10 comments

[ 2.8 ms ] story [ 39.6 ms ] thread
So, at my work, we host both SFTP and FTP to receive data feeds.

Has anyone seen an FTP honeypot that would serve zip bombs to malicious users and allow legit users proper access?

I've always imagined the risk of someone doing that on purpose to something they then post on /r/opendirectories

Most of those people seem to grab and open those files without any security measures, docx, pdf, archives, often .exe

Cowrie [0] provides an SFTP and Telnet honeypot and you can configure the filesystem to serve your desired files. Not quite a passthrough for legitimate use, unfortunately

[0]: https://github.com/cowrie/cowrie

I always worry that if I do something like this it'll cause the malicious person to spend extra effort and attention on a real attack.

Because that's what I'd do if I hit a honeypot...

A thread on this project from last year: https://news.ycombinator.com/item?id=20531541

If you're going to make a Show HN out of a new release, it would be good to add a comment explaining what's different since last time!

Yes sorry, the project improved a lot since then, all the issues raised in that thread were addressed and several new features were added: we now support serving Cloud Storage backend (such as S3) over SFTP/SCP, multi factor authentication, virtual folders, several filters (for example on file extensions, on source ip address), external authentication, serving Git repos over SSH, per directory virtual permissions (not related to OS permissions) ecc..

If you have any suggestions please open an issue, thanks!

Congrats on the new release, that's some serious new functionality. This seems like a really useful project for cases where you wouldn't want to give a user SSH access into a particular server.

Thank you for releasing it as free software, I will be following this project for later use!

How do you even remember a thread from last year? I'm always surprised by your vast knowledge required for moderation. Possibly with a help of some internal search tools?
Oh yes. But not so internal: https://hn.algolia.com.

I do have some keyboard shortcuts in my moderation client software that help me bring up these search pages quickly.