[LinuxBender]

Targeted attacks will eventually figure out the honeypot, though may trip over it a bit and create some noise. Hopefully this causes someone to look at the attacker. This can also be useful forensic data to provide to the authorities.

Bots doing initial discovery won't figure it out. I have the same bots trying to log into my SFTP server today that have been trying for years. It's not even a honeypot. I literally create accounts for all the bots with a null password in hopes they one day upload something neat.