In July 2001, the Code Red worm infected over 359,000 hosts which were running a vulnerable implementation of Windows NT. Visitors to compromised websites were greeted with the message: "HELLO! Welcome to http://www.worm.com! Hacked By Chinese!"
Code Red and the phrase "Hacked by Chinese!" have long since passed into internet legend but the danger of website defacement is clear and present. Hackers can target your site at any time, so unless you are viewing a page as its been changed, it's hard to respond quickly.
In this guide, you'll discover an elegant solution to the issue of website defacement in the form of the very best security tools on the web today. These automate the task of regularly checking your domains for anomalies and make sure to notify you if any unauthorised changes are detected.
There are options to match all budgets from free services suitable for the occasional blogger to premium platforms for large business owners.
- We've also highlighted the best web hosting services
Visualping is a deceptively simple tool which offers powerful protection against website defacement. Users of the website or iOS/Android mobile apps need only enter a URL and their email address to receive regular updates of any changes made.
The tool works by making regular snapshots of the page in question then comparing these on an hourly, daily or weekly basis. It can also be customized to trigger an alert for tiny, medium or significant changes.
Visualping is not designed specifically for website defacement. As the developers' website mentions, it will work equally well for checking on the release on concert tickets or a new product launch. However its ability to display superposed 'images' as well as the fact you can control the frequency Visualping checks for changes means it's certainly fit for purpose.
The basic free version of Visualping allows you up to 2 free checks per day. Costs vary after this on a very reasonable sliding scale depending on the number of checks required. For instance, to have Visualping check your site 40 times a day (every 36 minutes) would cost just $ 13 (£9.72) a month.
If you need to monitor multiple domains consider installing the Visualping Chrome web extension. Once installed just click the Visualping button to start monitoring the current page.
Through to its name Visualping may not be able to detect invisible to changes to pages such as modifications of source code. If malware is a concern consider one of the other tools in this guide.
StatusCake is a many-layered treat for webmasters. This British-based site offers a way to check your pages for defacement and downtime from a variety of locations: the project maintains 48 monitoring centers in 28 countries around the world. Many centers support the more recent IPv6 protocol.
This offers subscribers a much more refined experience over simpler competitors. Not only can you adjust the frequency of checks but you can also specify the location from which you want to monitor pages. StatusCake even offers a speed test to show how quickly a page loads when checked.
There is a free package which can perform up to 10 checks at 5-minute intervals. This is fine for hobby bloggers and those with very monolithic websites but business owners can benefit more from a paid subscription. These are very competitively priced compared to other monitoring services. StatusCake's 'superior' subscription, for instance, costs only $ 24 (£17.93) a month for 100 check a day, (roughly 14 minutes).
Regardless of which package you choose, StatusCake includes multiple notification options including email, text message and even push notifications via Android/iOS. This service also works with some party apps such as PagerDuty.
Sucuri began in 2010 under the guiding hand of developer Daniel Cid who envisioned a tool which could give webmasters better insight into the security status of their websites.
It's safe to say that Mr. Cid has been successful. The cloud-based SaaS (Software as a Service) Sucuri works not only as a monitoring platform but contains many tools to help prevent malicious attacks by hackers such as a Firewall, anti-virus and DDoS protection. This may be why Sucuri was acquired by legendary hosting provider GoDaddy in March 2018.
The Sucuri Website Firewall can handle malware prevention through use of a dedicated whitelist, so that only authorised parties can connect to your site. Sucuri also regularly monitors changes to your pages and can display appropriate warnings.
The service also maintains a dedicated incident response team, who work 365 days a year to assist you with restoring your site if anything goes wrong. Subscribers to the 'basic' Sucuri package for $ 199 (£149.46) per year are guaranteed a response within 12 hours to all support requests of this kind. The basic tier also includes features such as the firewall (with support for whitelists and blacklists), continuous scanning for defacement and malware cleanup.
Sadly, there is no free trial for Sucuri, however the main site offers a money back guarantee within 30 days if users aren't satisfied.
OnWebChange is one of the most versatile and useful tools when it comes to defacement protection. Since it was originally developed by Briton Tom Carnell in 2009 the service has exploded and can boast tens of thousands of users. This is due in part to the sophisticated monitoring features. In the first instance, users can select one or more areas to monitor within a web page. This is ideal if you maintain pages with dynamic content.
OnWebChange will notify you each time a change takes place, either via email or via push notifications in Android/iOS. Power Users can also use a HTTP CallBacks with their own login data to adjust website content automatically e.g. to restore a defaced page.
The generous free tier offers subscribers advanced CSS (Page Content Selection) as well as the ability to scan both PDF and plain text files for changes. Free tier users are permitted a maximum of 3 tracked sites a month. Checks are made up to 30 times (roughly once a day).
Premium subscribers such as those who opt for the 'Solo' package for $ 1.40 (£1.05) a month, benefit from advanced features such as unlimited trackers and checks every 30 minutes.
IPVTec was created in 2014 under the supervision of a founding member of cybersecurity firm IPVSecurity who was unhappy with the monitoring solutions available to clients at the time.
Like Sucuri, the monitoring toll IPVmon is cloud-based meaning setup is minimal and you can start monitoring no matter how small the resources of your own network.
The monitor routinely checks for website defacement but also contains a number of other handy features such as verifying your SSL certificates are in date, detecting if pages are unreachable, as well as scanning for malware.
Emphasis has been placed on pro-active searches for anomalies to prevent problems before they occur. This includes actively scanning for domain hijacking and DDoS (Distributed Denial of Service) attacks as well as defacement.
If any irregularities are detected, users are notified with details via text message and email. Messages include a recommended 'call to action' to remedy the issues. IPVTec also has a dedicated dashboard for viewing notifications.
Sadly there is no free version but the IPVTec website offers subscribers a free 30 day trial to accustom themselves to the platforms features. The basic (Pro 5) package costs $ 24 (£17.94) a month and permits monitoring of 5 pages and a single domain.
Image Credit: Wikimedia Commons (Peter Angritt)