγκατάσταση του Kippo SSH Honeypot (Ubuntu 11.04)

BruteForce Lab's Blog

security, programming, devops, visualization, the cloud

Kippo-Graph

DOWNLOAD Kippo-Graph:

REQUIREMENTS:

QUICK INSTALLATION:

PREVIOUS VERSIONS:

CHANGES:

SCREENSHOTS:

Subscribe to Blog via Email

Share this:

Subscribe to BruteForce Lab

Popular Posts

Recent Posts

Archives

Categories

Blogroll

Interesting Websites

Organizations

Read previous post:

The big post of Kippo scripts, front-ends, bash one-liners and SQL queries

Logging Kippo events using MySQL DB

Installing Kippo SSH Honeypot on Ubuntu

Έλληνες σε Security Conferences

Εγκατάσταση του Kippo SSH Honeypot (Ubuntu 11.04)