The OpenCanary Experience

The data that you can search through in this website is collected from honeypots being run in the Internet. Connections via SSH and Telnet leave their used credentials in a log that is correlated and extracted for use on this website.

We are Borg

Typically, it will not be a person trying to log in but rather a machine; in botnet basics, the machine connecting to the honeypot is attempting to add the honeypot host to the botnet. Think of the quite famous Mirai Botnet with 60-or-so credentials that are being leveraged to assimilate more hosts.

What came first, of course, is the Tyranny of the Default (Credentials) and not the Mirai botnet; the botnet exists because these credentials are widely left in place on Internet-exposed hosts.

The OpenCanary Experience

The OpenCanary Experience (TOCE) gives some background on the honeypots and dives into some of the discoveries those deployments are making.