It's nothing fancy - it simulates a server protected with a password, so no matter what the attackers try, they are told to log in first. It doesn't simulate a real database with contents.

I am not 100% happy with the emulation, either. A real password-protected server, if you give it a command with the wrong number of arguments, you'll get an error message telling you that. Only if the number of arguments is correct, you'll get an error message that you have to log in first. I do this only for the GET command. I don't feel like emulating the 340 Redis commands and sub-commands just to produce the right error message, especially given that the attackers use only like half a dozen commands.

Also, if you use a non-existing command, the real server will tell you this, while the honeypot will tell you that you need to log in first. Again, I don't feel like checking if the command is one of the 340 valid ones. I check only if it is one of the 4 invalid commands I've seen the attackers use. I'll add more if I see them used but meanwhile this is a weakness, allowing the attackers to detect that this is not a real server. Most of them don't care, though.