How to leverage the feature "Accepted HTTP Status Codes" to track the activity of a dormant phishing website?
Use Case:
You're responsible for the operation of your financial service website. Of late, you've noticed many phishing websites on the internet trying to trick your customers into entering their login credentials and other crucial information. Due to stern actions at your end, these websites have now been pulled out of operation. Although dormant, you now want to constantly monitor these URLs for their activity. How do you ensure these spoof websites never turn up again and cause any more harm to your business?
Solution:
By specifying the accepted HTTP Status codes in your Website Monitor, you can easily manipulate your monitor settings and closely watch the activity of these spoof websites. This feature is also available
on the REST API Monitor, SOAP Monitor, Web Page Speed (Browser) monitor. As a first step, log into Site24x7 and
create Website monitors for individual URLs. It will allow you to track the activity of these URLs.
Caveats:
Since the URLs are inactive, the status of the monitor will be DOWN, by default.
The assumption is that whenever the status of a monitor changes to UP, the URL might have turned active again.
How to check whether the monitor turns active?
In the Add Monitor Configuration form > HTTP configuration settings, specify the HTTP status code(s)/range of status codes, that must be passed as a successful response.
Since the spoof URLs have been inactive in our case, you can pass the HTTP conditions, such as 400:451 or even specify any comma separated error codes.
Once your monitor setup has been completed, you must save the monitor to initiate data collection.
As the expected response is a 4XX client error, the monitor will always be deemed as UP during data collection.
During the monitoring, if you receive start receiving an HTTP 200 code, instead of the 4XX code, then your monitor's status will automatically change DOWN and you will be alerted to the issue.
If you check the log report or outage report of the monitor, you can further drill down and find the actual activity of the URL.
Related Articles
Common HTTP response codes and their definitions
HTTP Error Codes: Error codes will help you identify the reason why your website is reported 'down' by Site24x7. Below table gives a fair idea about different HTTP error codes, corresponding reason and World Wide Web Consortium definitions for each ...
Possible reasons for website unavailability
Site24x7 monitors the availability of your website by sending an HTTP request to the webserver and checks the status code of the returned response. A 200 OK success response indicates that the website is available. We will consider a website as ...
How to configure the NGINX status page for monitoring NGINX performance
The NGINX plugin uses the NGINX status page to pull the performance metrics of the NGINX server. You may encounter the following errors while installing the NGINX plugin integration: Error_code : HTTP Error 404: This error usually indicates that the ...
Setting up a website monitor w.r.t content match and HTTP configuration
Regarding the website defacement (content match) configuration, you can set keyword checks to find the existence and non-existence of keywords in your HTML response. As far as the HTTP configurations are concerned, we support HEAD, GET, and POST ...
How to exclude HTTP errors from monitoring
Common HTTP errors can be ignored from being tracked to reduce the noise in your monitoring environment. To ignore such HTTP errors, please follow the instructions given below. Log into your Site24x7 account>APM Insight Your application> Edit agent ...