> <i>records the interactions of hackers</i><p>Before you get too excited, I would say that a common mistake of inexperienced sysadmins is assuming all those brute-force attempts in the logs are results of those "hackers" and "crackers", it's not, not even a scriptkid.<p>All you can get by running a honeypot, like this one, is pretty boring activities by soulless, ancient worms and viruses, or automatic global Internet scanners running 24x7, not humans. Most of those are not even worth your time to block (e.g. if you only use strong password or pubkey, there are few reasons to fail2ban).<p>It's nothing personal. Any machine will be port scanned, vuln probed, brute forced, blindly hit with ancient "1 shot" exploits (e.g. ?file=../../../etc/passwd ). This is how the Internet works.<p>Another lesson is: <i>never</i> run any unsecured webserver/service on the public Internet, <i>never ever</i>, not even for debugging, period. Don't listen 0.0.0.0:80 if you have just installed your PHP management system, don't reset your forgotten MySQL password by disabling privilege checking before turning off networking first, if you just installed a new VPS with root password 123456 in a morning, don't wait until afternoon, change it immediately, etc.<p>The reason is exact the opposite, not because of "hackers" but those stupid worms. Ordinary life is boring: if you run a webserver with password 123456 (e.g. for debugging an issue on a disposable server - just for 20 minutes, you think, then you forgot it), you won't (or unlikely) to see someone hacking into your system, but it's a certainty that one of those stupid worms/viruses would infect your machine within hours, sometimes it's as quick as having your lunch. And it probably won't do much damage, but you would spend your time to reinstall the system again...