A simple honeypot: ssh blasting password collection and real-time display on website

I found this post quite interesting:The machine is being blasted almost every second.
So, I wrote one myself, put it on the machine to collect other people's attack behaviors. And wrote a simple web page for display, which is equivalent to a simple honeypot application. It seems that the effect is really outstanding.

Website Demo

Brute Force Password List

Screenshot

image.png

From: https://www.nodeseek.com/post-3992-1

Thanked by (3)ehab xVPSx Calin

Comments

  • nice :)
    basically almost same as i do, wait a bit and the list will grow :D

  • You could also look at something like https://github.com/skeeto/endlessh which is a tarpit, it basically tries to string them along for a while with slow responses wasting their time :P

  • W00t, my password is much simpler than that.

  • @Daevien said: You could also look at something like https://github.com/skeeto/endlessh which is a tarpit, it basically tries to string them along for a while with slow responses wasting their time :P

    i am doing that too quite a long time, probably will add report of those too :D

  • rootroot OG
    edited April 2023

    @Daevien said:
    You could also look at something like https://github.com/skeeto/endlessh which is a tarpit, it basically tries to string them along for a while with slow responses wasting their time :P

    I find this project extremely interesting. This is great for an idling VPS which already has SSH port changed. Wonderful idea to waste time of hackers!

    I bookmarked this thread for future use.

    Stop the planet! I want to get off!

  • @root said:

    @Daevien said:
    You could also look at something like https://github.com/skeeto/endlessh which is a tarpit, it basically tries to string them along for a while with slow responses wasting their time :P

    I find this project extremely interesting. This is great for an idling VPS which already has SSH port changed. Wonderful idea to waste time of hackers!

    I bookmarked this thread for future use.

    Yep, I've done exactly that on a couple servers that have IPs especially prone to massive amounts of port 22 traffic, it doesn't really seem to add much load or bandwidth and maybe it slows down the scanners enough to make some difference if enough people run them heh.

Sign In or Register to comment.