Honeypot Project Conclusion
On November 5th, 2024, the Honeypot Project concluded its second iteration of live data collection, providing valuable insights into unauthorized access behaviors and attack patterns. Iteration 1 recorded over 500,000 access attempts, while Iteration 2 documented 452,883 attempts, bringing the total to over 950,000 recorded attempts. Please note that the oldest 10,000 entries have been removed for temporary storage concerns.
Summary Statistics and Observations
Total Access Attempts: +950,000
| Most Common Usernames | Most Common Passwords |
|---|---|
| admin | password123 |
| root | admin2024 |
| user | Other simple, default, or easily guessable credentials. |
These findings highlight attackers’ tendency to exploit predictable credentials, which are often left unchanged in improperly configured systems. Addressing these issues through robust password policies and hardened SSH configurations is essential to mitigate unauthorized access.
SSH Hardening in Context
Given the high number of brute-force attempts recorded, implementing SSH hardening best practices is critical. Key steps include:
- Disabling root login (PermitRootLogin no) and using key-based authentication.
- Changing the default SSH port to reduce automated scans.
- Restricting access with AllowUsers or IP-based rules.
- Enabling tools like Fail2Ban to block repeated login attempts.
These measures enhance overall security, reducing the risk of compromise in systems exposed to similar attack patterns.
Looking Ahead: Iteration 3
The project’s next phase, Iteration 3, will improve the monitoring and observation of adversarial Tactics, Techniques, and Procedures (TTPs). This will provide deeper insights into attacker behavior and support the development of more effective defenses.