Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
bananamogul 10 hours ago

"I guess they saw my email address that greeted them. They probably received logs of someone "falling for it", and saw someone was poking around their secret website, and knew who was behind it. They completely panicked."

I doubt it. I think the author of this page is giving himself way too much credit. The only evidence that anyone "panicked" is the author's own statements that they must have. More likely someone put in a WAF rule that 401'd for his IP.

"By running these honeypots, the police create suspicion and paranoia in the community. If you want to buy a DDoS attack, you now have to wonder if the website is real or just a police honeypot logging your IP. They want people to stop trusting these services entirely."

Well, good, right? What "community" is this diabolical suspicion and paranoia being created in? The community kids who want to DDoS some other kids' game servers? OK, again, that's good, right?

"But it really just feels more like feds jerking themselves off on how cool they are."

Pot, kettle.

"Does this video and the honeypot have any real impact? Let's be honest: probably not."

How does the author know? According to Wikipedia, the larger operation has shut down 4 dozen sites offering DDoS services.

Sure, gov't is often clueless and maybe this is effective or maybe it isn't. Maybe it's an experiment. Maybe it's actually intercepted a fair number of potential customers.

If clueless teens are signing up for booters and it's actually LEO who contacts them and says "you know, that's illegal" then that's a good thing.

HanayamaTriplet 10 hours ago | parent | next [-]

>More likely someone put in a WAF rule that 401'd for his IP.

Why make this assumption when you could just visit the website yourself and see the same 401?

TurdF3rguson 7 hours ago | parent [-]

I visited and got the 401 but that doesn't mean whatever triggered it isn't automated.

The reasonable assumption to make when something changes that it had nothing to do with me. Because 99.99999% of the time, it didn't.

ncallaway 5 hours ago | parent [-]

I dunno, if they got ID #15, and the site shut down immediately after (for everyone), it doesn’t seem like a crazy stretch.

Like, if a page gets hundreds of thousands of visitors, then your assumption is reasonable. For a page that might get dozens of visitors over its lifetime, it’s a much less certain assumption

TurdF3rguson 5 hours ago | parent | next [-]

It's unlikely in my opinion as someone that maintains a lot of websites, because it's long odds that I'm even at my desk at any given time, let alone monitoring and panicking over what visitors are clicking on.

Is it possible that it happened that way? Sure. But it's more likely that it didn't.

ozlikethewizard an hour ago | parent [-]

Do you run any honeypots? You realise the point of a honeypot is, unlike a normal website, to monitor exactly what visitors are clicking on so the trapper can react?

brewdad 5 hours ago | parent | prev [-]

They were supposed to shut down after #12 but they got busy, then had to take that day off to get the kids to the doctor and it fell to the wayside. Eventually, the notification for #15 arrived and the dev panicked that it should have gone down weeks ago.

majorchord 10 hours ago | parent | prev [-]

[flagged]