# Projects for idle VPS?



## Nova (Jul 29, 2014)

I just signed up here and think you can probably give me something to do. I have two cheap annual VPS servers that I am not doing anything with right now because work and family life has me tied down. Is there anything useful or neat I can run on them or use them to contribute to something else? What about running a honeypot or something to catch spammers andbots? Do any organizations have community driven scripts like that? How about a mirror for another project like a linux OS? Any ideas welcome.


----------



## Kayaba Akihiko (Jul 29, 2014)

Most budget hosts won't allow you to run @Home scripts on your vps.

I have the exact same problem - $26USD/Year worth of VPSs idling xD


----------



## HalfEatenPie (Jul 29, 2014)

Kayaba Akihiko said:


> Most budget hosts won't allow you to run @Home scripts on your vps.
> 
> I have the exact same problem - $26USD/Year worth of VPSs idling xD


It's because those scripts take up too much resources and are more fit for a dedicated server than a VPS.



Nova said:


> I just signed up here and think you can probably give me something to do. I have two cheap annual VPS servers that I am not doing anything with right now because work and family life has me tied down. Is there anything useful or neat I can run on them or use them to contribute to something else? What about running a honeypot or something to catch spammers andbots? Do any organizations have community driven scripts like that? How about a mirror for another project like a linux OS? Any ideas welcome.


You could probably run a honeypot or something like that. A mirror is probably more useful if it's permanent.


----------



## fm7 (Jul 29, 2014)

IMO a honeypot is useful only if you forward the entrapped IPs for someone that will take some effective (legal) action.

E.g. Spampoison has partnerships with big ISPs.


----------



## Aldryic C'boas (Jul 29, 2014)

fm7 said:


> IMO a honeypot is useful only if you forward the entrapped IPs for someone that will take some effective (legal) action.
> 
> E.g. Spampoison has partnerships with big ISPs.


Not at all... personal honeypots are highly effective for bolstering your own security points as well, even if you never report the intrusions to anyone.


----------



## wcypierre (Jul 29, 2014)

any nice links for honeypots? I would like to setup some to catch the latest attacks


----------



## raj (Jul 29, 2014)

How about using them for LowEndDNS.  Offer free DNS service.


----------



## fm7 (Jul 29, 2014)

Aldryic C said:


> Not at all... personal honeypots are highly effective for bolstering your own security points as well, even if you never report the intrusions to anyone.


I see no point in risking the node/provider stability, compromising the quality of a service shared by many clients,  trying to fight bad guys with a small VPS.

If you haven't anything to do just press power off and let the other people sharing the infraestructure make better use of the resources.


----------



## Aldryic C'boas (Jul 29, 2014)

You're not risking node/provider stability if you set it up correctly.  The point isn't to just have an easy-compromise container sitting out waiting to be abused, but rather to have a carefully locked down trap that "lets people in" via common compromise points, only to prevent them from taking any actual action with the VM itself.  The goal is essentially a container with minimal resource usage that continuously provides 'bad' IPs and netblocks that you can use for your own firewalls.


----------



## DomainBop (Jul 29, 2014)

open source software (company is funded by Google Ventures) that automates setting up/monitoring honeypot: http://threatstream.github.io/mhn/

article about the software http://www.darkreading.com/analytics/threat-intelligence/open-source-tool-aimed-at-propelling-honeypots-into-the-mainstream/d/d-id/1278726


----------



## gxbfxvar (Jul 29, 2014)

SMTP tarpit could be one option. You don't really need to accept the email, just keep incoming SMTP connections open 1..24 hours (or until the spammer gives up).


----------



## fm7 (Jul 29, 2014)

Aldryic C said:


> You're not risking node/provider stability if you set it up correctly.  The point isn't to just have an easy-compromise container sitting out waiting to be abused, but rather to have a carefully locked down trap that "lets people in" via common compromise points, only to prevent them from taking any actual action with the VM itself.  The goal is essentially a container with minimal resource usage that continuously provides 'bad' IPs and netblocks that you can use for your own firewalls.


I couldn't agree more but there is a "small" requirement: you must be a seasoned *pro* to do this thing right. It is not something you should recommend to someone searching a use to an idle VPS because it certainly backfires if not properly done..

Maybe something like https://seattleclearinghouse.poly.edu/html/login could be productive and riskless.


----------



## Aldryic C'boas (Jul 29, 2014)

fm7 said:


> I couldn't agree more but there is a "small" requirement: you must be a seasoned *pro* to do this thing right. It is not something you should recommend to anyone searching a use to an idle VPS because it certainly backfires if not properly done..


I absolutely 100% agree there.


----------



## Nova (Jul 29, 2014)

DomainBop said:


> open source software (company is funded by Google Ventures) that automates setting up/monitoring honeypot: http://threatstream.github.io/mhn/
> 
> article about the software http://www.darkreading.com/analytics/threat-intelligence/open-source-tool-aimed-at-propelling-honeypots-into-the-mainstream/d/d-id/1278726


Oh cool, I did not know about this, I may give it a try.


----------

