Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


michaelmurfy

meow
13240 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

#98959 9-Mar-2012 18:35
Send private message

I noticed on my production Linode that there were a tonne of blocked ssh hosts in /etc/hosts.deny – I was interested to know what would happen if one of these “hackers” or “script kiddies” got into my server on root level.

So, I went and bought a 2nd Linode and set up Kippo (http://code.google.com/p/kippo/) – Kippo creates a SSH server under a restricted user, logs everything that goes on and is quite entertaining to watch them attempt to “hack” - I just did some iptables trickery to the 2nd server so I could find out what is going on, most of them are bots with a few of them being real people (looking at the logs though it seems the bots tell the user of a open host, of which the user manually connects and tries to infect with malware or IRC servers to control botnets)

So here, I present “I watched you hack, you failed”

#1 – iptables not found - http://honeypot.murfy.co.nz:8022/playlog/?l=20120218-125755-3907

#2 – Do you even know Linux? - http://honeypot.murfy.co.nz:8022/playlog/?l=20120222-035727-3285

#3 – Segmentation Fault - http://honeypot.murfy.co.nz:8022/playlog/?l=20120302-043815-1578

#4 – Yeah, PHP really doesn’t exist - http://honeypot.murfy.co.nz:8022/playlog/?l=20120308-003910-8337


If anyone else has any captured from Kippo post them here! Else, more to come.




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.


Create new topic
codyc1515
1598 posts

Uber Geek
Inactive user


  #592886 9-Mar-2012 19:20
Send private message

Good on you for doing this, its quite intriguing to actually see the methodology used. I might set up a few honey pots myself.



michaelmurfy

meow
13240 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #592969 9-Mar-2012 21:02
Send private message

codyc1515: Good on you for doing this, its quite intriguing to actually see the methodology used. I might set up a few honey pots myself.


What's cool is you actually get the files they download, for future inspection. 




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.


codyc1515
1598 posts

Uber Geek
Inactive user


  #592971 9-Mar-2012 21:03
Send private message

michaelmurfy:
codyc1515: Good on you for doing this, its quite intriguing to actually see the methodology used. I might set up a few honey pots myself.


What's cool is you actually get the files they download, for future inspection. 

Yeah, I took a look. Some of that stuff is pretty full on and still up. That means they are still out there hacking people.



shylo
13 posts

Geek


  #601047 27-Mar-2012 22:49
Send private message

aaaaawesome. that's just rad.
can you set up a .profile for them so on login, it throws up an $(ssh -l root ${SSH_CLIENT}) ?
that's be hilarious to watch

michaelmurfy

meow
13240 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #601571 28-Mar-2012 21:25
Send private message

shylo: aaaaawesome. that's just rad.
can you set up a .profile for them so on login, it throws up an $(ssh -l root ${SSH_CLIENT}) ?
that's be hilarious to watch


Yeah could do quite easily :)  

If a user logs out, they get a root@localhost prompt, that's sometimes amusing. 




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.


michaelmurfy

meow
13240 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #609782 16-Apr-2012 03:31
Send private message

More (for those who are interested)

http://honeypot.murfy.co.nz:8022/playlog/?l=20120410-022654-1748  - This guy thought he was on his local computer at the end, script-kiddie was from the US.

This guy comes back Here to give it another crack, he used his "set" root password he set up the last time, the advantage of using Kippo is you can get it to add password changes to the allowed password list.

http://honeypot.murfy.co.nz:8022/playlog/?l=20120410-021630-1948  - Goes to show that there are some real n00bs out there, this person was from China, as soon as a curveball is thrown at them they get confused.

http://honeypot.murfy.co.nz:8022/playlog/?l=20120413-205812-3678 - Damn, found a glitch I need to fix with Kippo.

http://honeypot.murfy.co.nz:8022/playlog/?l=20120416-022504-5769  - Another guy that seems to have no Linux experience, paste of uname -a?

For some reason, I got quite a few attacks on April the 7th from different IP's in Russia, Here - Another at the same time, same ISP, different IP Here (which seemed to have difficulty with creating a new user) and Here

There are quite a few more - but these are this month (so far) interesting ones.. Enjoy!




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.


shylo
13 posts

Geek


  #610198 16-Apr-2012 19:54
Send private message

http://honeypot.murfy.co.nz:8022/playlog/?l=20120410-021630-1948  - Goes to show that there are some real n00bs out there, this person was from China, as soon as a curveball is thrown at them they get confused.


bahahahaha Wargames for the win

throw in an "I'm sorry, Dave. I'm afraid I can't do that." for the deathblow

 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
stevenz
2802 posts

Uber Geek


  #610214 16-Apr-2012 20:29
Send private message

I like the fact they they give up when nano isn't available because they don't know how to use vi.





gjm

gjm
808 posts

Ultimate Geek


  #610221 16-Apr-2012 21:02
Send private message

I used NMap to sidedoor into your system32 folder and ran my low orbit ion canon :@




Do surveys for Beer money (referral link) - Octopus Group 

 

Link for buying beer (not affiliated, just like beer) - Good George


michaelmurfy

meow
13240 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #610285 16-Apr-2012 23:46
Send private message

Vi is actually available, everyone just tries Nano, then Pico then apt-get install nano (which appears to install) then SEGFAULT!

Then, confused they appear to edit the files on their computer, re-upload, download onto Sever of which they get messed around by Kippo.

Amusing at best.




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.


Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00


eero Pro 7 Review
Posted 23-Jul-2025 12:07


BeeStation Plus Review
Posted 21-Jul-2025 14:21


eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01


WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32


RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26


Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24


Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05


Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01


Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01


Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22


Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46


Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42


D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34


Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.