Improved defacement detection

The first version of defacement detection didn't detect everything it should. The next version was a bit to trigger happy, but the third one that is rolled out now is much better. Alerts will appear on your timeline.

I'll let it run for a while and then put proper alerts in the alert library. I'm also thinking of creating a defacement and changes report that shows all websites with major changes and possible indications of defacement.

Again, more software detection rules

The current update fixes some bugs and adds more software detection rules. Some are additions to existing rules, but most are detection rules for software appearing as HTTP(S) on odd ports. Since the odd HTTP(S) ports were added we found quite some new stuff to detect.

A significant update is that phishy urls that redirect to one of your assets are now also scored as no risk (0). Previously this was only the case for redirects to the original domain.

Support for website scans on odd ports

If you have a host with a website running on a non-standard port (so not 80 or 443) our scanner nodes will now automatically add it to the websites index and run website scans on it. The big advantage here is that all the security checks and software detection rules for normal websites will now also be run on the non-standard port.

The open ports overview on the host page will show a link to the website scan results. Please note that the new code has just gone live and the new software detections will not yet show up in this week's weekly report. They will appear next week.

If you want, you can add a website on a non standard port to assets yourself. Just put the port number behind it in the add assets window like this 176.58.122.230:8008