How long would it take you to notice that your website has been compromised?

My last post concerning mass sql hacks of websites shows what can happen if your website is distributing malware and you don’t act fast enough. In that post, I also mentioned it might be a good idea to have some sort of self-checking mechanism integrated in your CMS which would alert you if unauthorized changes were made. While I still think that’s a good idea, there’s a much easier and faster option when it comes to small, rather static websites: change detection services!

Here’s a few I found through search engines, a blog post from 2005 by Marshall Kirkpatrick and an article in c’t magazine 4/2008 (page 170):

ChangeAlarm – free, typically checks for updates once per day

ChangeDetect – free and paid membership options

ChangeDetection – free, typically checks for updates once per day, does not detect changes in HTML tags

InfoMinder – no free membership, 30 day trial available

TheWebWatcher – free for personal use, monitoring intervals starting from 1h

TracerLock – no free membership, max 20 URLs, 4 US$/month

TrackEngine – free, 19,95 US$/year for 10 “bookmarks”, 4,95 US$/month for 50 “bookmarks”, possibly includes more frequent updates for paid services

WatchThatPage – free, priority accounts available for donation of US$ 20/year. Fastest update: once per day. There seems to be no limit on the number of pages you can watch. Pages can be organized in folders. Simple keyword filtering available. Refuses to watch pages with badly mangled HTML.

Yes, I know, most of these sites scream “web 1.0” at you and – ironically – seem to be averse to change themselves (the latest news on TrackEngine are from December 2001, Merry Christmas!). They won’t really help if you’re in charge of large websites with thousands of pages. However, they might be appropriate for small websites, like this one which has been displaying “OwNed By un alien …” for months on the “liens” and “evenements” pages.

I’ll update this post after trying out some of these services (you can subscribe to my RSS feed here 😉 ). Please note there’s also tons of change detection software (running locally on your computer) which I’m not covering here.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.