POV: You Left Your Server Exposed for a Week

Added: 2026-05-28

[00:00:00]Honey, the sweet nectar of life that sent Winnie the Pooh into a tripledigit BMI. Everyone loves honey, so a pot of it free for the taking is naturally going to attract some bees. On the internet, that pot of honey takes the form of open ports up the ass. A honey pot has more open ports exposed to the internet than there are bottles of schuma in a Kajjit's inventory. This highly appetizing honey in the form of an easy target attracts bots, skids, and guys who look like this. In today's video, we're going to be doing the internet equivalent to spray painting free candy on the side of your van and driving to your neighborhood playground to uh give back to the community.

[00:00:39]Welcome to the world of honeyotss. Today we are wasting the precious time of the absolute bottom feeders of the internet.

[00:00:46]We're talking brute force bots, malware droppers, and random kids who just found out what end map is off of a network chuck video. A honeypot is the Venus fly trap of computers. It's a fake vulnerable system designed to look like a Oh, I'm so scared in this corner. I hope no one attacks me. We're leaving this Oh, so scared. We're leaving this system exposed to the internet for a week while spawn camping everybody who dares to walk into this trap. So, dear viewer, join me as we venture forth into the business of making honey.

[00:01:30]Okay, first off, we're going to want to host this honeypot on a VPS. Zuma, what the hell is a VPS? Well, comrade question. A VPS is a virtual private server, meaning that it is virtual and away from our network. Zuma, Zuma, why should I host a honeypot on a VPS when when I could just put it on a virtual machine or something? Why do I do that?

[00:01:53]Well, I'll let this very special guest to this channel explain that. A first time guest at this channel. Get ready.

[00:02:00]This guest is very famous. All right, Jordan Peterson, take it away. You generally don't want to host a honeypot on your own server because a honeypot is intentionally vulnerable and attackers will get in. They can potentially pivot to other vulnerable devices on your network, like an IoT device or your old laptop still running Windows 7.

[00:02:21]Remember, don't forget to clean your room and do your bed, everyone. Thank you, Jordan Peterson. I can't believe I paid you $1 million for that segment.

[00:02:30]Now, get get out get out of here. All right, let's um let's set up this VPS.

[00:02:34]Okay, step one. Find a VPS provider that takes Monero because I'll be damned if I compromise my opsac for a stupid YouTube video. It's okay. I'll just go to where I usually go. Cockbox.

[00:02:46]>> No.

[00:02:47]No.

[00:02:49]No, everything's sold out. So, unfortunately, my favorite VPS provider is sold out because apparently I didn't gatekeep it hard enough. So, I had to settle for sports stack. Step two, pay and set up your VPS. All right, I loaded up some Monero and I set up a server in Stockholm, Sweden because once I'm done with these skids that attack my honeypot, they're going to have Stockholm syndrome and Dian obviously.

[00:03:15]Well, you think I'd use Auntu, dude?

[00:03:17]Obuntu, dude? What is wrong with you?

[00:03:20]Step three, generate an SSH key. Zuma, what is an SSH? And is it something you can put up your ass? All right, Jordan Peterson, you got to explain again. I'm just kidding. All right, random e boy I found on Valerant that does that stupid [ __ ] with his voice. Explain to the viewer, please. All right, so SSH is like a secure shell, and you use it to connect to computers remotely with a secure encrypted connection. All right, dude. I'm I'm done with this bit. I I I actually can't. All right. SSH basically creates an encrypted tunnel from you all the way to the server you are connecting to. It lets you execute commands on the server remotely. And and that's like that's pretty much it. Step four, connect to your server. Okay. I actually couldn't connect to it because apparently you cannot use extended ASKI passwords for the private key password like the one I generated with keypads XC. Like it was literally I [ __ ] you not it was the correct password but it just wouldn't work. I literally I I have video proof of me making the password and putting it in and it didn't work. It didn't [ __ ] Step five. Run through steps one to three again and spend another $50 of your hard-earned money.

