PHPackages                             ilogus/laravel-honeypotplus - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. ilogus/laravel-honeypotplus

ActiveLibrary[Security](/categories/security)

ilogus/laravel-honeypotplus
===========================

Laravel package to detect malicious IPs, ban them via Cloudflare, and report to AbuseIPDB

v1.0.1(today)22↑2900%MITPHPPHP ^8.3

Since Jun 13Pushed today2 watchersCompare

[ Source](https://github.com/ilogus/laravel-honeypotplus)[ Packagist](https://packagist.org/packages/ilogus/laravel-honeypotplus)[ Docs](https://github.com/ilogus/laravel-honeypotplus)[ RSS](/packages/ilogus-laravel-honeypotplus/feed)WikiDiscussions main Synced today

READMEChangelog (2)Dependencies (10)Versions (3)Used By (0)

HoneypotPlus for Laravel
========================

[](#honeypotplus-for-laravel)

A Laravel package that detects malicious IPs attempting to access sensitive files/paths, bans them via Cloudflare, reports them to AbuseIPDB, and provides an interactive CLI management interface.

> **Note**: This package is **not** a form honeypot. For form honeypot protection, consider using [spatie/laravel-honeypot](https://github.com/spatie/laravel-honeypot). HoneypotPlus focuses on detecting malicious reconnaissance attempts on sensitive paths like `.env`, `.git`, `wp-admin`, etc.

[![Tests](https://github.com/ilogus/laravel-honeypotplus/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/ilogus/laravel-honeypotplus/actions?query=workflow%3ATests+branch%3Amain)[![Coverage](https://camo.githubusercontent.com/c2eabb62d0eabfd1669c9993a3ad2318a999dbb0ca6832cebf827da0d0b0221b/68747470733a2f2f636f6465636f762e696f2f67682f696c6f6775732f6c61726176656c2d686f6e6579706f74706c75732f6272616e63682f6d61696e2f67726170682f62616467652e737667)](https://codecov.io/gh/ilogus/laravel-honeypotplus)[![License](https://camo.githubusercontent.com/733bcdfb078912a8cd20ef23ecade4d4c9d33c247114b6076bb2c8713133020c/68747470733a2f2f696d672e736869656c64732e696f2f6769746875622f6c6963656e73652f696c6f6775732f6c61726176656c2d686f6e6579706f74706c7573)](https://github.com/ilogus/laravel-honeypotplus/blob/main/LICENSE)

Features
--------

[](#features)

- **Honeypot Detection**: Detect malicious IP access attempts on sensitive paths (`.env`, `wp-admin`, etc.)
- **Cloudflare Integration**: Automatically ban IPs via Cloudflare Firewall Rules
- **AbuseIPDB Reporting**: Automatically report malicious IPs to AbuseIPDB
- **Automatic Cleanup**: Scheduled task to unban expired bans
- **Interactive CLI**: Manage blocked IPs with `php artisan honeypot-plus:manage`
- **Event-Driven**: Clean architecture using Laravel's Event/Listener system
- **Zero Configuration**: Features auto-enable when API keys are present

Requirements
------------

[](#requirements)

- PHP 8.3 or higher
- Laravel 12.x or 13.x

Installation
------------

[](#installation)

```
composer require ilogus/laravel-honeypotplus
```

Install the package:

```
php artisan honeypot-plus:install
```

This will:

- Publish the configuration file to `config/honeypot-plus.php`
- Publish the migration file to `database/migrations/`

Configuration
-------------

[](#configuration)

The package works out of the box with default settings. To customize, edit the published configuration file:

```
config/honeypot-plus.php
```

### Environment Variables

[](#environment-variables)

