When I was first poking around with Tor, I wondered how many of the "Get guns in Europe", "Hard Drugs here", "Credit Card Numbers for sale" and such links were honeypots. Luckily, not being interested in any of those things, I didn't have to find out.
When I was younger I tried to buy a gun on one of those sites for a planned shooting but it just resulted in me losing my money and not any law enforcement action
Most of the legit stuff was on telegram, surprisingly or not. I know people who bought uh firearms and more there. Unfortunately, it feels like it disappeared at the same time as the proximity feature
I'm not expressly trying to block trackers; I'm just trying to find a web browser that doesn't eat all my RAM, and WebKit seems to be the best engine for it, but I don't use Apple's hardware, so I end up with some pretty oddball browsers, which also send out less tracking information.
Of course, using an oddball browser in and of itself is easily trackable, but that's not what the bot-detection software is looking for, so it defaults to assuming I'm a bot.
You don’t need PII to prove you are not a robot. See Privacy Pass. And I don’t know how a website is somehow going to verify your PII as not-fake, anyway.
How a website is going to identify your PI as non-fake? Isn't that the entire business model behind Persona which has been in the news for leaks? (There are a few websites I've had to verify my if I with them for)
Is it a honeypot, or does it just look like a honeypot? And if it just looks like a honeypot, isn't that a honeypot? or if it looks like a honeypot that isn't a honeypot does that mean it's the actual thing?
I assume the word is in there for the sake of people who don't know what a honeypot is. It gets them curious that law enforcement set up something fake, even if they don't immediately know what it is for.
Yes, this surprised me as well. Credit card and Paypal information should give the police everything they need to identify the criminal (in a way that's much more simple and reliable than via IP address, which may be obfuscated via a VPN or similar). Why not take it, it's free?
Oh I think I did something similar by chance. I was seeing which websites were associated with some entities, and I found the ones of the Italian defense ministry. In italian defense is "difesa". I found one that had "bifesa" in the link, and when opened told me that I had to be more careful to links I open because it could have been a dangerous website. Flash forward to a year later and it didn't work anymore
Sounds like something used by phishing awareness training. If so, then presumably it didn’t work anymore because they ended that or use a different one.
"I guess they saw my email address that greeted them. They probably received logs of someone "falling for it", and saw someone was poking around their secret website, and knew who was behind it. They completely panicked."
I doubt it. I think the author of this page is giving himself way too much credit. The only evidence that anyone "panicked" is the author's own statements that they must have. More likely someone put in a WAF rule that 401'd for his IP.
"By running these honeypots, the police create suspicion and paranoia in the community. If you want to buy a DDoS attack, you now have to wonder if the website is real or just a police honeypot logging your IP. They want people to stop trusting these services entirely."
Well, good, right? What "community" is this diabolical suspicion and paranoia being created in? The community kids who want to DDoS some other kids' game servers? OK, again, that's good, right?
"But it really just feels more like feds jerking themselves off on how cool they are."
Pot, kettle.
"Does this video and the honeypot have any real impact? Let's be honest: probably not."
How does the author know? According to Wikipedia, the larger operation has shut down 4 dozen sites offering DDoS services.
Sure, gov't is often clueless and maybe this is effective or maybe it isn't. Maybe it's an experiment. Maybe it's actually intercepted a fair number of potential customers.
If clueless teens are signing up for booters and it's actually LEO who contacts them and says "you know, that's illegal" then that's a good thing.
I dunno, if they got ID #15, and the site shut down immediately after (for everyone), it doesn’t seem like a crazy stretch.
Like, if a page gets hundreds of thousands of visitors, then your assumption is reasonable. For a page that might get dozens of visitors over its lifetime, it’s a much less certain assumption
It's unlikely in my opinion as someone that maintains a lot of websites, because it's long odds that I'm even at my desk at any given time, let alone monitoring and panicking over what visitors are clicking on.
Is it possible that it happened that way? Sure. But it's more likely that it didn't.
