~7000 ssh logins

recently I looked in some honeypot results – ending in finding of the URL

http://185.62.190.222/r1

(Warning: without the /r1 you are forced into a fake Adobe update).

Looking around further I found (besides some scanner-tools, code..) two files stage1 and stage2 under the subdir /r4 ,  containing about 7000 username:password:ip-address combinations. And yes, I found some of my honeypot addresses in there 🙂 Though I am pretty sure that most of the addresses will be honeypots I will try to send out mails to the appropriate abuse-contacts; maybe some of them are for real.

Leave a Reply

You must be logged in to post a comment.