In July 2001, the Code Red worm infected over 359,000 hosts which were running a vulnerable implementation of Windows NT. Visitors to compromised websites were greeted with the message: “HELLO! Welcome to http://www.worm.com! Hacked By Chinese!”
Code Red and the phrase “Hacked by Chinese!” have long since passed into internet legend but the danger of website defacement is clear and present. Hackers can target your site at any time, so unless you are viewing a page as its been changed, it’s hard to respond quickly.In this guide, you’ll discover an elegant solution to the issue of website defacement in the form of the very best security tools on the web today. These automate the task of regularly checking your domains for anomalies and make sure to notify you if any unauthorized changes are detected.
There are options to match all budgets from free services suitable for the occasional blogger to premium platforms for large business owners.
Visualping is a deceptively simple tool which offers powerful protection against website defacement. Users of the website or iOS/Android mobile apps need only enter a URL and their email address to receive regular updates of any changes made.
The tool works by making regular snapshots of the page in question then comparing these on an hourly, daily or weekly basis. It can also be customized to trigger an alert for tiny, medium or significant changes.
Visualping is not designed specifically for website defacement. As the developers’ website mentions, it will work equally well for checking on the release on concert tickets or a new product launch. However its ability to display superposed ‘images’ as well as the fact you can control the frequency Visualping checks for changes means it’s certainly fit for purpose.
The basic free version of Visualping allows you up to 2 free checks per day. Costs vary after this on a very reasonable sliding scale depending on the number of checks required. For instance, to have Visualping check your site 40 times a day (every 36 minutes) would cost just $13 (£9.72) a month.
If you need to monitor multiple domains consider installing the Visualping Chrome web extension. Once installed just click the Visualping button to start monitoring the current page.
Through to its name Visualping may not be able to detect invisible to changes to pages such as modifications of source code. If malware is a concern consider one of the other tools in this guide.
StatusCake is a many-layered treat for webmasters. This British-based site offers a way to check your pages for defacement and downtime from a variety of locations: the project maintains 48 monitoring centers in 28 countries around the world. Many centers support the more recent IPv6 protocol.
This offers subscribers a much more refined experience over simpler competitors. Not only can you adjust the frequency of checks but you can also specify the location from which you want to monitor pages. StatusCake even offers a speed test to show how quickly a page loads when checked.
There is a free package that can perform up to 10 checks at 5-minute intervals. This is fine for hobby bloggers and those with very monolithic websites but business owners can benefit more from a paid subscription.
These are very competitively priced compared to other monitoring services. StatusCake’s ‘superior’ subscription, for instance, costs only $24.49 a month and performs up to 100 checks at 1-minute intervals. You can lower that to $20.41 per month with annual billing.
Regardless of which package you choose, StatusCake includes multiple notification options including email, text message and even push notifications via Android/iOS. This service also works with some third party apps such as PagerDuty.
Sucuri began in 2010 under the guiding hand of developer Daniel Cid who envisioned a tool which could give webmasters better insight into the security status of their websites.
It’s safe to say that Mr. Cid has been successful. The cloud-based SaaS (Software as a Service) Sucuri works not only as a monitoring platform but contains many tools to help prevent malicious attacks by hackers such as a Firewall, anti-virus and DDoS protection. This may be why Sucuri was acquired by legendary hosting provider GoDaddy in March 2018.
The Sucuri Website Firewall can handle malware prevention through use of a dedicated whitelist, so that only authorised parties can connect to your site. Sucuri also regularly monitors changes to your pages and can display appropriate warnings. Furthermore, there is a free website malware and security scanner that you can use at sitecheck.sucuri.net.
The service also maintains a dedicated incident response team, who work 365 days a year to assist you with restoring your site if anything goes wrong. Subscribers to the ‘basic’ Sucuri package for $199 (£149.46) per year are guaranteed a response within 12 hours to all support requests of this kind. The basic tier also includes features such as the firewall (with support for whitelists and blacklists), continuous scanning for defacement and malware cleanup.
Sadly, there is no free trial for Sucuri, however the main site offers a money back guarantee within 30 days if users aren’t satisfied.
OnWebChange is one of the most versatile and useful tools when it comes to defacement protection. Since it was originally developed by Briton Tom Carnell in 2009 the service has exploded and can boast tens of thousands of users. This is due in part to the sophisticated monitoring features. In the first instance, users can select one or more areas to monitor within a web page. This is ideal if you maintain pages with dynamic content.
OnWebChange will notify you each time a change takes place, either via email or via push notifications in Android/iOS. Power Users can also use a HTTP CallBacks with their own login data to adjust website content automatically e.g. to restore a defaced page. Furthermore, users can use multi-region tracking which allows you to visit the web pages as if you were visiting them from different geographic regions around the world. In addition, the “Browser Mode” feature is available, which allows you to track any public webpage.
The generous free tier offers subscribers advanced CSS (Page Content Selection) as well as the ability to scan both PDF and plain text files for changes. Free tier users are permitted a maximum of 3 tracked sites a month. Checks are made up to 30 times (roughly once a day).
Premium subscribers such as those who opt for the ‘Standard’ package for $3.10 (£2.55) a month, benefit from advanced features such as unlimited trackers and checks every 60 minutes. The highest tier of subscription called “Turbo-100”, enables 5 minute tracking with some additional features.
Fluxguard offers various powerful features in addition to defacement monitoring and as such attracts a variety of customers. Its website change monitoring is quite effective with full browser page crawls and other functions depending on what you paid for.
The service provides multiple levels of web change detection. Every page is screenshotted and any pixel changes are detected. The HTML is compared and the text is extracted and checked for changes, and the complete network change analysis is done. The service also runs Google Lighthouse audits. The already mentioned full browser page crawls include complete network activity logging, multiple screenshots, rendered DOM capture, and a few other things.
The pricing is versatile with several plans available, including the free plan. The free plan gives you 50 credits per month, and 1 credit equals one full page crawl, so you can crawl and monitor 50 pages per month. The plan includes visual, HTML, and text change detection, as well as 100% dynamic page monitoring. You also get Google Chrome crawler, Google Lighthouse audits, and instant email alerts.
The cheapest paid plan was priced at $25 per month, and it gave you 1000 credits per month and the ability to crawl every 5 minutes, but curiously it seems to be gone. The current pricing starts at $99 per month for 10000 credits, crawling every 5 minutes, and some additional features. There is also a 7-day free trial for all paid plans.
All things considered, Fluxguard is a good choice for all your defacement monitoring needs and their free plan offers a good starting point in exploring what the service can do.
Image Credit: Wikimedia Commons (Peter Angritt)