[00:04:29]Okay, we're in. Thank god my password this time is just something easy to remember like 1 2 3 4. Step six, install Tapot off GitHub. Step seven, realize the install script doesn't work as root.

[00:04:41]Step eight, create a new user. All right, I created a new user called FAP.

[00:04:45]Now we can run the install script. It's pretty straightforward. You just kind of follow the prompts and you're done. I picked Hive as it is like basically the standard choice here. It has the full Honeypot along with the dashboard in the web UI. Then all you have to do is enter the username and password for the web UI and you're golden. Step nine, log into your web panel. Step 10, or wait actually wait, step 9.5. This one is really important, so make sure you do this one too. spend way too long trying to separate one little dot from all the rest of the dots and try to keep it isolated from all the other ones that are trying to take it back from you because that is your dot, [ __ ] That is your dot and you you will be damned if all these other goddamn dots try to take it from you. Step 10, immediately look at the cool map. Whoa, the world is this small. Step 11, nothing. Just uh just wait, man. Just just wait it out. Play the waiting game.

[00:05:44]I'll see everybody in one week.

[00:05:59]Okay, so it actually ended up being like two weeks because I had some uh complications in my health. The first thing I did was go in Cabana to see how many attacks we got. And holy [ __ ] 2 million. The overwhelming majority of these are are not real humans, by the way. I headed on over to the discover tab and I sorted by successful login to see how many successful login were achieved. There were about 1,500 successful loginins. I then filtered by the commands inputed from these people who were logged into my fake SSH server.

[00:06:32]There were about 15 different commands and I was not about to sift through all of that manually. So I exported all the results, downloaded to my host computer and I sent it over to my locally hosted AI with Rag so it can sift through it for me. This is what AI should be used for. Not creating stuff but for automating monotonous tasks. The most common command attackers tried to execute was deleting the current SSH configuration and replacing it with their own so they could take over the server and take away my access to it.

[00:07:03]Another common one was a series of password changing commands like these.

[00:07:06]This is also to lock me out and take control of the server for themselves. It was an automated script because the vast majority of anybody who got access to the server followed the exact same path of unlocking and modifying the SSH, adding their own SSH key and deleting mine. They then change the user and root passwords if they can. Then the rest of the commands were just various reconnaissance commands, all with the purpose of finding out if the server is worth crypto mining. If it determined to be worth it for mining, the bot would then drop a crypto mining Trojan in the server. And speaking of malware, what kind of malware do we have on all of our honeypotss? For the purpose of finding the malware, I'm going to be lazy and I'm just going to run Clam AB. Clamab is an anti virus software that uses popular malware databases to detect malware.

[00:07:52]Basically, how this is done with most anti virus software is that there is a malware file, right? That file is then converted into a hash and is then compared to the hashes of any malware that is in any malware database. In reality, it is much deeper than this.

[00:08:07]And there are many other detection methods like like for instance checking the actual bite patterns in the body.

[00:08:13]But the main detection method is usually just a file hash. And the original bite patterns can anyways very easily be changed and like obfiscated with a simple as crypto. But this isn't a lesson on malware. I'm getting sidetracked here. So let's let's just scan the machine. Clam AB found [ __ ] coin miner miner [ __ ] ransomware and even [ __ ] W to cry is here. I was bored so I downloaded the W to cry virus from the machine and then I ran it on a virtual machine. Oh no, all my files are encrypted. I have to pay Bitcoin. [ __ ] Thank you for watching everyone. The purpose of this video was just to have some fun and to demonstrate how [ __ ] prevalent all of these attacks are. Like if you do any port forwarding for something like a [ __ ] Minecraft server, there are thousands upon thousands of bots that are constantly molesting that port, that open port every day. You can install Cabana onto your own network to monitor it. If you forgot, Cabana is this screen which allowed us to see all the attacks and [ __ ] Reach out to my email if you have any questions. Thank you to our channel members. You guys are beautiful and I love you. Become a channel member if you want to support me. Like the video, comment the video, subscribe the video, hype the video, and until then, I'll see you. Thank you.