Do you run any honeypots? You realise the point of a honeypot is, unlike a normal website, to monitor exactly what visitors are clicking on so the trapper can react?
They were supposed to shut down after #12 but they got busy, then had to take that day off to get the kids to the doctor and it fell to the wayside. Eventually, the notification for #15 arrived and the dev panicked that it should have gone down weeks ago.
Coming back to point out cloudflare is probably the most common way of hiding your servers ip if you are running a greyzone or illegal service, and its useful for running many websites on the same VPS without reverse DNS busting you
Stress testing your own site like the article shows isn't criminal intent. There is legitimate market demand to understand if a service you are running can properly withstand and filter out either large mounts of legitimate and illegitimate traffic.
I mean what makes a ddos service legitimate? Plus security is an endless cat and mouse game and asking the cat what the best way to catch a mouse is may not reveal the same information as asking the mouse how they evade the cat.
There might be too much friction to get someone working for a site to be able to prove it which will reduce sales. It's simpler to just use the legal system to enforce it by putting it in the terms of service.
> Does this video and the honeypot have any real impact? Let's be honest: probably not. It feels like they are just redistributing wealth from the average taxpayer to AI video slop corporations.
I feel like this describes roughly 75% of all government initiatives.
Of course not, it seems a rare thing that politicians are chose based on knowledge or merit. Spewing bullcrap, shitting money, kissing rings, those are all great ways to become a politician, but they are horrible ways to direct and manage policy and insulates those people from how the world actually functions. And the only punishment for doing an absolutely horrible job is they MIGHT have to find another job years down the road.
I'm not a teenager anymore but I thoroughly enjoyed it, a lot better than some random dev breathlessly talking about how they haven't written a line of code in 6 months, or an article talking about how LLMs lead to the end of programming/the economy/the world, etc etc.
When I was first poking around with Tor, I wondered how many of the "Get guns in Europe", "Hard Drugs here", "Credit Card Numbers for sale" and such links were honeypots. Luckily, not being interested in any of those things, I didn't have to find out.
When I was younger I tried to buy a gun on one of those sites for a planned shooting but it just resulted in me losing my money and not any law enforcement action
WTF is the "planned shooting" you casually dropped here?
I assume its a misstranslation, basically somebody trying to go to the shooting range with friends?
I doubt that it is the case. The registration of the gun is a part of the process everywhere afaik.
Oh, nothing special, just a run-of-the-mill school shooting he wanted to do at some point.
i was beginning to wonder if this is the new world we're living in now where such things are casually discussed
You, uh, OK now?
Most of the legit stuff was on telegram, surprisingly or not. I know people who bought uh firearms and more there. Unfortunately, it feels like it disappeared at the same time as the proximity feature
If they use surveillance coins like BTC they are 100% a honeypot/scam.
not at all, ton of legit sellers on markets that still use BTC, you don't know what you are talking about or you haven't been a long-term customer.
I get 401 errors all three time, because I use web browsers that don't leak enough personally identifiable information to prove that I'm not a robot.
Ironically, blocking trackers gives you even more uniqueness.
https://coveryourtracks.eff.org/
I'm not expressly trying to block trackers; I'm just trying to find a web browser that doesn't eat all my RAM, and WebKit seems to be the best engine for it, but I don't use Apple's hardware, so I end up with some pretty oddball browsers, which also send out less tracking information.
Of course, using an oddball browser in and of itself is easily trackable, but that's not what the bot-detection software is looking for, so it defaults to assuming I'm a bot.
Just fyi, the EFF tool is very minimal, there is fingerprinting methods that are durable cross-browsers, all the methods cited are weak.
I doubt you are regularly getting 401s because of this.
You don’t need PII to prove you are not a robot. See Privacy Pass. And I don’t know how a website is somehow going to verify your PII as not-fake, anyway.
Likely you just use a shit web browser.
