The Web Honeynet Project has decided to launch web application honeynets and then publicly divulge not only the IP addresses of attackers but also details and information on the attackers themselves. It’s claimed that attackers are compromising web servers (both Windows and Linux) primarily through PHP vulnerabilities that have often been known about for some time; many systems however have not been patched. It is hoped that by releasing specific details on attackers, companies can help to protect themselves from known attackers via the use of blacklists.
I would be interested to hear about reader’s experiences with running honeypots/honeynets. Leave a comment if you run one, let me know how it’s going.