URL Defacement Status Test
Web/URL defacement is a cyberattack in which hackers gain unauthorized access to a website and replace content on the site with their own messages, often malicious or defamatory messages. These messages display inappropriate/irrelevant content that would embarrass website owners, or a notice that the website has been hacked by a specific hacker group. Unauthorized access, SQL injection, Cross-site scripting (XSS), DNS hijacking and Malware infection paves a way to attackers to modify the files or contents of the website without proper permissions. If the defacement attacks are not quickly detected and resolved at the earliest, individuals, organizations, government agencies, and brands hosting the websites will loss their reputation, revenue and credibility. To restore the website with minimal damage and offer secure experience to users visiting the website, administrators should continuously monitor the websites and quickly detect the malicious content before it causes serious reputational and revenue damages. The URL Defacement Status test can help administrators in this regard!
This test continuously monitors the configured URL/web site and reports the count and percentage of changes made on the links, images, iframes, scripts and words on the web site. Detailed diagnosis reported by this test lists the links, images, iframes, scripts and words that were added to or removed from the web page. This helps administrators to quickly find out whether the unauthorized attackers inserted unknown external links/images/scripts/iframes/words on the web page.
This test is disabled by default. To enable the test, go to the enable / disable tests page using the menu sequence : Agents -> Tests -> Enable/Disable, pick the desired Component type, set Performance as the Test type, choose the test from the disabled tests list, and click on the < button to move the test to the ENABLED TESTS list. Finally, click the Update button.
Target of the test : A host server
Agent deploying the test : An external agent
Output of the test : One set of results for the target web server hosting web applications/services
| Parameter | Description |
|---|---|
|
Test Period |
How often should the test be executed. |
|
Host |
Specify the IP address of the target host in this text box. |
|
Port |
Enter the port number to which the specified host listens. |
|
Web Page |
Specify the URL of the web page that is to be monitored. |
|
Links Defacement Limit Percent |
By default, this parameter is set to 20 percentage. This indicates that, by default, this test will report 'Yes' as the value for the Links defacement status measure when the value of the Percentage of Link changes measure is greater than the value specified against this parameter. If required, you can override this default setting by changing the value of this parameter. |
|
Images Defacement Limit Percent |
By default, this parameter is set to 20 percentage. This indicates that, by default, this test will report 'Yes' as the value for the Images defacement status measure when the value of the Percentage of image changes measure is greater than the value specified against this parameter. If required, you can override this default setting by changing the value of this parameter. |
|
IFrames Defacement Limit Percent |
By default, this parameter is set to 20 percentage. This indicates that, by default, this test will report 'Yes' as the value for the Iframes defacement status measure when the value of the Percentage of Iframes changes measure is greater than or equal to the value specified against this parameter. If required, you can override this default setting by changing the value of this parameter. |
|
Scripts Defacement Limit Percent |
By default, this parameter is set to 20 percentage. This indicates that, by default, this test will report 'Yes' as the value for the Scripts defacement status measure when the value of the Percentage of script changes measure is greater than the value specified against this parameter. If required, you can override this default setting by changing the value of this parameter. |
|
Words Defacement Limit Percent |
By default, this parameter is set to 20 percentage. This indicates that, by default, this test will report 'Yes' as the value for the Words defacement status measure when the value of the Percentage of word count changes measure is greater than the value specified against this parameter. If required, you can override this default setting by changing the value of this parameter. |
|
CookieFile |
Indicate whether any cookies being returned by the web server need to be saved locally and returned with subsequent requests against this parameter. |
|
Proxy Host |
Provide the host on which a web proxy server is running (in case a proxy server is to be used). |
|
Proxy Port |
Specify the port number on which the web proxy server is listening. |
|
Proxy user name and Proxy password |
If the proxy server requires authentication, then, specify a valid proxy user name and password in the Proxy user name and Proxy password parameters, respectively. By default, these parameters are set to none , indicating that the proxy sever does not require authentication by default. |
|
Confirm password |
Confirm the Proxy password by retyping it here. |
|
Username, Password and Confirm password |
In some highly secure environments, the web pages are authentication enabled and can only be accessed by authorized users. In such environments, to run this test, administrators should configure the credentials for an authorized user against the Username and Password parameters. Confirm the password by retyping it here. By default, these parameters are set to none. |
|
DD Frequency |
Refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 1:1. This indicates that, by default, detailed measures will be generated every time this test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD frequency. |
|
Detailed Diagnosis |
To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option. The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:
|
| Measurement | Description | Measurement Unit | Interpretation | ||||||
|---|---|---|---|---|---|---|---|---|---|
|
Links |
Indicates the total number of links on the configured web site. |
Number |
|
||||||
|
Link changes |
Indicates the number of times that the links on the web site have been changed. |
Number |
|
||||||
|
Percentage of Link changes |
Indicates the percentage of links that were modified during the last measurement period. |
Percent |
A high value for this measure is a cause for concern. The detailed diagnosis reported by this measure reveals the list of links that were added to or removed from the web page. |
||||||
|
Links defacement status |
Indicates the current defacement status of the links on the web site. |
|
The values reported by this measure and its numeric equivalents are mentioned in the table below:
Note: By default, this measure reports the Measure Values listed in the table above to indicate the current defacement status of links. The graph of this measure however, is represented using the numeric equivalents only - 0 and 1. The detailed diagnosis reported by this measure reveals the list of links that were added to or removed from the web page. |
||||||
|
Images |
Indicates the total number of images on the configured web site. |
Number |
|
||||||
|
Image changes |
Indicates the number of times that the images on the web site have been changed. |
Number |
|
||||||
|
Percentage of image changes |
Indicates the percentage of image that were modified during the last measurement period. |
Percent |
A high value for this measure is a cause for concern. The detailed diagnosis reported by this measure reveals the list of images that were added to or removed from the web page. |
||||||
|
Images defacement status |
Indicates the current defacement status of the images on the web site. |
|
The values reported by this measure and its numeric equivalents are mentioned in the table below:
Note: By default, this measure reports the Measure Values listed in the table above to indicate the current defacement status of images. The graph of this measure however, is represented using the numeric equivalents only - 0 and 1. The detailed diagnosis reported by this measure reveals the list of images that were added to or removed from the web page. |
||||||
|
Iframes |
Indicates the total number of iframes on the configured web site. |
Number |
|
||||||
|
Iframe changes |
Indicates the number of times that the iframes on the web site have been changed. |
Number |
|
||||||
|
Percentage of Iframe changes |
Indicates the percentage of iframes that were modified during the last measurement period. |
Percent |
A high value for this measure is a cause for concern. The detailed diagnosis reported by this measure reveals the list of iframes that were added to or removed from the web page. |
||||||
|
Iframes defacement status |
Indicates the current defacement status of the iframes on the web site. |
|
The values reported by this measure and its numeric equivalents are mentioned in the table below:
Note: By default, this measure reports the Measure Values listed in the table above to indicate the current defacement status of iframes. The graph of this measure however, is represented using the numeric equivalents only - 0 and 1. The detailed diagnosis reported by this measure reveals the list of iframes that were added to or removed from the web page. |
||||||
|
Scripts |
Indicates the total number of scripts on the configured web site. |
Number |
|
||||||
|
Script changes |
Indicates the number of scripts that were modified during the last measurement period. |
Number |
|
||||||
|
Percentage of script changes |
Indicates the percentage of links that were modified during the last measurement period. |
Percent |
A high value for this measure is a cause for concern. The detailed diagnosis reported by this measure reveals the list of scripts that were added to or removed from the web page. |
||||||
|
Scripts defacement status |
Indicates the current defacement status of the links on the web site. |
|
The values reported by this measure and its numeric equivalents are mentioned in the table below:
Note: By default, this measure reports the Measure Values listed in the table above to indicate the current defacement status of scripts. The graph of this measure however, is represented using the numeric equivalents only - 0 and 1. The detailed diagnosis reported by this measure reveals the list of scripts that were added to or removed from the web page. |
||||||
|
Words |
Indicates the total number of words on the configured web site. |
Number |
|
||||||
|
Words changes |
Indicates the number of times that the words on the web site have been changed. |
Number |
|
||||||
|
Percentage of word count changes |
Indicates the percentage of words that were modified during the last measurement period. |
Percent |
A high value for this measure is a cause for concern. |
||||||
|
Words defacement status |
Indicates the current defacement status of the links on the web site. |
|
The values reported by this measure and its numeric equivalents are mentioned in the table below:
Note: By default, this measure reports the Measure Values listed in the table above to indicate the current defacement status of words. The graph of this measure however, is represented using the numeric equivalents only - 0 and 1. |
