Andy Smith's Blog

The $15 (per year) Honeypot

Super low budget VPS servers make an ideal home for your own honeypot, this post takes you through setting up a feature packed honeypot on a TinyVZ VPS.

I'm always on the look out for a cheap place to a host a honeypot which is why I was pretty intrigued when I came accross a few companies offering $15 per year virtual private servers.

This offer does seem to good to be true - and I don't plan on hosting anything important on my VPS - but I've been running one with TinyVZ for 3 months now and had no problems to speak of.

So, here's a quick guide to setting up your own $15 honeypot - though please don't treat this as a glowing endorsement of super cheap VPSs, when I paid my $15 I treated it more as placing a bet than purchasing a service.

I have chosen TinyVZ as the host for this guide, you can almost certainly do this on other similarly cheap hosts. Because this guide uses my honeypot setup script most of it revolves around navigating TinyVZ's control panel. I am not affiliated with TinyVZ.

TinyVZ have confirmed that they are happy for their customers to run honeypots.

Setup

Server Setup (TinyVZ Specific)

  • Sign up for a TinyVZ account (this can take up to 3 days**)
  • You will eventually receive a "New Server Information" email.
  • Login to the control panel with the details provided.
  • Click "Reload OS"
  • Choose ubuntu-12.04-x86 and push "Reload with selected OS"
  • Once that's done go back to "Main Menu"
  • Now copy the I.P. address of "Host Machine" and connect via SSH to this address
  • When prompted enter username "vz" and password "vz"
  • Now for "RAMCP Username" and "RAMCP Password" enter the username and password provided in the welcome email
  • You should now be logged in as root
  • Set a password with passwd
  • Install sudo: apt-get update && apt-get install sudo

Install (Ubuntu)

  • Now run the following: wget -q https://raw.github.com/andrewmichaelsmith/honeypot-setup-script/master/setup.bash -O /tmp/setup.bash && bash /tmp/setup.bash

Conclusion

Tada - you should now have a full Kippo and Dionaea install. You can monitor /var/kippo and /var/dionaea for logs and binaries.

Security Considerations The default setup you are left with on this server is iffy at best. You should not really be logging in as root, I would advise at the very least following this guide on securing SSH.

Comments !