Add the following to your `.env` file:

```
# Enable or disable the package
HONEYPOT_PLUS_ENABLE=true

# Enable logging
HONEYPOT_PLUS_LOGGING=true

# Ban duration in hours (default: 24)
HONEYPOT_PLUS_BAN_DURATION_HOURS=24

# Cloudflare (optional - auto-enables when both are set)
HONEYPOT_PLUS_CLOUDFLARE_API_TOKEN=your_cloudflare_api_token
HONEYPOT_PLUS_CLOUDFLARE_ZONE_ID=your_zone_id

# AbuseIPDB (optional - auto-enables when set)
HONEYPOT_PLUS_ABUSEIPDB_KEY=your_abuseipdb_api_key

# Cleanup schedule (default: daily)
HONEYPOT_PLUS_SCHEDULE_CLEANUP=daily
```

### Getting Cloudflare API Token

[](#getting-cloudflare-api-token)

1. Go to [Cloudflare Dashboard](https://dash.cloudflare.com/)
2. Navigate to **My Profile** → **API Tokens**
3. Create a token with **Edit** permission for **Zone** → **Firewall Rules**
4. Copy the token

### Getting AbuseIPDB API Key

[](#getting-abuseipdb-api-key)

1. Sign up at [AbuseIPDB](https://www.abuseipdb.com/)
2. Navigate to **API** section
3. Copy your API key

Usage
-----

[](#usage)

### Middleware

[](#middleware)

Add the middleware to your application to intercept malicious requests before Laravel's routing:

```
// In bootstrap/app.php
use HoneypotPlus\Middleware\HoneypotPlusMiddleware;

return Application::configure(basePath: dirname(__DIR__))
    ->withRouting(
        //
    )
    ->withMiddleware(function (Middleware $middleware) {
        $middleware->append(HoneypotPlusMiddleware::class); // add the middleware
    })
    ->withExceptions(function (Exceptions $exceptions) {
        //
    })->create();
```

> **Important**: Use `append()` to ensure the honeypot middleware runs *before* Laravel's routing. Otherwise, Laravel will return a 404 page for non-existent routes instead of allowing the honeypot to detect and block malicious IPs.

### Custom Honeypot Rules

[](#custom-honeypot-rules)

In `config/honeypot-plus.php`, you can customize the honeypot patterns:

```
'honeypots' => [
    // Static routes
    '/.env',
    '/wp-admin',
    '/.git',

    // Regex patterns (prefix with 'regex:')
    'regex:/^\.env\./i',
    'regex:/wp-config\.php$/i',
],
```

### CLI Management

[](#cli-management)

List and manage blocked IPs interactively:

```
php artisan honeypot-plus:manage
```

Available actions:

- List blocked IPs
- Ban an IP manually
- Unban an IP
- Show statistics

### Manual Ban/Unban via Facade

[](#manual-banunban-via-facade)

```
use HoneypotPlus\Facades\HoneypotPlus;

// Ban an IP for 24 hours
HoneypotPlus::ban('192.168.1.1', 24);

// Check if an IP is banned
if (HoneypotPlus::isBanned('192.168.1.1')) {
    // IP is banned
}

// Unban an IP
HoneypotPlus::unban('192.168.1.1');

// Get statistics
$stats = HoneypotPlus::getStats();
// Returns: ['total' => 10, 'active' => 5, 'expired' => 5, 'reported' => 3]
```

Artisan Commands
----------------

[](#artisan-commands)

CommandDescription`php artisan honeypot-plus:install`Install the package (publish config & migration)`php artisan honeypot-plus:manage`Interactive IP management`php artisan honeypot-plus:cleanup`Clean up expired bans (runs automatically)Automatic Scheduling
--------------------

[](#automatic-scheduling)

The cleanup command is automatically registered in Laravel's scheduler. No manual configuration needed.

