Website defacement attacks are designed to change the visual appearance of a website by injecting unwanted imagery onto the site, or by changing its text. These types of attacks take advantage of lax web security and other vulnerabilities that Uptime.com can help monitor. While our service is primarily used for downtime monitoring, some clever applications of our checks provide support for web defacement.
Checks for Site Security
There are two flags that may indicate your website has been hacked for the purpose of defacement. The first is a change in DNS records, and the second is distribution of viruses or malware. If search engines like Google detect malicious software, you could also be blacklisted. To guard against web defacement, we recommend the following infrastructure checks:
These checks are run as part of the Uptime.com Domain Health Check, and help alert you of possible breaches in your infrastructure (IE DNS information changed, SSL certificate expired or changed, either of which could indicate a hijacking).
After running a Domain Health Check, you will have the option to configure these checks in a single click.
HTTPS String to Expect
It’s possible to utilize an HTTPS check for defacement checking when the optional String to Expect is used. String to Expect confirms text is on the page, then the check issues an alert based on the options chosen in String Comparison. This optional parameter gives you the power to detect when certain keywords are present or not.
Fail if Specific Keywords are Detected
For example, a string to expect with the word “gambling”, and a String Comparison of Fail if Regular Expression Matches would issue an alert if the URL has the word “gambling” anywhere.
Fail if Specific Keywords are Not Detected
If the web defacement attack involved a full replacement of your page, such a check would issue an alert as it occurs. Conversely, you can create a similar HTTPS check using String to Expect to tell Uptime.com to look for keywords or headlines that are prominent and important on your site. Designate the String Comparison as Exact Match and Uptime.com will issue an alert if that headline or keyword disappears from your site.
Avoiding Unnecessary Alerts for Web Defacement
One of the complications in web defacement monitoring is identifying that a particular page was defaced and not just changed or updated by your team. As you create checks for defacement monitoring, consider supplemental checks that signal failure if specific elements that never change are missing. Here are a few examples:
- Creating an HTTPS check that will fail if it does not detect your Analytics script
- Creating an HTTPS check set to fail if your title tag is changed
- Creating an HTTPS check that will fail if a tracking pixel fails to load