Customer Self-Service Portal
            Knowledge Base Site24x7 Knowledge Base Website and Internet Services Internet Services Monitoring

            How to leverage the feature "Accepted HTTP Status Codes" to track the activity of a dormant phishing website?

            Use Case:
            You're responsible for the operation of your financial service website. Of late, you've noticed many phishing websites on the internet trying to trick your customers into entering their login credentials and other crucial information. Due to stern actions at your end, these websites have now been pulled out of operation. Although dormant, you now want to constantly monitor these URLs for their activity. How do you ensure these spoof websites never turn up again and cause any more harm to your business?

            By specifying the accepted HTTP Status codes in your Website Monitor, you can easily manipulate your monitor settings and closely watch the activity of these spoof websites. This feature is also available on the REST API Monitor, SOAP Monitor, Web Page Speed (Browser) monitor. As a first step, log into Site24x7 and create Website monitors for individual URLs. It will allow you to track the activity of these URLs.

            • Since the URLs are inactive, the status of the monitor will be DOWN, by default.
            • The assumption is that whenever the status of a monitor changes to UP, the URL might have turned active again.

            How to check whether the monitor turns active?
            • In the Add Monitor Configuration form > HTTP configuration settings, specify the HTTP status code(s)/range of status codes, that must be passed as a successful response.
            • Since the spoof URLs have been inactive in our case, you can pass the HTTP conditions, such as 400:451 or even specify any comma separated error codes.
            • Once your monitor setup has been completed, you must save the monitor to initiate data collection.
            • As the expected response is a 4XX client error, the monitor will always be deemed as UP during data collection.

            • During the monitoring, if you receive start receiving an HTTP 200 code, instead of the 4XX code, then your monitor's status will automatically change DOWN and you will be alerted to the issue.

            • If you check the log report or outage report of the monitor, you can further drill down and find the actual activity of the URL.

            Updated: 29 Jan 2018 07:27 PM
            Help us to make this article better
            0 0