It's been just over 30 days since I set up my first honey pot and I am excited to share the results with all of you. You can watch the video here if you aren't all that into reading... In total there were 48,496 log-in attempts via SSH, which is mind-blowing if you ask me. Most requests seem to have originated from China, followed by the Isle Of Man, and then Russia taking third.
One thing I am not quite sure of is whether the people or bots attempting to log in are actually in these countries or they are just using servers from there. Is there a way one can find out? Do let me know
The top username used was root by a landslide. The username was attempted 39,395 times which is roughly 81% of the time. This is not much of a surprise, that is the first username I would attempt to log in with if I had to brute-force a server.
The top password was the number 1. Now that was a bit more surprising considering someone actually puts some thought into a password and concludes the number 1 is ideal? Imagine telling an employee to change/update their password and they do that. That puts two people at fault, the person who set up such a weak password policy and the employee who takes 'advantage' of that weak password policy. That is basically most of the data gathered. I will be making a video showing how you can set up a similar honeypot for yourself soon. Until then, don't get in trouble, don't get hacked, peace.