In July 2001, the Code Red worm infected over 359,000 hosts which were running a vulnerable implementation of Windows NT. Visitors to compromised websites were greeted with the message: “HELLO! Welcome to http://www.worm.com! Hacked By Chinese!”
Code Red and the phrase “Hacked by Chinese!” have long since passed into internet legend but the danger of website defacement is clear and present. Hackers can target your site at any time, so unless you are viewing a page as its been changed, it’s hard to respond quickly.
In this guide, you’ll discover an elegant solution to the issue of website defacement in the form of the very best security tools on the web today. These automate the task of regularly checking your domains for anomalies and make sure to notify you if any unauthorised changes are detected.
There are options to match all budgets from free services suitable for the occasional blogger to premium platforms for large business owners.
Visualping is a deceptively simple tool which offers powerful protection against website defacement. Users of the website or iOS/Android mobile apps need only enter a URL and their email address to receive regular updates of any changes made.
The tool works by making regular snapshots of the page in question then comparing these on an hourly, daily or weekly basis. It can also be customized to trigger an alert for tiny, medium or significant changes.
Visualping is not designed specifically for website defacement. As the developers’ website mentions, it will work equally well for checking on the release on concert tickets or a new product launch. However its ability to display superposed ‘images’ as well as the fact you can control the frequency Visualping checks for changes means it’s certainly fit for purpose.
The basic free version of Visualping allows you up to 2 free checks per day. Costs vary after this on a very reasonable sliding scale depending on the number of checks required. For instance, to have Visualping check your site 40 times a day (every 36 minutes) would cost just $13 (£9.72) a month.
If you need to monitor multiple domains consider installing the Visualping Chrome web extension. Once installed just click the Visualping button to start monitoring the current page.
Through to its name Visualping may not be able to detect invisible to changes to pages such as modifications of source code. If malware is a concern consider one of the other tools in this guide.
StatusCake is a many-layered treat for webmasters. This British-based site offers a way to check your pages for defacement and downtime from a variety of locations: the project maintains 48 monitoring centers in 28 countries around the world. Many centers support the more recent IPv6 protocol.
This offers subscribers a much more refined experience over simpler competitors. Not only can you adjust the frequency of checks but you can also specify the location from which you want to monitor pages. StatusCake even offers a speed test to show how quickly a page loads when checked.
There is a free package which can perform up to 10 checks at 5-minute intervals. This is fine for hobby bloggers and those with very monolithic websites but business owners can benefit more from a paid subscription.
These are very competitively priced compared to other monitoring services. StatusCake’s ‘superior’ subscription, for instance, costs only $24.49 (£18.50) a month and performs up to 100 checks at 1-minute intervals. You can lower that to $20.41 per month with annual billing.
Regardless of which package you choose, StatusCake includes multiple notification options including email, text message and even push notifications via Android/iOS. This service also works with some party apps such as PagerDuty.
Sucuri began in 2010 under the guiding hand of developer Daniel Cid who envisioned a tool which could give webmasters better insight into the security status of their websites.
It’s safe to say that Mr. Cid has been successful. The cloud-based SaaS (Software as a Service) Sucuri works not only as a monitoring platform but contains many tools to help prevent malicious attacks by hackers such as a Firewall, anti-virus and DDoS protection. This may be why Sucuri was acquired by legendary hosting provider GoDaddy in March 2018.
The Sucuri Website Firewall can handle malware prevention through use of a dedicated whitelist, so that only authorised parties can connect to your site. Sucuri also regularly monitors changes to your pages and can display appropriate warnings. Furthermore, there is a free website malware and security scanner that you can use at sitecheck.sucuri.net.
The service also maintains a dedicated incident response team, who work 365 days a year to assist you with restoring your site if anything goes wrong. Subscribers to the ‘basic’ Sucuri package for $199 (£149.46) per year are guaranteed a response within 12 hours to all support requests of this kind. The basic tier also includes features such as the firewall (with support for whitelists and blacklists), continuous scanning for defacement and malware cleanup.
Sadly, there is no free trial for Sucuri, however the main site offers a money back guarantee within 30 days if users aren’t satisfied.
OnWebChange is one of the most versatile and useful tools when it comes to defacement protection. Since it was originally developed by Briton Tom Carnell in 2009 the service has exploded and can boast tens of thousands of users. This is due in part to the sophisticated monitoring features. In the first instance, users can select one or more areas to monitor within a web page. This is ideal if you maintain pages with dynamic content.
