BlogSafe Honeypot

Download: https://wordpress.org/plugins/blogsafe-honeypot/

We have created a ‘lite’ version of our research tool, BlogSafe Honeypot. You can download our plugin from the link above. To find out more about how our honeypot works, keep reading.

A computer honeypot is basically a computer software trap designed to look tasty to passing hackers who are looking for an easy mark. For a full description, have a look at the Wikipedia article: https://en.wikipedia.org/wiki/Honeypot_(computing

BlogSafe.org maintains several different types of honeypots spread across multiple servers. One of our honeypots is a plugin. While not a true honeypot by definition, it’s purpose is to generate data. While many website statistics programs look at where visitors are going, our honeypot instead looks at where they wish they could go. By monitoring this type of traffic to our websites, we’re able to learn a lot about the things that hackers are looking for.

Here’s an example of what our honeypot is learning. If you look over on the right hand side, you’ll see a list of requests coming in for different .zip files. This is a series of bots hunting for failures in human nature, our habit of giving backup files common names (think password for password). The interesting thing is, each bot has a different IP addresses but they’re all presenting the same browser. We smudged the part where it was inserting the URI of our honeypot in place of the .zip file name.

One of the things we learned from this honeypot is how hackers are looking for uninstalled copies of WordPress on sites… and finding them.