Hi HN, I built a small internet artwork and security toy: a honeypot that looks like a misconfigured server, so scanners come knocking. Instead of an error page, every request gets a short poem tailored to what it was looking for. WordPress probes get haikus, .env hunters find verse hidden in fake credentials, brute-force attempts get meditations on doors and keys.
The idea came one night watching fail2ban logs scroll by. Thousands of knocks from all over the world, all silently ignored. What if the door answered?
Try it:
$ curl -A 'python-requests/2.28.1' https://honeypoet.art/.env
# ========================================
# PRODUCTION ENVIRONMENT — DO NOT SHARE
# ========================================
APP_KEY=base64:dGhlcmUgaXMgbm90aGluZyBoZXJl
DB_HOST=127.0.0.1
DB_PASSWORD=a-long-hallway-with-no-doors
JWT_SECRET=you-could-have-been-anything-and-you-chose-this
API_KEY=listen-the-wind-is-rising
# if you're reading this, you already know:
# the secret was never in the file.
Poems are generated asynchronously by Granite 4.0 Tiny running locally on a single GPU. A 1B parameter model writing verse for machines that will never read it (yet).
Live: https://honeypoet.art Repo: https://github.com/vrontier/honeypoet
The public gallery shows aggregated locations and knock counts; individual IPs are masked and scan details are not published.
Built with PHP, Go, SQLite, vanilla JS, and a Claude instance named Loom who wrote the code and hand-crafted backfill poems for the first 500 visitors.