OnWebChange will notify you each time a change takes place, either via email or via push notifications in Android/iOS. Power Users can also use a HTTP CallBacks with their own login data to adjust website content automatically e.g. to restore a defaced page.
The generous free tier offers subscribers advanced CSS (Page Content Selection) as well as the ability to scan both PDF and plain text files for changes. Free tier users are permitted a maximum of 3 tracked sites a month. Checks are made up to 30 times (roughly once a day).
Premium subscribers such as those who opt for the ‘Solo’ package for $1.40 (£1.05) a month, benefit from advanced features such as unlimited trackers and checks every 30 minutes. The highest tier of subscription simply called “Premium”, enables 5 minute tracking with some additional features.
IPVTec was created in 2014 under the supervision of a founding member of cybersecurity firm IPVSecurity who was unhappy with the monitoring solutions available to clients at the time.
Like Sucuri, the monitoring toll IPVmon is cloud-based meaning setup is minimal and you can start monitoring no matter how small the resources of your own network.
The monitor routinely checks for website defacement but also contains a number of other handy features such as verifying your SSL certificates are in date, detecting if pages are unreachable, as well as scanning for malware.
Emphasis has been placed on pro-active searches for anomalies to prevent problems before they occur. This includes actively scanning for domain hijacking and DDoS (Distributed Denial of Service) attacks as well as defacement.
If any irregularities are detected, users are notified with details via text message and email. Messages include a recommended ‘call to action’ to remedy the issues. IPVTec also has a dedicated dashboard for viewing notifications.
Sadly there is no free version but the IPVTec website offers subscribers a free 30 day trial to accustom themselves to the platforms features. The basic (Pro 5) package costs $24 (£17.94) a month ($19 a month annually) and permits monitoring of 5 pages and a single domain.
In the middle ages, the Knights Templar established the key processes for the modern system of notary services, banking, loans, and mortgages that we have today. During that era, Knights carried with them documentation that proved their identity, created by a notary, often embossed with official wax seals.
The importance of these documents was enhanced by a Papal declaration in 1139 that allowed the Knights Templar to pass freely through any border, pay no taxes, and be granted total freedom from every authority other than the Vatican.
Without the documents created by a notary, anyone could impersonate a Knight, and avoid the laws that applied to ordinary citizens throughout the rest of Europe.
And when it comes to the worldwide web today, we can draw a parallel with a similar document of authority: the SSL certificate. SSL Certification (or TLS to be more accurate) is a means to verify the source of web pages, domains, and open the door to information exchanges and electronic financial transactions.
But how do you pick a good SSL provider? Simple – read on and find out. First of all, we’ve got a list of 10 of our favored SSL certificate providers, although everyone’s needs vary, so following our list, we will engage in an in-depth discussion of all the criteria you should consider when picking the right company for you.
We’ve also rounded up the best overall website hosting services
Below are the best SSL certificate providers of 2019 :
Comodo SSL
As a highly affordable provider of SSL services, Comodo SSL has made some significant headway in the past few years.
Much of that success has been the result of very aggressive pricing, with a DV level ‘Positive SSL’ Certification costing just $7.27 (£5.5) currently for four-year coverage.
A ‘Premium’ SSL solution only costs $56.06 (£42.4) for four years. That package includes a fully validated certificate, 256-bit encryption and a $250,000 (£189,000) relying party warranty.
But be warned, validation can take some time if the information required for Comodo SSL to complete the checking process isn’t available online. On the plus side, the company has excellent support people should you have installation or browser issues.
Having operated independently for some years, in 2017, DigiCert has completed an acquisition of Symantec’s website security and related PKI (Public Key Infrastructure) solutions. The motivation for this buyout was that Symantec managed to convince 90% of Fortune 500 companies to pay for the Norton Secured Seal.
These are now DigiCert’s customers, and the company has implemented a plan to transition those using Symantec products on to DigiCert when appropriate.
The starting price for an SSL Certificate is $218 (£172) per year, although you might be able to better that with a two-year deal. A wildcard option, covering unlimited servers and a complete multi-level domain, is $688 (£541) – an enticing prospect.
Based in the US, Entrust has been in business since 1994 and has garnered a reputation as a well-oiled machine for generating certification quickly and smoothly.
Entrust was built around a wide selection of security products: ID card printers, authentication systems, credit card printers and a PKI are all among its product lines.
