Help Docs

Performance Metrics of Website Defacement Monitor

Interpret Website Defacement Monitoring Results

Website defacement monitor periodically checks for the integrity of your website by detecting any modification of the content or critical elements in your website. Once the monitor is setup and monitor starts polling your web page, the monitoring engine will record any web tampering that was detected. To view the detailed results on the defacement history, navigate to Web and click the desired website defacement monitor. The main dashboard has a custom status banner, where monitors are arranged as per the operational status and state. You can also view the number of operational monitors and alert credits remaining in your account. By clicking the "+ Buy More" button, you can purchase additional monitors and alert credits. Pick your relevant website defacement monitor from the list and click the relevant row to view further details. You can share the monitor details via an email. Email can be sent to only those verified users who have agreed to receive emails from Site24x7.

Site24x7 uses the following user agent to render the web page:

Mozilla/5.0 (Unknown; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) HLB/1.247

The recorded data will be further segregated under Summary dashboard, Inventory, Defacement History, and Defacement details.

Website Defacement Monitor checks for:

  • Text Defacement - Identify any content changes with respect to the visible content in the rendered website page.
  • Text Modified Percentage - Identify the percentage change in content against the base DOM content and alerts based on this.
  • Script Modified PercentageIdentify the percentage change in script against the base DOM view.
  • Script Defacement - Identify changes with respect to the scripts embedded and detect any 'src' attribute change for the external script.
  • Image Defacement - Identify 'src' attribute changes with respect to the images present in the website page. Alerts only if there is any image displayed from the domain other than the original domain in the DOM.
  • Anchor Defacement - Identify 'href' attribute changes in the anchor links present in the website page. Alerts only if there is a link to a new domain other than the original domain in the DOM.
  • Iframe Defacement - Identify 'src' attribute changes in the iframe element and notify if there is a change in the domain name in the configured URL.
  • Link Defacement - Identify 'href' attribute changes in the link element of the website page.

Summary Dashboard

Current Page Status

The website defacement monitoring engine detects web page tampering based on your baselined DOM. Real time status regarding all the recorded parameters are listed in a single shot. You can retrieve custom status for your monitor for a selected time duration. For individual web pages, you can view the page size, element defacement status, script percentage modified, text defacement status, text percentage modified, and the actual reason for the element defacement

Website Defacement Monitor is associated with two separate status; namely, "Changed" or "Defaced"During a website poll, if the web page is detected as defaced, the monitor's status will be identified as "Changed" and monitor will appear in trouble status. The polled version will automatically overwrite the baselined version.

If you find that the web page has been vandalized by an external agent without your knowledge, you can instantly click the "Mark the page as defaced" link to revert to the previously baselined version. The page will be identified as "Defaced" in this case and monitor's status changes to down. You can click "ignore this change" if you've made this change intentionally at your end. If due to some reason, the defaced version was not attended for an hour, the content will then be automatically updated. 

Defacement History

You can view the defacement history for your monitor. Exact reason about the trouble status can be obtained.

Downtime RCA Report

In the Defacement History section, on clicking the hamburger icon against your outage, you can view the Downtime RCA Report. The Downtime RCA report offers detailed insights on the exact reasons behind an outage. Also, it allows you to identify all the defaced elements and modified content. You can also use the Time filter to extract the RCA details for the specified time span.



This section captures the basic monitor information and also its various configuration settings including polling locations, poll interval, licensing type, and more. You can additionally collaborate on a monitor by adding note.

Defacement Details:

If the monitoring engine identifies a web page as tampered, it records the details about all the tampered elements. The recorded data can be accessed by selecting the relevant web page in the summary dashboard. Defacement details gives you the exact defacement stats, which includes the Page Name, URL, Page Size, Defaced elements. Any defaced element is identified by  , whereas any untampered element will be identified by a . Additionally, you can also view the new or modified text/element value that was inserted.

Was this document helpful?

Would you like to help us improve our documents? Tell us what you think we could do better.

We're sorry to hear that you're not satisfied with the document. We'd love to learn what we could do to improve the experience.

Thanks for taking the time to share your feedback. We'll use your feedback to improve our online help resources.

Shortlink has been copied!