I decided to run a few honeypots to see what would come my way.
The IP address used for this is not advertised anywhere. None of the incoming traffic is "by accident" or anyhow random, these are the results of people actively looking for hosts to break into.
Collected here in the menu are some of the ssh sessions captured by the ssh honeypot. The IP addresses of the attackers are not published (unless they exposed themselves by running a command that would show it in the capture). Malicious links, filenames and functions have been obfuscated or removed.
This information is provided for informational purposes only, to give some insight into what these attackers are attempting to do.
The logs posted here might contain links to malware, botnets, rootkits and all sorts of bad things. For that reason, none of the links in the logs are clickable. DO NOT download anything linked to in the logs or execute any of the commands seen in the logs unless you absolutely know what you are doing!
Comments/questions pot@pwnd.land
.../... ../.. ./. D-Link/D-Link PlcmSpIp/PlcmSpIp a/a aaron/aaron account/account account/account123 adm/adm adm/adm123 adm/adm1234 adm/admin adm/sysadm adm/sysadmin admin/ admin/1234 admin/1234567 admin/1234567890 admin/1q2w3e admin/admin admin/admin123456 admin/articon admin/default admin/letmein admin/mint admin/root admin/sysadm admin/sysadmin admin/xCePpRQznYEDtCN administrator/adm administrator/administrator administrator/administrator123 administrator/sysadm administrator/sysadmin admins/admins admissions/admissions admissions/admissions123 agent/agent ajay/ajay ajay/ajay123 ajay/ajay@123 alan/alan alex/alex alias/alias alias/alias123 alok/alok alok/alok123 alok/alok@123 altibase/altibase altibase/altibase123 altibase/altibase@123 aman/aman aman/aman123 aman/aman@123 amanda/amanda amavisd/amavisd amit/amit amit/amit123 amit/amit@123 angel/angel ankit/ankit ankit/ankit123 ankit/ankit@123 ankur/ankur ankur/ankur123 ankur/ankur@123 apache/apache applmgr/applmgr applmgr/applmgr123 applmgr/applmgr@123 appowner/appowner appserver/appserver aptproxy/aptproxy arbab/PASSWORD arul/arul arul/arul123 arul/arul@123 arun/arun arun/arun123 arun/arun@123 ashish/ashish ashish/ashish123 ashish/ashish@123 ashok/ashok ashok/ashok123 ashok/ashok@123 ask/ask ask/ask123 ask/ask@123 backup/backup bin/bin bob/bob brett/brett centos/centos centos/centos123 centos/centos@123 chandru/chandru chandru/chandru123 chandru/chandru@123 christian/christian cisco/cisco clamav/clamav cloud/cloud cloud/cloud123 cloud/cloud@123 cmsftp/cmsftp cmsftp/cmsftp123 cmsftp/cmsftp@123 common/common common/common123 common/common@123 core/core craft/ cvsadmin/cvsadmin cvsadmin/cvsadmin123 cvsadmin/cvsadmin@123 cyrus/cyrus cyrusimap/cyrusimap daemon/daemon dan/dan danny/danny data/data david/david db2fenc1/db2fenc1 db2fenc3/db2fenc3 db2inst1/db2inst1 dean/dean debug/debug default/default default/user desktop/desktop dev/dev devil/devil divine/divine divya/divya divya/divya123 divya/divya@123 elein/elein elein/elein123 elein/elein@123 eleve/eleve email/email email/email123 email/email@123 eppc/eppc eric/eric eric/eric123 eric/eric@123 erp/erp erp/erp123 erp/erp@123 export/export export/export123 export/export@123 fax/fax finance/finance finance/finance123 finance/finance@123 fld/fld frank/frank frontrow/frontrow ftp/ftp ftptest/ftptest ftptest/ftptest123 ftptest/ftptest@123 ftpuser/asteriskftp ftpuser/ftpuser ftpuser1/ftpuser1 ftpusr/ftpusr games/games gaurav/gaurav gaurav/gaurav123 gaurav/gaurav@123 george/george git/123456 git/git gitlab/gitlab gitlab/gitlab123 gitlab/gitlab@123 gnats/gnats gopher/gopher guest/123 guest/1234 guest/12345 guest/abcd1234 guest/guest123 guest/qwerty hadoop/hadoop hadoop/hadoop123 hadoop/hadoop@123 halt/halt harrypotter/harrypotter hdfs/hdfs hdfs/hdfs123 hdfs/hdfs@123 himanshu/himanshu himanshu/himanshu123 himanshu/himanshu@123 hyperic/hyperic hyperic/hyperic123 hyperic/hyperic@123 info/info info/info123 info/info@123 its/its its/its123 its/its@123 jack/jack jayendra/jayendra jayendra/jayendra123 jayendra/jayendra@123 jboss/jboss jboss/jboss123 jboss/jboss@123 jenkins/123qwe jenkins/jenkins jenkins/jenkins123 jenkins/jenkins@123 jira/jira jira/jira123 jira/jira@123 jyoti/jyoti jyoti/jyoti123 jyoti/jyoti@123 kim/kim kim/kim123 kim/kim@123 kiran/kiran kiran/kiran123 kiran/kiran@123 kishori/kishori kishori/kishori123 kishori/kishori@123 kwong/kwong