With so much invested in secure systems, SSL certificates are considered one of its strongest offerings. Customers especially like the ability to manage numerous certificates across multiple domains from a management console.
Prices start at $174 (£130) per year for its Standard SSL single site product, climbing to $609 (£450) for a Wildcard SSL covering unlimited servers and subdomains. From what we’ve seen, most customers seem delighted with the service at all levels, seemingly justifying the extra cost over cheaper options.
GeoTrust was once owned by VeriSign and then Symantec, and due to the sale of the latter operation, it might also be part of DigiCert by now. The business covers three main areas: SSL certificates, Signing Services and SSL for enterprise services.
Those looking for SSL certification will find that GeoTrust offers a comprehensive selection starting with domain-level and progressing up to its True BusinessID with EV level certification.
Pricing is more competitive at the higher end, so those wanting a single site certificate might want to avoid GeoTrust, but those needing EV or OV level products should take a look.
Enterprise solutions specifically tailored to government organizations, healthcare businesses and financial institutions are part of the GeoTrust range. Be prepared for identity checks to take longer than others, but the thoroughness of these checks has enhanced GeoTrust’s status.
Where some operations have a wide client base, GlobalSign is very focused on enterprise customers, especially those who are looking to deploy highly scalable PKI solutions.
By taking this route, an enterprise customer can have all the rules, policies, and procedures for using SSL certificates, and their subsequent creation, distribution and revocation are all handled for them. But if you only want SSL certificates, GlobalSign can do that too.
Having the level of support and organization that GlobalSign delivers doesn’t come cheap, and even for a single site with only DV level certification, prices start at $249 (£189). For those wanting the full EV certification, expect to pay $599 (£455) per year for a single site.
GoDaddy might be better known for its web hosting plans, but it’s also a big provider of SSL services.
Instead of offering DV, OV and EV certification at different prices, they all cost the same relatively low price. The pricing structure is instead based on a single site, multiple sites, or a domain with full subdomain cover.
Currently a single site, (DV, OV or EV level) costs $79.99 (£63.5) per year, and the all level domain solution is only $369.99 (£294) per year. The return on that investment is the best SHA2 and 2048-bit encryption, and the trust seal provided by McAfee Secure.
One quirk of GoDaddy’s offering is that while the fresh installation is relatively cheap, renewal can be more expensive. If you can be organized enough to do fresh installs each year, you can save yourself a little money over simply renewing.
In some respects Network Solutions is a little like GoDaddy, in that they both offer a wide range of web-related services, like domain names and e-commerce solutions, and SSL certification isn’t their sole focus.
What might attract customers is this firm’s pricing, with a base cost that starts at $59.99 (£45.5) with a 2-year term for a single site, rising to $403 (£309) for an EV level certificate that should be issued within five working days.
The weakness of this offering would seem to be the support team, which has been described in less than glowing terms by some customers. So given that, if you understand the details of installing certificates, then this might be for you, but anyone wanting extensive technical support may want to look elsewhere.
RapidSSL is owned by GeoTrust, another SSL provider we’ve already mentioned in this list. The business logic behind this is that whereas GeoTrust focuses on corporate giants, RapidSSL targets smaller businesses that are more cost-sensitive.
For just $17.95 (£13.6) per year, RapidSSL will provide a single domain certificate with 128/256-bit encryption with a browser recognition that exceeds 99%. A wildcard certificate that covers unlimited subdomains is $149 (£113) per year, plus it includes a $10,000 (£7,500) warranty and a 30-day money-back guarantee.
Free support is provided 24/7 by web and email, and installation tools are part of the package at no extra cost. And, even at this low price, the service is built on the same GeoTrust global infrastructure as the corporate customers benefit from.
If the most important metric of this sector is customer approval, then SSL.com is delivering the type of SSL service that wins friends and returning customers. Part of that equation is strong customer services and support teams, and the other element is competitive pricing which values those willing to commit for longer periods than a year.
A single domain level certificate starts at $49 (£36) per year but can be as low as $36.75 (£28) per annum if bought for five years. If you’re a smaller business looking for certification, SSL.com might be a good place to start.
The company is hardly a household name, but Thawte has managed to corral more than 40% of the global market for SSL certificates. So far it has issued nearly a billion certificates in 240 countries worldwide.
What’s helped the firm establish this position is the strength of its offerings, and selling points include impressive browser compatibility, excellent certificate management tools, and up to 256-bit encryption.
