Honeyfiles from my SSHoneypots

My friends at DigitalOcean were nice enough to give me a generous amount of credit on their cloud platform to do some security research with so I decided to do the most reckless thing I could think of and run a full ssh honeypot on the internet.

The build out is pretty simple, it is the  SSHoneypot Docker Container I wrote on a debian droplet with all outbound traffic blocked so that in theory not much damage can be done. 

Surprisingly, It has taken a few days for people to start exploiting the boxes but when I got up this morning 2 of the boxes had been “hacked”:Screen Shot 2016-08-17 at 7.01.29 AM

In order to share these findings with the community I will copy all files written to these honeypots to honeyfiles.jgamblin.com.

Screen Shot 2016-08-17 at 6.58.05 AM

I have a long way to go with this project as way too much of it is manual now.  I need to invest the time to automate notification, moving the files to the web server and starting a new container.

If you are interested in full pcaps or any of the actual exploited SSHoneypot containers reach out to me on twitter at @jgamblin I will be glad to share.

Site Footer