How can you draw attention to your web application honeypot?

Question

Unsatisfied with existing software, I'm currently toying around with writing a web application honeypot.

My question is: how do you draw the attention of attackers and automated attacking software to your honeypot?

Answer 1

This will greatly depends on the usage you intend for the honeypot.

There was another discussion linking to an interesting document highlighting legal consequences of honeypot usage. Indeed, advertising the honeypot the wrong way might lead you in hot waters from a legal perspective.

Some specific honeypots implementation will therefore not be implemented without the help of a lawyer qualified on IT security questions (and the linked post was closed as out-of-topic because of this very reason: at some points it requires more legal than technical knowledge).

However, taking some precautions and staying transparent on your position might help being out of any legal issue. In the linked post, among other suggestions I made these one are most specifically related to honeypot advertising (I encourage you however to read the whole thread and the original document linked by the OP which was very informative):

• Do not encourage any illegal activity. Do not advertize the honeypot in a dubious way. Either do not advertize it at all, letting automated scanners discovering it, or advertize it officially as some kind of "hackme" educational system. For instance, spreading pseudo "leak" information on the Internet regarding the server to encourage attacker to exploit it can lead you to trouble.

• Present the honeypot system as a private monitored system. Honeypots are heavily monitored systems, and there are laws defining the data you may or may not collect regarding other people's, how long you are allowed to keep them and what processing you may do with them. Present the honeypot as much as possible (since some service do not have any banner...) as a private system whose usage imply user's consent to be monitored. This will limit any potential threat regarding this data collection and analysis activity.