What’s A Honeypot, And Why Should You Avoid It When Collecting Data Online?

What’s a honeypot?

Before we dive into the how, let's first go over some basics. A honeypot is a security mechanism that can act as a decoy for a computer or a computer system, software, or application. It’s an extremely efficient way that cybersecurity companies and teams use to bait hackers and cybercriminals. So, those who want to unethically track information and store it find themselves caught right in the act.

While a honeypot will never replace firewalls and other full-fledged security protocols, it’s still a great way to not just catch cybercriminals but also learn from them and use this information to improve existing security measures. 

Benefits of honeypots

• Tracking and blacklisting malicious individuals, systems or servers. 
• Improved overall security by learning from hacker attacks. 
• Monitoring and preventing any upcoming attacks.
• Less-secure honeypots can be hacked and used against the system it tries to protect. 
• A honeypot will never replace a full-scale security system, as a honeypot is usually aimed for a specific purpose. If a hacker attacks other parts of the system that aren’t on the honeypot's radar – it won’t be alarmed and you’ll be, well, hacked. 
• Honeypots cannot distinguish a ‘bad’ web crawler from a ‘good’ one.

Drawbacks of honeypots

How do honeypots work?

The main idea of a honeypot is to make it look as real as a target system or application as possible so that it would successfully attract hackers and cybercriminals without them realizing they got into a honeypot. This is done with the help of computer systems, applications, software, and servers.

Currently, honeypots are divided into two main branches based on their purpose: research and production honeypots. Research honeypots are low profile and allow specialists to study the actions of cybercriminals. Production honeypots, on the other hand, act alongside real production servers. These honeypots detect any intrusion and act as a decoy for the real system, guarding it.

A good example of how a honeypot could catch malicious individuals is when a honeypot is disguised as a registration or billing form. Since these pages can contain valuable information, it’s a popular target for cybercriminals. But if a well-designed honeypot is behind it – hackers end up getting caught and their actions analyzed to improve the overall security and health of a website. 

Different types of honeypots

Since a honeypot is a popular and useful tool to help catch bad guys on the world wide web, they come in all shapes and sizes. But, on a more serious note, honeypots can be roughly categorized into three main types. 

Low-interaction honeypots

As the name already suggests, these honeypots are rather simple, minimalistic, and offer little interaction. In a sense, due to its simplicity, it’s also one of the safest honeypots because the chances of it getting hacked are very low. This is also why these honeypots don’t attract much attention from hackers. Its’ main purpose is to monitor and alert the system when it spots an intruder.

High-interaction honeypots

These honeypots make use of real, existing applications or software that are purposely left unprotected in order to attract cybercriminals. And since high-interaction honeypots operate on actual websites, applications, and software – hackers fall into them much easier. 

It’s one of the best ways to catch a hacker red-handed and study their actions in order to gain valuable insights for security improvements. However, because these honeypots operate on compromised platforms, they’re also at a much higher risk of being hacked and being used against the system it's trying to protect.  

Pure honeypots

Pure honeypots are on a completely different level when compared to low and high-interaction honeypots. These run on several servers that emulate a full-scale application, website, or software. They’re much harder to distinguish from a real system, they’re more secure, and they often include “confidential” information that attracts many hackers. 

It’s probably the best honeypot to use, though it should be kept in mind that due to their complexity they’re more expensive and are difficult to maintain. 

Honeypot use cases

Malware detection – in order to detect malware and prevent attacks in the future, some honeypots are designed to promote attacks. The information learned from the detected malware can then be used to improve or even create better antivirus software. 

Email spam trap – email honeypots are inactive or decoy emails that attract spammers. As a result, they don’t just leave information that can be traced back to the evil spammer, but also end up on the blacklist of addresses that can be blocked. 

Honeynets – they’re a great way to test any existing vulnerabilities within a network. Having multiple honeypots connected to a honeynet makes it much easier to attract attackers and fool them into thinking that they’re gonna have a great time taking valuable information while, in reality, they’re the ones giving information.  

Decoy databases – in this particular case, a honeypot would serve as a decoy for an existing database with fake information. As such, the actual information would be protected while the attacker scrolls through the decoy version and ends up getting caught. 

Client honeypots – the more proactive one of the bunch, this type of honeypot actually goes all out and seeks out malicious servers. At the same time, it also monitors for any suspicious activity since they’re equipped with special mechanisms to counteract any attacks. 

Spider honeypots – target specifically malicious web crawlers, in essence obstructing them from gathering information. Usually, if a website has a spider honeypot, it’ll have specific links acting as triggers. And when the information in those links is scraped, the honeypot will kick in and trap the crawler. 

How to avoid honeypots during data collection

Honeypots serve as a great additional line of defense, but when it comes to web scraping publicly accessible data, it can get tricky, to say the least. A spider honeypot is like a double-edged sword because these honeypots can’t tell which web crawler or scraper is good or bad. 

So, for those who’re collecting data for legitimate purposes – you can end up in a honeypot trap. Luckily, there are certain steps you can take to avoid getting trapped in a honeytrap.

Arm yourself with proxies

Web scraping can be troublesome even without proxies, particularly when we talk about big-scale data gathering projects. Data gathering has numerous benefits for marketers, businesses, researchers, and freelancers – but without proxies, they wouldn’t go far. 

A good rotating residential proxy service is essential to web scraping as it provides you with many different IPs that are constantly changed. And since residential proxies come from household devices worldwide, every rotated IP will look like an average internet user. The result – a hassle-free data gathering experience without IP bans, blocks, and no CAPTCHAs. 

If you’re looking for a trusted proxy provider, why not give us a try? Smartproxy is known for offering a great residential proxy service with over 40 million unique IPs all around the world. Quality, security, and speed are our top priorities, but we also know that it’s not always easy to commit. Drop a message to our 24/7 customer support team and see whether or not we’re a match. 

Steer clear from free proxies

If you’re thinking you can get away with a free proxy service – you won’t. As magical as it sounds, there’s rarely anything for free on the internet. Data is one of the most important things that can act as currency on the web, which is why so many companies invest heavily in the security of not just their own product, but their users as well. 

The problem with free proxies is that they have little to no security and, in extreme cases – monitor your activity, track and store your personal information and even sell it to third parties. It’s important to understand the risks of using free software, so if you want to learn more, we highly recommend reading our other blog post, where we talk more about why you shouldn’t use free proxies.  

Avoid public WiFi 

Being aware of good honeypots that simply can’t tell if a web crawler is good or bad is one thing. Sadly, cybercriminals also have their own honeypots. And one of the most popular ones can be public WiFi. If you connect to it and start your scraping project, you can accidentally leak valuable information to the hacker monitoring your activity. 

Know your target websites

Make sure the website you target doesn’t use honeypots. Check the links on the website, as it’s the surest way to detect whether or not there’s a honeypot waiting around the corner. A good practice would be to program your software to look for “display: none” and “visibility: hidden” CSS elements. They’re indicative of a honeypot trap and can’t be seen plainly by a human. 

And while you’re at it, confirm whether or not you actually can web scrape info from the selected website. Publicly available data is one thing, but we also have to respect the websites we scrape information from. 

Wrapping up

Honeypots can offer some sweet information to cybersecurity experts worldwide from monitoring hacker activity, but it’s not as sweet to everyone. For anyone involved in public data collection, online honeypots and honeytraps can be a real headache without the proper precautions. That’s why it’s important to do your homework before embarking on your web scraping quest. As long as you follow the advice listed in this blog post, you’ll get the data you need in no time and without falling into a single trap!