For those who need EV level certification, the price is $179 (yearly plan), and that comes with a promise to complete the background checks in one to three days maximum. The success that Thawte has had seems well grounded in a strong combination of customer satisfaction and affordable pricing.
The mechanism of SSL certification has two important functions: authentication and encryption.
As a means to authorize a connection, the SSL certificate holds information about the business, website or person you are connecting to, and is also a means to verify that identity through a third-party.
If you wish to see this in action, look at the URL of this web page in the address bar of your browser, and alongside the text, just on the left, you should see a small green padlock that identifies that this is a secure SSL-certificated site.
Clicking on the padlock will tell you that the connection is secure and allow you to reveal what information the certificate has. That will include the users of the certificate, and the SSL provider that bestowed authorization.
In addition to authority and verification, the SSL certificate also includes a means to encrypt traffic between the user’s computer and the website. Without this encryption, sensitive information like passwords could potentially be compromised by a nefarious party intercepting the data traffic flowing between the client computer and the web server.
The security of this system is underpinned by another independent third-party, the trusted Certificate Authority (CA), which issues the SSL certificate under strict guidelines.
Very much mirroring the phrase ‘my word is my bond’, the support of a CA with an SSL certificate is a declaration of trust in a person, company or website. And the CA is in turn verified by a Root certificate holder, proving that they are trusted to issue certificates and revoke them where necessary.
Should these trusted relationships fail, the SSL certificates become invalid. In that case, anyone visiting a location covered by one such certificate would immediately be warned that it has no valid SSL certificate, and that their connection may no longer be secure.
As you can imagine, the impact that a revoked certificate would have on a live business would be very serious. So it’s vital that you get your SSL certificate from the right source, backed by the most respected CA.
Having inherent trust where identity is concerned is necessary, but having the right level of certification for the business is also very important.
Special relationships
When people talk about SSL certificates, it is easy to assume that they’re all the same. But depending on who authorized them and how diligent the background checks were, they come with different levels of validation.
Here are the four levels of validation most commonly used:
Self-signed. At first glance, the idea of self-signed certificates seems mildly ridiculous, because looking in the mirror and confirming that the reflection is indeed you won’t work at passport control. However, if the purpose of these certificates is to control traffic on an internal corporate intranet, it works well enough, and avoids the browser repeatedly complaining about unsecured web locations.
Domain Validation (DV). The next rung up is the Domain Validated SSL certificate, which is purely a confirmation that the web pages are truly coming from the expected domain and not some other. It says nothing about the person or business in question, just that they own a domain.
Organization Validated (OV). The highest level of validation that an individual can aspire to, and high enough for many businesses. Company credentials and those of the named owners are checked against extensive databases, including those held by local governments.
Extended Validation (EV). The pinnacle of SSL issuance is the fully authenticated SSL certificate, needed for any company that wants to offer their customers secure web locations, email and financial transactions.
While self-signed and domain level certificates have their uses, it’s the OV and EV levels that businesses truly need. Because they prove that a company has domain ownership, a genuine business, and that the certificate was applied for by authorized personnel.
As it’s reasonable to expect, checks of this type take time. Therefore, applying for and being granted an authenticated SSL certificate is not something that can happen five minutes before a new web venture is about to go live.
The other element that separates one SSL certificate from another is the level of encryption that it applies, and exactly how secure that makes it.
Encryption
The model for SSL certificates allows for them to use 128 or 256-bit encryption, should the client’s browser support it. Calculations show that it would take a supercomputer 13.75 billion years to test every permutation of a 128-bit encrypted code.
And, for good measure, the initial handshake is performed using an ultra-secure 2048-bit RSA key. Once past that awkward first date, SSL communication is usually continued with 128, 192 or 256-bit, as without quantum computers these are practically uncrackable, and they put less stress on the computers encrypting and decrypting at either end.
Most providers are offering 256-bit encryption these days, but that’s only valid when the web server, client computer operating system and browser can all operate at that encryption level.
Old operating systems and browsers can force encryption levels to 40 or 56-bit, even if the certificate they’re accessing is capable of 256-bit.
While you can’t entirely control the client end, the minimum requirement for encryption should be 256-bit at the server end, period.
What makes a good SSL purchase?
There is a temptation to make choices entirely based on cost, especially if you have lots of sites to cover or a dynamic business environment.
