Contents

DOUBLE?! HoneypotDB breakdown 20/09/2020

Honeypot Breakdown

This week has seen a huge increase in events collected by HoneypotDB. Despite having the same 8 honeypots in 6 cities, HoneypotDB has captured 355,898 SSH sessions this week an increase of 207,131, thats 139%!

Additionally, 230,133 more login events were captured taking this week’s total to 384,392. This 149% increase in log attempts boosted our metric of 6,031 successful logins from last week to 8,086 and more than generating more than double last weeks amount of 154,259 with 376,306.

The amount of captured usernames has also increased to 5,476, along with 26,077 unique passwords this week. If you’re curious and want to see what these passwords were, why not try out HoneypotDB’s new passwords and usernames list API endpoints :D.

11,081 source IP addresses from 1,892 ISPs have been attacking this week, taking this week’s unique attacking countries to 135.

Analysing 8,823 unique commands capture this week, uname -r still takes the top spot.

Command Count
uname -a 6,814
cat /proc/cpuinfo &#124 grep name &#124 wc -l 6,781
cat /proc/cpuinfo &#124 grep name &#124 head -n 1 &#124 awk ‘{print $4,$5,$6,$7,$8,$9;}’ 6,772
free -m &#124 grep Mem &#124 awk ‘{print $2 ,$3, $4, $5, $6, $7}’ 6,769
uname -m 6,768
ls -lh $(which ls) 6,767
which ls 6,767
crontab -l 6,765
w 6,764
uname 6,763

China takes the top spot off the USA this week with 881,852 events, leaving the US in the dust with 244,873 events.

Here is an overview of this week in pretty metrics 😀

/14-honeypotdb-breakdown-2020-09-20/honeypotdb-breakdown-2020-09-20.png
Honeypot Breakdown 20092020