The Experiment – Part 2 – Honeypot Statistics
A couple of months ago, I started an experiment with honeypots. The goal was not to trap or track hackers but to gather statistics for newbies. The first step involved setting up the site and getting it listed in the search engines. That turned out to be no easy task since the best search engines actually require you to have real content on your site before you get listed in any significant way. After accomplishing this, my honeypot is now gathering statistics that are starting to be interesting. I’m still gathering these and determining a useful and interesting way of reporting them, but here is an initial dump of the keywords used to find the various honeypots i’ve set up. More to come…
| Keywords | % Hits |
| inurl passlist.txt | 20.50% |
| powered by phpfm filetype php -username | 17.60% |
| filetype php haxplorer server files browser | 11.70% |
| passlist ext txt | 8.80% |
| inurl passlist.txt filetype txt | 5.80% |
| inurl passwd.txt | 5.80% |
| passlist.txt | 2.90% |
| inurl passwd filetype txt | 2.90% |
| inurl passlist filetype txt | 2.90% |
| ext blt screenname | 2.90% |
| phpshell by macker | 2.90% |
| enter ip inurl php-ping.php | 2.90% |
| inurl accounts filetype sql | 2.90% |
| inurl passlist.txt -hack | 2.90% |
| phpfm 0.2.3 | 2.90% |
| inurl passlist.txt | inurl passwd.txt filetype txt | 2.90% |