LowEndTalk member @htop recently shared the results of a honeypot that’s been setup.

I found this post quite interesting:The machine is being blasted almost every second.  So, I wrote one myself, put it on the machine to collect other people’s attack behaviors. And wrote a simple web page for display, which is equivalent to a simple honeypot application. It seems that the effect is really outstanding.

A “honeypot” is a fake server, app, or system that looks legit but is actually gaslighting a potential attacker.  Honeypots have many applications.  For example, appearing-to-be-vulnerable servers, apps, email accounts, etc. can act as canaries for new attacks, vulnerabilities, or spam.

In this case, @htop modified the sshd binary in order to capture passwords.  Normally, sshd does not record failed logins (trivia: Linux circa 0.1 logged failed users and the passwords they tried to use in syslog!).  All failed attempts are then published on this web page.

If you’ve ever run a server, you probably have seen many failed logins in your syslog.  Script kiddies will try hundreds/thousands/millions of IPs to see if any have accounts with poor passwords.  There are different ways to combat this: turning off password authentication is the best, but you can also use fail2ban to limit attackers to only a few failed attempts before their IP is blocked.  Changing the ssh port does not increase security but is often done to reduce log spam.

Looking at @htop’s collected data, we see the usual bad passwords being tried.  “manager123”, “sysop”, “qwerty123!”, “00000000”, etc.  I haven’t seen a “monkey1” go by yet but I’m sure it will.

• Author
• Recent Posts

raindog308

Dread Lord of LowEnd Content at LowEndBox

I'm raindog308, techno polymath and long-time LowEndTalk community Administrator. My technical interests include all things Unix, perl, python, golang, shell scripting, vintage operating systems such as MVS, and relational database systems such as Oracle, PostgreSQL, and MySQL.

I also enjoy using LEBs! I have an empire of little guys for VPNs, larger guys for apps, and big guys for databases and storage. When I'm not in front a screen I'm into German Shepherd dogs, quality knives, target shooting, theology, tabletop roleplaying games, and forest hiking.

I enjoy writing technical articles here on LowEndBox to help people get more out of their systems. You can find me on LowEndTalk @raindog308

Latest posts by raindog308 (see all)

• Let’s Check In: sh97’s Network Benchmark Script has Plenty of New Developments! - April 16, 2024
• Setup a Highly Available WordPress Site From Scratch, 2024 Edition!Part 6: MariaDB Multi-Master - April 16, 2024
• Setup a Highly Available WordPress Site From Scratch, 2024 Edition!Part 5: WordPress Install - April 15, 2024