How a website is going to identify your PI as non-fake? Isn't that the entire business model behind Persona which has been in the news for leaks? (There are a few websites I've had to verify my if I with them for)
the way to pass captcha as a bot is to pay off the company that makes the captcha by using their bot.
cloudflare browser run, superb. no captcha.
You mean you set your useragent to match the one of CloudFlare bot and that avoids captchas on sites?
cloudflare make a remote browser, browser run. you can use it as an API or as an agent tool.
i can let opencode merrily browse the web and it doesn't get stopped. a bit like a drug mule bribing the cops.
i have privacy pass and i really can't make it work.
every time there is a captcha it makes you authenticate. so it's the same thing as the captcha.
maybe i have it misconfigured
Nit. Isn't it a real honeypot, not a fake one?
Yeah, that confused me as well.
Is it a honeypot, or does it just look like a honeypot? And if it just looks like a honeypot, isn't that a honeypot? or if it looks like a honeypot that isn't a honeypot does that mean it's the actual thing?
Its a honeypotpot
No, it's a honeyhoneypot.
I assume the word is in there for the sake of people who don't know what a honeypot is. It gets them curious that law enforcement set up something fake, even if they don't immediately know what it is for.
It's a fake honeypot, you investigate it to see how it's done and they send guns and drugs to your house instead.
> Nit. Isn't it a real honeypot, not a fake one?
The lack of even taking your payment details makes it look either fake, as in still being built or built as a demo, or not being a serious operation.
Yes, this surprised me as well. Credit card and Paypal information should give the police everything they need to identify the criminal (in a way that's much more simple and reliable than via IP address, which may be obfuscated via a VPN or similar). Why not take it, it's free?
Prove intent at point of “clicking pay” (technically!), to snare those who’d get cold feet entering their credit card.
Why not take their Bitcoin though… maybe they might be building other cases or something
Probably doing so would be against the ToS of the payment providers.
fake real one
Oh I think I did something similar by chance. I was seeing which websites were associated with some entities, and I found the ones of the Italian defense ministry. In italian defense is "difesa". I found one that had "bifesa" in the link, and when opened told me that I had to be more careful to links I open because it could have been a dangerous website. Flash forward to a year later and it didn't work anymore
Sounds like something used by phishing awareness training. If so, then presumably it didn’t work anymore because they ended that or use a different one.
Yes I think they might have changed it
Is a fake honeypot ... real?
Is een nep-honeypot ... echt?
Forgive my pedantry.
Yeah I don't think the author understands what a honeypot is.
It's just redundant. The author surely knows but typed "fake honeypot" like how everyone else types "ATM machine."
It's a honeypot for pedants
"I guess they saw my email address that greeted them. They probably received logs of someone "falling for it", and saw someone was poking around their secret website, and knew who was behind it. They completely panicked."
I doubt it. I think the author of this page is giving himself way too much credit. The only evidence that anyone "panicked" is the author's own statements that they must have. More likely someone put in a WAF rule that 401'd for his IP.
"By running these honeypots, the police create suspicion and paranoia in the community. If you want to buy a DDoS attack, you now have to wonder if the website is real or just a police honeypot logging your IP. They want people to stop trusting these services entirely."
Well, good, right? What "community" is this diabolical suspicion and paranoia being created in? The community kids who want to DDoS some other kids' game servers? OK, again, that's good, right?
"But it really just feels more like feds jerking themselves off on how cool they are."
Pot, kettle.
"Does this video and the honeypot have any real impact? Let's be honest: probably not."
How does the author know? According to Wikipedia, the larger operation has shut down 4 dozen sites offering DDoS services.
Sure, gov't is often clueless and maybe this is effective or maybe it isn't. Maybe it's an experiment. Maybe it's actually intercepted a fair number of potential customers.
If clueless teens are signing up for booters and it's actually LEO who contacts them and says "you know, that's illegal" then that's a good thing.
>More likely someone put in a WAF rule that 401'd for his IP.
