BlogSafe Honeypot

A computer honeypot is basically a computer software trap designed to look tasty to passing hackers who are looking for an easy mark. For a full description, have a look at the Wikipedia article: https://en.wikipedia.org/wiki/Honeypot_(computing)

BlogSafe.org maintains several different types of honeypots spread across multiple servers. One of our honeypots is a plugin. While not a true honeypot by definition, it’s purpose is to generate data. While many website statistics programs look at where visitors are going, our honeypot instead looks at where they wish they could go. By monitoring this type of traffic to our websites, we’re able to learn a lot about the things that hackers are looking for.

Here’s an example of what our honeypot is learning. If you look over on the right hand side, you’ll see a list of requests coming in for different .zip files. This is a series of bots hunting for failures in human nature, our habit of giving backup files common names (think password for password). The interesting thing is, each bot has a different IP addresses but they’re all presenting the same browser. We smudged the part where it was inserting the URI of our honeypot in place of the .zip file name.

One of the things we learned from this honeypot is how hackers are looking for uninstalled copies of WordPress on sites… and finding them.

Hacking WordPress sites the easy way.

Currently this plugin isn’t available to the public. However, we will be working on a more simplified version in the future that will allow you to monitor the traffic coming to your site and, hopefully, sharing that data with us on a much larger scale than we’re able accomplish by ourselves.