Website Defacement

Website defacement refers to an attack on your website that alters your website's structure with potentially hazardous content, graphics, malicious code insertions and more. With Site24x7's website defacement monitoring capability, you can periodically monitor the integrity of your webpage and check for any modification of the content and critical elements, viz., img, script, anchor, link, and iframe. If a mismatch is detected during a poll, Site24x7 will immediately notify you by sending an alert, so that the problem can be addressed before your customers are at risk. You can also monitor any unintentional and unauthorized changes to company websites by company employees. Your websites can be monitored from your configured primary monitoring location. Site24x7 offers end-to-end monitoring from 110+ global locations around the world.

Tutorial Video

Table of Contents

How It Works

A document object model (DOM) for a webpage lists each element that appears on the webpage, including content, links, style specifications, scripts and more. The Website defacement monitor fetches this document object model (DOM) for your website during the initial monitor setup process; once the monitor is created, the monitoring engine will fetch each website pages twice consecutively to detect and update the content modified threshold automatically. Further, compares the webpage's critical elements, viz., img, script, anchor, link, and iframe each time during a poll, in order to detect any defacement, modification, or malicious code insertions. An element is considered modified, if the "href/src attribute" is changed to a previously unknown domain name. You'll be promptly alerted and notified via Voice, SMS, IMs, Email, RSS, Browser and Mobile push notifications whenever a defacement is detected. The following checks are performed in the Website Defacement Monitor:

  • Text Defacement - Identify any content changes with respect to the visible content in the rendered website page.
  • Text Modified Percentage - Identify the percentage change in content against the base DOM content and alerts based on this.
  • Script Modified PercentageIdentify the percentage change in script against the base DOM view.
  • Script Defacement - Identify changes with respect to the scripts embedded and detect any 'src' attribute change for the external script.
  • Image Defacement - Identify 'src' attribute changes with respect to the images present in the website page. Alerts only if there is any image displayed from the domain other than the original domain in the DOM.
  • Anchor Defacement - Identify 'href' attribute changes in the anchor links present in the website page. Alerts only if there is a link to a new domain other than the original domain in the DOM.
  • Iframe Defacement - Identify 'src' attribute changes in the iframe element and notify if there is a change in the domain name in the configured URL.
  • Link Defacement - Identify 'href' attribute changes in the link element of the website page.
Site24x7 uses the following user agent to render the web page:

Mozilla/5.0 (Unknown; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) HLB/1.247

Add a Website Defacement Monitor

  1. Login to Site24x7 web client.
  2. Click Admin > Inventory > Monitors > Add Monitor.
  3. Select Website defacement in Add Monitor page.
  4. Specify the following details to add the website defacement monitor:
    • Display name: Provide a name to identify this monitor in the dashboard.
    • Domain URL: Specify the web page to monitor.
      The URL must be a HTTP or HTTPS address. All SSL certificates are trusted.
    • Allow Domains: Provide third-party domain names in your DOM, which can be trusted during monitoring.

    • If you wish to monitor multiple web pages in your website domain, Access "Get Website Pages Link" > Provide Domain URL > Click Get website pages.
      You can use this wizard to add upto 10 web pages in your domain.

    • The top 10 web pages in the domain are automatically picked up and listed by the wizard. You can add or remove any web page URL from this list as per need. Once done, Submit the Save to Monitor button.

    • All the submitted web pages will be listed one-by-one, along with their corresponding web page URL, threshold detection mode, script modification threshold limit value and content modification threshold limit value.
      By default, the Threshold detection is set to "Auto" mode. Site24x7 will auto-detect and update the script and content modification threshold values by checking the web page twice consecutively after set up. While in “Manual” mode, you can custom enter values to define the threshold limits.

      A "Script Defacement" alert will be triggered if the web page is modified beyond the preset threshold limit.

      A “Content Defacement” alert will be triggered as and when the page content, which is visible to the end user is tampered with beyond the preset threshold value.

    • Defacement Type: Specify the type of Defacement you want to monitor for, by choosing an option from the drop down list.
    • Check Frequency: Specify the interval at which you want to monitor the web page. You can set the poll frequency to the following values; 1 hour/2 hour/3 hour/6 hours/1 day.
    • Associate with Monitor Group(s): Choose an existing Monitor Group or create a new one. Monitors can be organized into Monitor Groups to ease administration. 
      To learn how to create a monitor group for your monitors, refer Monitor Groups.

  5. Specify the required details for HTTP Configuration:
    • Authentication credentials (Basic/ NTLM): Provide the Username and Password for URLs requiring Form-based authentication.
      HTTP Basic access and NTLM authentication are supported.

  6. Specify the following details for Configuration Profiles:
    • Monitoring Locations: Choose an existing location profile or create a new one. A location profile is a group of one or more global locations to monitor from.
      To know more, refer Location Profile.
    • Tags: Associate your monitor with predefined Tag(s) to help organize and manage your monitors creatively. Learn how to add Tags.
    • IT Automation: Select an automation to be executed when the website is down/trouble/up/any status change/any attribute change. The defined action gets executed when there is a state change and selected user groups are alerted.
      To automate corrective actions on failure, refer IT Automation.
  7. Alert Settings:
    • User Alert Group: Select the user group that need to be alerted during an outage. To add multiple users in a group, see User Alert Groups.
    • On-Call Schedule: The On-Call Schedule option helps you to ensure that the notifications are sent to assignees in specific shift hours helping them to quickly respond to alerts or incidents. Choose an On-Call of your preference from the drop-down. 
    You can receive alerts if the monitors are associated to user groups irrespective of the On-Call shift you've configured.
  8. Third-Party Integration: Associate your monitor with a pre-configured third-party service. It lets you push your monitor alarms to selected services and facilitate improved incident management. If you haven't setup any integrations yet, navigate across to ”Admin > Third Party Integration” to create one. Tell me more.
  9. Click Save.

Learn more about the various performance metrics of your Website Defacement Monitor.

Was this document helpful?
Thanks for taking the time to share your feedback. We’ll use your feedback to improve our online help resources.

O