To verify the schedule:

```
php artisan schedule:list
```

Database Schema
---------------

[](#database-schema)

The package creates a `honeypot_plus_attacks` table with the following columns:

ColumnTypeDescription`id`bigintPrimary key`ip`stringAttacker IP address`honeypot_rule`stringMatched honeypot pattern`user_agent`string (nullable)Request user agent`http_method`stringRequest method (GET, POST, etc.)`path_requested`stringRequested path`reported_at`timestamp (nullable)When reported to AbuseIPDB`cf_rule_id`string (nullable)Cloudflare rule ID`expiration_at`timestamp (nullable)Ban expiration`is_blocked`booleanCurrently blocked`already_reported`booleanAlready reported to AbuseIPDB`last_seen_at`timestamp (nullable)Last activityArchitecture
------------

[](#architecture)

The package follows Laravel best practices with a clean, event-driven architecture:

 ```
flowchart TD
    A[Request] --> B[HoneypotPlus Middleware]
    B --> C{Path matches honeypot?}
    C -->|Yes| D[HoneypotAttackDetected Event]
    C -->|No| E[Continue to Laravel]

    D --> F[HandleHoneypotAttack Listener]

    F --> G[Save Attack to Database]
    F --> H[Report to AbuseIPDB]
    F --> I[Ban via Cloudflare]

    H -->|API Key present| J[AbuseIPDB API]
    H -->|No API Key| K[Skip reporting]

    I -->|Credentials present| L[Cloudflare Firewall API]
    I -->|No credentials| M[Skip Cloudflare ban]

    G --> N[Record: IP, path, user-agent, timestamp]
    L --> O[Create firewall rule]
    J --> P[Submit abuse report]

    style A fill:#e1f5ff
    style B fill:#fff3cd
    style D fill:#f8d7da
    style F fill:#d4edda
    style J fill:#d1ecf1
    style L fill:#d1ecf1
```

      Loading Testing
-------

[](#testing)

Run the test suite:

```
cd honeypotplus
composer test
```

Run with coverage:

```
composer test-coverage
```

Security
--------

[](#security)

If you discover a security vulnerability, please email .

License
-------

[](#license)

HoneypotPlus is open-source software licensed under the [MIT license](LICENSE).

Credits
-------

[](#credits)

- [All Contributors](https://github.com/ilogus/laravel-honeypotplus/graphs/contributors)

Support
-------

[](#support)

- [Documentation](https://github.com/ilogus/laravel-honeypotplus)
- [Issues](https://github.com/ilogus/laravel-honeypotplus/issues)
- [Discussions](https://github.com/ilogus/laravel-honeypotplus/discussions)

###  Health Score

42

—

FairBetter than 88% of packages

Maintenance100

Actively maintained with recent releases

Popularity6

Limited adoption so far

Community4

Small or concentrated contributor base

Maturity49

Maturing project, gaining track record

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~0 days

Total

2

Last Release

0d ago

### Community

Maintainers

![](https://avatars.githubusercontent.com/u/10232690?v=4)[IloGus](/maintainers/ilogus)[@ilogus](https://github.com/ilogus)

---

Tags

laravelsecuritycloudflareHoneypotabuseipdb

###  Code Quality

TestsPest

Code StyleLaravel Pint

### Embed Badge

![Health badge](/badges/ilogus-laravel-honeypotplus/health.svg)

```
[![Health](https://phpackages.com/badges/ilogus-laravel-honeypotplus/health.svg)](https://phpackages.com/packages/ilogus-laravel-honeypotplus)
```

###  Alternatives

[psalm/plugin-laravel

Psalm plugin for Laravel

3325.1M337](/packages/psalm-plugin-laravel)[laravel/pulse

Laravel Pulse is a real-time application performance monitoring tool and dashboard for your Laravel application.

1.7k14.1M120](/packages/laravel-pulse)[larastan/larastan

Larastan - Discover bugs in your code without running it. A phpstan/phpstan extension for Laravel

6.4k51.0M7.5k](/packages/larastan-larastan)[roots/acorn

Framework for Roots WordPress projects built with Laravel components.

9732.3M121](/packages/roots-acorn)[aedart/athenaeum

Athenaeum is a mono repository; a collection of various PHP packages

245.2k](/packages/aedart-athenaeum)[calebdw/larastan

Larastan - Discover bugs in your code without running it. A phpstan/phpstan extension for Laravel

15104.9k4](/packages/calebdw-larastan)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)