One of the most forgotten aspects of server security, is how to detect an intruder or malware that has breached your first line of defenses. When people think of post-infection defense, they tend to think of anti-virus -- however, it is rarely used on servers due to high false positive to true positive ratio, as well as the large amount of resources it needs relative to ineffectiveness in combating novel and targeted threats.

Honey Pots offer an interesting alternative or supplement, they can often eliminate false-positives and incur no extra resource costs. Honey Pots function as a trap, or a sort of trip-wire to detect intruders -- and normally developed in an application specific manner. However, this doesn't need to be the case, general Honey Pots are easier to setup and more widely applicable.

Host-based Money Pots offer an interesting method of . With hundreds of unique strains of malware now including crytographic currency stealing routines, leaving unguarded (read: unencrypted) bitcoins in a wallet is a simple and effective way. If the money goes missing, you know with complete certainty that your computer is compromised. The amounts can very from a very small amount (e.g. $5) to catch out general purpose malware, or companies have experimented with leaving up to $10000 to function as a bounty-program.

Bitcoin Vigil is a service that can generate such bitcoin honey pots for you, without needing to install software or need to have your own bitcoins, but for the sake of this article we will do it manually.

Step 1: Install Bitcoin Core

Install Bitcoin Core and follow the instructions for your computer

Step 2: Run bitcoind (This will create a wallet)

We are now going to run bitcoin, and leave it running

bitcoind -daemon

Step 3: Find an address

(in a new terminal)

bitcoin-cli listreceivedbyaddress 0 true

And pick any one of the returned addresses (it doesn't matter which)

Step 4: Send bait to this address

We recommend sending 0.02 BTC to this address, this amount of money you will lose in the case of intruders.

Step 5: Check your balance

Easiest way is to check: https://blockchain.info/address/YOUR_ADDRESS Confirm the money is on the address.

Step 6: Deploy the Honey Pot

You can skip this step if Bitcoin was generated on the machine you wish to protect.

First close the original bitcoind server. Once it's shut down, the wallet will exist:

• Windows: C:\Documents and Settings\YOUR-USER-NAME\Application data\Bitcoin\wallet.dat
• Linux: ~/.bitcoin/wallet.dat
• Mac ~/Library/Application Support/Bitcoin/wallet.dat

The file should be moved onto the device you which to protect, in the default file location (for that operating system)!

Step 6: Monitoring your address

By monitoring your address for activity, you will be able to be informed quickly about any intruder or malware that includes cryptocurrency stealing routines.

Do-it-yourself options:

• Monitor https://blockchain.info/address/YOUR_ADDRESS for changes
• Run bitcoind with bitcoind -walletnotify=./alert_script.sh

It's important to do such monitoring from a different computer, as any intruder capable of stealing your bitcoins would also be cable of seeing (and disabling) any monitoring.

Bitcoin Vigil offers a free Instant email and SMS notifications service, named "locked moneypot" for people who have already created a funded honey pot.