T-Pot on AWS: Only seeing scans. How to attract more active attacks?

[06wzm06]

Hi, I’ve deployed T-Pot on AWS with all ports open (0.0.0.0/0). So far, I only see mass scans and very little interaction.Any tips to make the instance more credible or "attractive" to attackers? Should I change the hostname or tweak any specific service config to avoid looking like a standard VPS?Thanks!

[dmille6]

• link a domain name to it. something like remote..com
• dont turn everything on so it looks like a honeypot.. only open a few common services like SSH, VNC
• with the services you do open up/turn on, change the headers and some of the configuration so its not the default.

[06wzm06]

Is it possible to do it in an EC2 container? I can't connect to it via SSH again. It's giving me problems, and that's the only thing I can think of.

[dmille6]

I've created them in azure and aws both took a little work to get right, but they worked. (just got expensive)