An attacker logs in to try to compromise the server to use it for his dirty work to no avail on my honeypot. He installs apache2 and php5 among other things.
Some background. This is a live linux installation that the attacker breaks into, however I have set up many tricks to 1) give the intruder and extreme hard time and and 2) make sure the system cannot be destroyed.
For instance, the rm command doesn’t work. It just looks like it works. This is to make sure they attacker cannot delete his work. also, chmod doesn’t work. Just looks like it does. This way, whenever they try to run their scripts, it fails.
It’s fun to watch..
