HackBack with Apache and PHP (redirect back)

Are you bored of hackig-attempts to your server, and you want to fight back?
I collect some opportunities here.

Step 1: Getting real client IP address in PHP

If you realise that someone wants to check your server for specific PHP-files (like 123.123.123.123/config.php ...) create a dummy config.php file where you can start your fightback.

Use these functions (copy&paste) to save the attackers IP in a PHP-variable $IP = function() to fight back directly or write attackers IP to MySQL Database for logging reasons:
https://www.virendrachandak.com/techtalk/getting-real-client-ip-address-in-php-2/

With this function in your script you can fill the $IP variable:

$IP = get_client_ip_server();

Step 2: Get Port Number from client

Fill the $PORT variable:

$PORT = $_SERVER['REMOTE_PORT'];

Step 3: Redirect attacker back to himself

Use $IP and $PORT to send back: If attacker opens the php file, he will be redirected to his own IP and Port.

header("Location: ".$IP.":".$PORT."");
die();

Variations

Of course, you can also change the redirection to any other URL you like. For example to the policia or to servers of other hackers so that they can assist you :) .

Step 4: Scan open Ports on the Attackers machine

In this step you can scan the open ports on the attacking IP:

codehill.com/2012/07/a-simple-port-scanner-in-php/

You just have to modify the script, by deleting the "Form" on top, and replace the $_POST variabe with the $IP variable you have filled in step 1:

change this line: if($pf = @fsockopen($IP, $port, $err, $err_string, 1)) {

If you open your .php file you should see something like:

Port 21 (ftp): Inaccessible
Port 22 (ssh): Inaccessible
Port 23 (telnet): Inaccessible
Port 25 (smtp): Inaccessible
Port 53 (domain): Inaccessible
Port 80 (http): Inaccessible
Port 110 (pop3): Inaccessible
Port 1433 (ms-sql-s): Inaccessible
Port 3306 (mysql): Inaccessible

or - if you test from a server - you should have at least Port 80 (http): OK.

Now you know which ports a accessible on the attackers machine. You should comment-out the "echo" lines, so that the output will not be visible.

And you should fill a new array only with the open ports under line "if($val) {" for further backhacking:

$OpenPorts = array();

$OpenPorts[] = $ports;