The Canary in the Cloud

OpenCanary 2.0 in Oracle Cloud continues to flourish. The main reporting mechanism is a webhook into Loggly from SolarWinds and it gives an overview of the connection attempts to the Canary along with the ports, protocols, source and username/password combinations.

It may be that the virtual host in Oracle Cloud lacks a little “fizz” but I’ve found a cronjob under the OpenCanary user that simply restarts the OC every three days has made for some reliable reporting (without this, I had gaps in the webhook reporting while the log files were being written to).

The result is a projected volume of events which will be between 8.5 and 9 million per year.

172’000 connections in 7 days to the OpenCanary

Drilling into the logs further, it would appear that the volume of events with connections that log a username or password being used will be in the region of 4.6 million attempts per year.

90’000 connections with a username transmitted in 7 days

Sadly, the free Loggly plan does not allow me to leverage dashboards so the pie charts breaking down the events are no longer available; I cannot qualify a hobby experiment costing $99 per month…!

My search for some open source software to assess the log files or webhook into continues as the picture over time will be an interesting (and challenging) one.