LowEndTalk member @htop recently shared the results of a honeypot that’s been setup.
I found this post quite interesting:The machine is being blasted almost every second. So, I wrote one myself, put it on the machine to collect other people’s attack behaviors. And wrote a simple web page for display, which is equivalent to a simple honeypot application. It seems that the effect is really outstanding.
A “honeypot” is a fake server, app, or system that looks legit but is actually gaslighting a potential attacker. Honeypots have many applications. For example, appearing-to-be-vulnerable servers, apps, email accounts, etc. can act as canaries for new attacks, vulnerabilities, or spam.
In this case, @htop modified the sshd binary in order to capture passwords. Normally, sshd does not record failed logins (trivia: Linux circa 0.1 logged failed users and the passwords they tried to use in syslog!). All failed attempts are then published on this web page.
If you’ve ever run a server, you probably have seen many failed logins in your syslog. Script kiddies will try hundreds/thousands/millions of IPs to see if any have accounts with poor passwords. There are different ways to combat this: turning off password authentication is the best, but you can also use fail2ban to limit attackers to only a few failed attempts before their IP is blocked. Changing the ssh port does not increase security but is often done to reduce log spam.
Looking at @htop’s collected data, we see the usual bad passwords being tried. “manager123”, “sysop”, “qwerty123!”, “00000000”, etc. I haven’t seen a “monkey1” go by yet but I’m sure it will.
Related Posts:
"OMG! I Never Knew That!": The Simply Linux Tip That Has Got Me More Thanks Than Anything I've Ever ...
Need a Laugh? Read the Linux Kernel List's Foam-Mouthed Responses to Russian Programmers Banned from...
Nontechnical Nonsense: Rust Stirs Up a Storm of Drama in the Linux Kernel: Ted T'so Shouting, Mainta...
RedHat Prepares to Give Bootloaders the Boot
Get Ready to Scan Your Passport If You Want to Buy a VM This Summer
Irritation Removed: You Do Everything As Root And Hate Manually Removing Sudo From Copy-Paste Comman...
- VisualWebTechnologies:Cheap cPanel and DirectAdmin – As Cheap as $6/Year! - February 5, 2025
- Let’s Encrypt Retiring Expiration Emails: Three Quick Solutions to Fill the Gap - February 4, 2025
- Tons of New Apps Added on PikaPods, Plus More Features!FREE $5 Welcome Credit Offer Still Good! - February 2, 2025
Leave a Reply