Pick up daily statistics from @MIRE - summarising the cost in time and bandwidth to those scanning for non-existent content protected by The MIRE/C³

#MIREC3 #Treacle #CyberSecurity

Update from the MIRE/C³ lab 🧪

The neutral 404 handler now catches all trapped errors. I’ve also added a 5–15 second delay before the page is served.

Why? Because scanners hate waiting.

On top of that, the response now includes a small set of AI-targeted “cease and desist” instructions. The hope is that both humans and automated tooling decide to move along (I doubt that…)

Try it yourself:
https://cfdemo.mire.cc/cfdemo.html

#CyberSecurity #Honeypots #IDontThinkSo #MIREC3

The standard 404 page from The MIRE/C³ has been revamped to include guidance for AI bots that manage scanning and probing activities on domains shielded by The MIRE/C³.

You can see it in action with the Sample 404 page at: https://cfd.mire.cc/cfdemo.html.

#404Update #AIGuidance #CyberSecurity

Expanding the trap: MongoDB support is coming to @ThinkstCanary OpenCanary! 🛡️
I’ve always been a fan of Thinkst OpenCanary for its simplicity and effectiveness. However, I noticed a gap: as MongoDB remains one of the most targeted NoSQL databases by attackers (especially with the recent CVE)), we needed a dedicated module to catch those specific "low and slow" probes.

I’m excited to share that I’ve officially submitted a Pull Request to add a MongoDB honeypot module to the OpenCanary ecosystem!

What this means:
• Realistic Decoys: Mimics a MongoDB instance to lure in attackers looking for data leaks.
• Granular Logging: Captures connection attempts and query patterns.
• Better Coverage: Extends your internal deception mesh to cover NoSQL environments.

Check out the PR here: https://github.com/thinkst/opencanary/pull/444
Huge thanks to the Thinkst team for maintaining such a vital open-source project. Feedback and testers are welcome!

#OpenSource #CyberSecurity #OpenCanary #Honeypot #MongoDB #InfoSec

Watch webservers be attacked in real time - and defend themselves

https://mire.cc/live/

#MIRE/C³ - Stop Defending, Start Deceiving

My logs were full of attackers probing for secrets. Now, they’re just wasting their own money.

Introducing MIRE/C³: A deception layer designed to drain attacker resources and trigger immediate alerts via canary decoys.

Let them in. They’ll never find the way out. 🕸️

Try it for yourself:
https://cfd.mire.cc/cfdemo.html
#MIRE #CyberSecurity #DevSecOps

Curious what’s scraping my MIRE/C³ cluster?

See what attackers are probing for—and what happens when they try.

I’ve enabled live logging (last 50 lines visible). It should also help me stress-test the host if the traffic spikes…

https://mire.cc/live/

The #opencanary MongoDB "authentic" trap is now running, it allows an unauthenticated attacker to dumb data and leave a ransom note.

I've not tested the exfiltrate logic but let's just say canary tokens and synthetic marmite is provided.

https://toce.ch/unauthenticated-mongodb-honeypot/

MONGO WUZ HERE. ALL UR DATA R BELONG TO US. POOF! 😂

I added my own #MongoDB stack to #OpenCanary in 41 minutes!!

It seems attackers care less about #MongoBleed and more about deployments facing the Internet and having no authentication.... 🤷‍♂️

https://toce.ch/opencanary-mongodb-honeypot/

#AllUIRDataRBelongUs

The probes and attacks on the MIRE/C³ cluster fall into many categories with some seeing large volumes of connection attempts and some with few connections (all connections being willingly served with MIRE content, of course).

See for yourself what attackers are trying to steal. On the MIRE/C³ cluster, they are "successful."

⏲️  

https://mire.cc/types-of-attacks/