kwong/kwong123 kwong/kwong@123 lms/lms lms/lms123 lms/lms@123 lty/lty lty/lty123 lty/lty@123 manis/manis manis/manis@123 mansi/manis123 mega/mega mega/mega123 mega/mega@123 melis/melis melis/melis123 melis/melis@123 mella/mella mella/mella123 mella/mella@123 mhlee/mhlee mhlee/mhlee123 mhlee/mhlee@123 minecraft/minecraft minecraft/minecraft1 minecraft/minecraft12 minecraft/minecraft123 minecraft/minecraft@123 monit/monit monit/monit123 monit/monit@123 moodle/moodle moodle/moodle123 moodle/moodle@123 mq/mq mq/mq123 mq/mq@123 mqm/mqm mqm/mqm123 mqm/mqm@123 mysql/mysql naga/naga naga/naga123 naga/naga@123 nas/nas nas/nas123 nas/nas@123 ncuser/ncuser ncuser/ncuser123 ncuser/ncuser@123 neeraj/neeraj neeraj/neeraj123 neeraj/neeraj@123 odoo/123456 odoo/odoo odoo/odoo123 odoo/odoo@123 openbravo/openbravo openbravo/openbravo123 openbravo/openbravo@123 openerp/123456 openerp/openerp openerp/openerp123 openerp/openerp@123 oracle/oracle oracle/q2w3e4r5 oraprod/opraprod@123 oraprod/oraprod oraprod/oraprod123 osman/osman osman/osman123 osman/osman@123 pardeep/pardeep pardeep/pardeep123 pardeep/pardeep@123 phuket/phuket phuket/phuket123 phuket/phuket@123 pi/pi pi/pi123 pi/pi@123 plex/plex plex/plex123 plex/plex@123 postgres/123456 postgres/postgres postgres/postgres123 pramod/pramod pramod/pramod123 pramod/pramod@123 prashant/prashant prashant/prashant123 prashant/prashant@123 proxy/proxy pt/pt pt/pt123 pt/pt@123 raghu/raghu raghu/raghu123 raghu/raghu@123 rajesh/rajesh rajesh/rajesh123 rajesh/rajesh@123 raju/raju raju/raju123 raju/raju@123 rakesh/rakesh rakesh/rakesh123 rakesh/rakesh@123 ranjeet/ranjeet ranjeet/ranjeet123 ranjeet/ranjeet@123 ranjit/ranjit ranjit/ranjit123 ranjit/ranjit@123 redmine/redmine redmine/redmine123 redmine/redmine@123 refresh/refresh refresh/refresh123 refresh/refresh@123 rohit/rohit rohit/rohit123 rohit/rohit@123 root/!@ root/123456 root/Passw0rd root/Password root/_ root/admin root/bucharest root/ceadmin root/dance root/darwin root/debug root/desktop root/dialup root/dreamer root/drunk root/email root/england root/exploit root/feel root/found root/free root/fule root/george root/halo root/horror root/hostname root/ifeelgood root/kevin root/killer root/kyle root/last root/light root/linux root/live root/login root/lost root/loveyou root/magician root/manager root/marie root/matthew root/megabyte root/miami root/michele root/mike20 root/mobile root/mother root/murphy root/nameserver root/nba2005 root/never root/next root/nighwish root/nologin root/novice root/nuklear root/online root/openssh root/oracle root/owner root/pa55word root/paper root/partedmagic root/password root/past root/root root/starhub123 root/voyager root/vyatta root/walking root/walter root/whatever root/williamsburg root/windows root/wish root/x12345 root/xxxxxxx root/zoro rpc/rpc rpc/rpc123 rpc/rpc@123 rpcuser/rpcuser rpm/rpm samba/samba sandeep/sandeep sandeep/sandeep123 sandeep/sandeep@123 sanjeev/sanjeev sanjeev/sanjeev123 sanjeev/sanjeev@123 sara/sara search/search sebastian/sebastian secret/secret securityagent/securityagent send/send sgi/sgi sh/sh sh/sh123 sh/sh@123 shutdown/shutdown siva/siva siva/siva123 siva/siva@123 sk/sk sk/sk123 sk/sk@123 smmsp/smmsp smtp/smtp snort/snort soc/soc soc/soc123 soc/soc@123 spam/spam sphinx/sphinx sphinx/sphinx123 sphinx/sphinx@123 steven/steven student/student student/student123 student/student@123 sunil/sunil sunil/sunil123 sunil/sunil@123 sunny/sunny support/support susan/susan teamspeak/teamspeak teamspeak/teamspeak123 teamspeak/teamspeak@123 teamspeak3/teamspeak3 temp/temp temp/temp123 temp/temp@123 test/test test/test123 test/test@123 test1/test1 test2/test2 test3/test3 tomcat/1q2w3e4r tomcat/tomcat tomcat/tomcat123 tomcat/tomcat@123 tommy/tommy tommy/tommy123 tommy/tommy@123 trade/trade trade/trade123 trade/trade@123 ts1/ts1 ts2/ts2 ts3/test ts3/ts3 ts3srv/ts3srv tushar/tushar tushar/tushar123 tushar/tushar@123 ubnt/ubnt ubuntu/ubuntu vbox/vbox vbox/vbox123 vbox/vbox@123 vikas/vikas vikas/vikas123 vikas/vikas@123 vinay/vinay vinay/vinay123 vinay/vinay@123 vivek/vivek vivek/vivek123 vivek/vivek@123 vnc/vnc vnc/vnc123 vnc/vnc@123 wangyi/wangyi wangyi/wangyi123 wangyi/wangyi@123 webftp/webftp webftp/webftp123 webftp/webftp@123 webuser/webuser webuser/webuser123 webuser/webuser@123 yang/yang yang/yang123 yang/yang@123 yuvraj/yuvraj yuvraj/yuvraj123 yuvraj/yuvraj@123 zori/zori zori/zori123 zori/zori@123Toggle Menu