I set up a honeypot server on my home network to see what bots would try

I used a Raspberry Pi with a default SSH port and left it exposed for a week, and it got hit with over 2,000 login attempts from IPs in Russia and China. The logs showed they were trying common username and password combos like 'admin' and '12345' nonstop. Has anyone else run something like this and found specific attack patterns I should look for?

3 comments

3 Comments

miles_young592mo ago

Disagree about it just being noise. Saw a clear pattern on my honeypot where attempts would stop for hours after a fail, then a new IP from the same country would try a different list. That feels like a coordinated scan, not random bots. They were definitely hunting for specific weak IoT setups. What patterns did your logs show over time?

jones.nancy2mo ago

Man, that's exactly why I never trust cheap smart plugs or those off-brand security cameras. They're basically little open doors sitting on your wifi. Your test shows the bots are just constantly knocking on every door they can find, hoping one is unlocked. It's not personal, it's just automated noise filling the whole internet. Seeing it live on your own network really makes it hit home how noisy and aggressive it is out there.

ellis.leo2mo ago

Yeah, I just put all that cheap stuff on a separate guest network now. It's not perfect but it helps.