New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
I have one of those running. You may get a few samples per day, mostly from automated Samba/Windows worms. Check your binaries, bistreams, and rtp sub-folders after a while. Also, you can use it with DionaeaFR which is a nice front-web.
For a more interesting medium interaction SSH honeypot, check out Kippo on GitHub (and kippo-graph for visualization). See this post for the malware samples I collected over the years:
http://www.lowendtalk.com/discussion/24031/a-useful-list-of-recent-malware-caught-on-vps-server
I've had it running for about 8-9 hours now and no samples, but lots of MySQL scans.
It's let, post the IP here and no doubt you'll get some in no time
I run a false ssh service, when they connect they're greeted with a ascii-art troll face that says "try again?"
If they manage to get the correct "secret" password they're greeted with a fake terminal window (logged in as "root" ) that anytime you try to install or compile anything it gives you a FBI security warning. The way I see it, might as well let hackers think they've got the "big score"
How do you set up a false ssh service?
https://github.com/desaster/kippo
you will find most bruteforce attempt originate from china
Run a DirectAdmin server. You will have a brute force honeypot soon.
False.
Mine come from Singlehop, Digitalocean (all locations except Germany), Hetzner (which surprises me), Rackspace, and some obviously hijacked servers (funny story is one time, a church server bruteforced a honeypot password -> it was obvious hijacked or HostNun was testing their new "nun cannon")