Minimize incident time with Sucuri automated scans.
Our scanning feature is a solution developed to intelligently crawl and identify infections across any platform. The scanner leverages internal definitions that are refined daily, external sources, and intelligence to identify both potentially harmful signatures and anomalies that may not be known. This scanner powers Sucuri SiteCheck, our popular free website scanner, and our internal monitoring service.
Every plan includes a number of monitoring options, each of which provides a slew of information that helps to determine malicious activity.
Malware
On by default for all clients, this option leverages our scanning service to identify all types of malware, SPAM injections, website errors, disabled sites, database connection issues and code anomalies that require special attention.
Our scanner is highly sophisticated and designed to identify a number of different malware types. They include:
- Obfuscated JavaScript injections
- Cross Site Scripting (XSS)
- Website Defacements
- Hidden & Malicious iFrames
- PHP Mailers
- Phishing Attempts
- Malicious Redirects
- Backdoors (e.g., C99, R57, Webshells)
- Anomalies
- Drive-by-Downloads
- IP Cloaking
- Social Engineering Attacks
Our monitoring services comprises:
Blacklisting
This option is also set by default for all users. We recommend that it is left active. There are a number of blacklisting authorities that monitor for malware, SPAM, and phishing attempts. Our blacklisting option leverages the APIs for these authorities:
- Sucuri
- Google Safe Browsing
- Norton
- AVG
- Phish Tank (Phishing Specifically)
- McAfee SiteAdvisor
WHOIS
Whois is an internet directory that provides information on who owns a domain. It is regulated and monitored by the Internet Corporation for Assigned Names and Numbers (ICANN) which is responsible for registration of all domains. This record contains information about the Registrant (the person who owns the domain), the Registrar (the entity that registered the domain), the dates, nameservers and other similar, and important, information.
If at any time the information changes you will be notified.
Domain Name System (DNS)
DNS is a protocol used by all computers to intelligently communicate with each other, it’s part of the TCP/IP protocol suite. Its specific function is to turn a website’s name (somesite.com, for example) into an internet protocol (IP) address like 123.45.567.891. The name provided by DNS is what we use as humans to read the site name, the IP is what the computers use to communicate.
This monitoring option will monitor the IP address and associated DNS information of your domain for any changes. It’s rare for it to change, but if it does we will notify you.
SSL Certification
If you are using Secure Socket Layer (SSL), a secure protocol to transmit over HTTP securely, you are most likely using a SSL certificate. The SSL certificate is returned to a visitor of your site upon HTTPS request. This certificate often contains your site information and, in some instances, company information.
If using a SSL certificate this option allows you to ensure it doesn’t change unexpectedly, if it does a notification will be sent.
Website Change
This service creates a snapshot of your site and if a change is made you will be notified. Changes that this service track include:
- New Posts
- New Pages
- Content Changes
- Social Media Changes (Tweets, Likes, etc..)
- Threaded Messages / Comments
This option is best used with static pages as it can generate a high volume of email notifications.
Server-side Scanning
This monitoring option has to be configured separately and will traverse all files on the server.
It’s designed to look for all malware types and includes a more robust detection mechanism for backdoors. The feature was designed to compliment existing scanning capabilities, improving accuracy and site reputations.