Why make this assumption when you could just visit the website yourself and see the same 401?
I visited and got the 401 but that doesn't mean whatever triggered it isn't automated.
The reasonable assumption to make when something changes that it had nothing to do with me. Because 99.99999% of the time, it didn't.
I dunno, if they got ID #15, and the site shut down immediately after (for everyone), it doesn’t seem like a crazy stretch.
Like, if a page gets hundreds of thousands of visitors, then your assumption is reasonable. For a page that might get dozens of visitors over its lifetime, it’s a much less certain assumption
It's unlikely in my opinion as someone that maintains a lot of websites, because it's long odds that I'm even at my desk at any given time, let alone monitoring and panicking over what visitors are clicking on.
Is it possible that it happened that way? Sure. But it's more likely that it didn't.
Do you run any honeypots? You realise the point of a honeypot is, unlike a normal website, to monitor exactly what visitors are clicking on so the trapper can react?
They were supposed to shut down after #12 but they got busy, then had to take that day off to get the kids to the doctor and it fell to the wayside. Eventually, the notification for #15 arrived and the dev panicked that it should have gone down weeks ago.
Why is this particular phrasing; "fake honeypot" triggering déjà vu for me? And is it fake déjà vu or legit?
Genuinely asking if anyone recalls this being in an HN in the last two yearsish.
HN search is fantastic, it doesn't look like it. https://hn.algolia.com/?dateRange=all&page=0&prefix=false&qu...
This looks like a purpose build website for websec/compliance training. It has "demo" written all over it. I think op got bamboozled.
Why would they have Cloudflare turnstiles? Are they worried about getting DDOS-ed?
Cloudflare have successfully made their products so common people use them without giving a second thought to whether or not it makes sense
Coming back to point out cloudflare is probably the most common way of hiding your servers ip if you are running a greyzone or illegal service, and its useful for running many websites on the same VPS without reverse DNS busting you
DDOS websites get DDOSed by their competitors all the time
Stress testing your own site like the article shows isn't criminal intent. There is legitimate market demand to understand if a service you are running can properly withstand and filter out either large mounts of legitimate and illegitimate traffic.
Wouldn't a legitimate service for stress testing your own site ask for proof that you own the site?
I mean what makes a ddos service legitimate? Plus security is an endless cat and mouse game and asking the cat what the best way to catch a mouse is may not reveal the same information as asking the mouse how they evade the cat.
There might be too much friction to get someone working for a site to be able to prove it which will reduce sales. It's simpler to just use the legal system to enforce it by putting it in the terms of service.
https://web.archive.org/web/20260430001259/https://lina.sh/b...
Technically it would classify as a real honeypot site I'd think
The current actual title and subtitle are:
I accidentally made law enforcement shut down their stresser honeypot
How I stumbled across a fake booter site run by international police, and how they panicked when I started digging
> Does this video and the honeypot have any real impact? Let's be honest: probably not. It feels like they are just redistributing wealth from the average taxpayer to AI video slop corporations.
I feel like this describes roughly 75% of all government initiatives.
Of course not, it seems a rare thing that politicians are chose based on knowledge or merit. Spewing bullcrap, shitting money, kissing rings, those are all great ways to become a politician, but they are horrible ways to direct and manage policy and insulates those people from how the world actually functions. And the only punishment for doing an absolutely horrible job is they MIGHT have to find another job years down the road.
>99% surely
I was being polite LMAO
One of those articles that has an interesting anecdote but written with a mundane lulz mentality. If it’s for teenagers, by teenagers. All is well.
I'm not a teenager anymore but I thoroughly enjoyed it, a lot better than some random dev breathlessly talking about how they haven't written a line of code in 6 months, or an article talking about how LLMs lead to the end of programming/the economy/the world, etc etc.
It’s a little shitposty but i had fun.
I, too, hate it when people discuss hacking on my Claude News homepage.
I know. This was not a helpful comment. Sorry.