I’m very pleased to post that as of May 2013, SysadminSpot.com is taking the fight against Internet threats even further. We’re highly active participants in Project Honeypot and now we’ve joined forces to help OpenBL.org out.
But why OpenBL.org?
The Internet has an unfortunate infestation of individuals and organisations who abuse it for illegal gains. They abuse networks, compromise applications and breach server security. Attacks can result in spam, viruses, phishing attacks, identity theft, data loss, financial fraud and more.
OpenBL.org operates a network of honeypot servers, strategically located in many countries around the world. Like all honeypots, the servers do nothing but wait patiently to be probed and attacked. When an attack is detected, all information associated with the attack is logged and reported to the network owner. Furthermore, (the part I love) they name and shame offenders on the OpenBL.org Blacklist. Myself and many other fellow sysadmins use this info to help protect our own networks and servers from attack.
Best of all, the data is offered for free!
So that’s a lot of data…
Here’s what I love about honeypot blacklisting: it’s next to impossible to be mistakenly blacklisted – the only way to be listed is to engage in malicious activity against an elusive honeypot server.
These attacks are reported to network and server owners enabling them to respond and stop the attack. In many cases I’ve seen server owners be the victims as their server was compromised and turned into a zombie in a much larger attack. Reporting it to them gets a faster turn around in resolving the compromise and stopping the attack.
OpenBL.org also make available publically the offending IP addresses in their blacklists. These results can be used to proactively block dangerous IP addresses in firewalls, for signatures in intrusion detection systems and anti-spam measures.
An example of it’s use – I prepared a script only 24 hours ago (I’ll post a variant of it later) to proactively add offenders from the last 90 days to one of my server firewalls. Since going live with the script, going to bed, getting up, working all day, coming home, evening meal, etc – the firewall has logged and recorded 31 dropped attempts from these known bad IP addresses. I’m protecting my server, I’m saving bandwidth and encouraging these attackers to simply go away.
This data is invaluable to me and my clients in mitigating against known attackers; and OpenBL.org do all this for free.
How can I help?
In April 2013, there were 3,400 recorded attacks on the OpenBL.org honeypot servers. Governments and corporations around the world are becoming more and more fearful of cyber-terrorism. This isn’t just something on television – it’s reality.
Get this, it is so incredibly easy to help out.
Donate a virtual server
Virtualisation makes servers dirt cheap these days. Simply sign up for a cheap VPS server through your preferred provider or find a cheap one on Low End Box.
Drop them an email and find out their preference for operating systems, etc however I’ve found really low specs such as 1 CPU Core (shared is cheaper), 128MB memory, 5GB disk space and 1 IPv4 address are perfect. The more IP addresses on different subnets the better!
I simply paid for my donated servers for a year and sent them the credentials. I must admit it’s fun watching the stats and seeing my servers catching bad guys!
Throw them some cash
This extensive network needs upgrades and TLC. They’re eager to grow and improve services.
Send them a nice email
Tell them how awesome they are. Because everyone enjoys a complimentary email!
SysadminSpot.com is extremely proud to be helping the greater community fight back. Why don’t you join us?
UPDATE: 9 days later.
- OpenBL.org Honeypot Network Expands
- Rant: Google In Trouble Over Collecting Unprotected WiFi Data
- Linux Software Firewalls
- Our address has changed…
- Locking down and securing SSH access to your server
- Error Connecting to VPN – Error 850: The Extensible Authentication Protocol type required for authentication…
- Allow, Deny and Remove with Advanced Policy Firewall (APF)
- How to start your own certificate authority in seconds!