The Experiment – Part 2 – Honeypot Statistics

A couple of months ago, I started an experiment with honeypots. The goal was not to trap or track hackers but to gather statistics for newbies. The first step involved setting up the site and getting it listed in the search engines. That turned out to be no easy task since the best search engines actually require you to have real content on your site before you get listed in any significant way. After accomplishing this, my honeypot is now gathering statistics that are starting to be interesting. I’m still gathering these and determining a useful and interesting way of reporting them, but here is an initial dump of the keywords used to find the various honeypots i’ve set up. More to come…

Keywords % Hits
inurl passlist.txt 20.50%
powered by phpfm filetype php -username 17.60%
filetype php haxplorer server files browser 11.70%
passlist ext txt 8.80%
inurl passlist.txt filetype txt 5.80%
inurl passwd.txt 5.80%
passlist.txt 2.90%
inurl passwd filetype txt 2.90%
inurl passlist filetype txt 2.90%
ext blt screenname 2.90%
phpshell by macker 2.90%
enter ip inurl php-ping.php 2.90%
inurl accounts filetype sql 2.90%
inurl passlist.txt -hack 2.90%
phpfm 0.2.3 2.90%
inurl passlist.txt | inurl passwd.txt filetype txt 2.90%

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s