Poor decisions can have big cost implications, and changing direction once you have a consumer-facing solution isn’t ideal.
The following factors should play a part in picking the right issuance operation for you:
Period of trial – Before anything goes live you’ll want to test it, yes?
Browser compatibility – With so many computers still running Windows 7 and even older releases, working with older browsers is still a major concern.
Issuance timeframe – When deadlines are in play, time can be critical should a new certificate suddenly be needed
Trust level type – The trick is to match the needs of the web location with the level of security and trust needed. If you don’t do financial transactions, then EV level security probably isn’t required. Not all firms offer OV level certificates and some companies try to charge for self-signed, amazingly.
Trust site seal – Providing a recognizable seal that the public can see is an easy way to let your customers know that a site is secure and that their information is safe.
Support of SSL experts – The subtle nuances of SSL and certification can befuddle even the most astute IT people, so having an SSL support team available is critical.
Refund policy – Entering a business relationship assuming it will go sideways isn’t a particularly positive viewpoint, but knowing that your money will come back if needed is a sensible precaution.
Warranty policy – Some CAs cover errors in identification, loss of documents or intentional/accidental errors. These warranties might have implications for those companies that self-insure.
You might also want to check out our hosting guides:
Robot vacuums are always a popular item during Prime Day, and Amazon is giving us a preview of the July shopping event with a coupon offer on the Eufy BoostIQ RoboVac. You can get the best-selling robot vacuum on sale for $173.99 by checking the coupon box just underneath the price at Amazon (no code required). That’s a $50 discount and the best price we’ve seen for the robotic vacuum cleaner.
The Eufy BoostIQ RoboVac features a new slim design so it can easily glide under furniture and uses drop-sensing technology to avoid falling down stairs and off ledges. The robot vacuum provides an increased suction power at 1300Pa and uses BoostIQ technology to work harder when extra vacuuming strength is needed. The Eufy features multiple cleaning modes and offers auto-clean scheduling so your floors will be cleaned even when you’re not home. The robovac also automatically returns to the charging base when power is low.
Like we mentioned above, this is the best price we’ve seen for the Eufy RoboVac and a fantastic deal for a robot vacuum. The iRobot Roomba is currently on sale for $279, which make the $173 price tag on the Eufy extremely appealing. The discount is a limited time offer, and you must apply the coupon to see the additional savings at checkout.
Pre-Prime Day Robot Vacuum deals:
See more Amazon deals with out guide to Amazon Prime Day 2019: everything you need to know about the 48-hour sale.
Sony may have taken a rain check at E3 2019, but PlayStation 4 is the only place you’ll be able to play the Game of the Show – at least initially, anyway. Final Fantasy VII Remake unsurprisingly swept the Games Critics Awards, waltzing away with Best of Show, Best Console Game, and Best RPG. It’s perhaps worth mentioning that in order to be eligible, titles had to be playable by the press – hence why Cyberpunk 2077 only nabbed a Special Commendation for Graphics.
Other winners worthy of note included The Outer Worlds for Best Original Game, DOOM Eternal for Best Action Game, and Watch Dogs Legion for Best Action/Adventure Game. We’ve included the full list of victors below.
Years after Sony dubbed the service “bad value”, EA Access will finally arrive on the PlayStation 4 from 24th July. As is the case already on the Xbox One, the premium subscription service will unlock various incentives, including trials, discounts, and admission to a vault of software from the behemoth publisher’s archives.
Titles set to be available when the membership debuts include Battlefield V, FIFA 19, A Way Out, and The Sims 4 – relatively new releases, then. Prices will range from £3.99/$4.99 per month, or £19.99/$29.99 per year. Relatively affordable, after all – and not quite the rip-off that the Japanese giant once described.
Starting at 2:00 p.m. PST today, members of the Xbox One Preview Beta Ring will begin receiving the latest 1907 Xbox One system update (Build: 19H1_RELEASE_XBOX_DEV_190718362.5039.190621-1520).
DETAILS:
OS version released: 19H1_RELEASE_XBOX_DEV_190718362.5039.190621-1520
Available: 2:00PM PDT 6/26/19
Mandatory Date/Time: 3:00 AM PDT 6/27/19
Fixes:
System
Stability fixes to the system.
Various Localization fixes.
My Games and Apps
Performance fixes to My Games and Apps.
Known Issues:
Audio
Headsets are not being assigned to the users profiles and not working correctly.
Profile Color
Sometimes users may encounter the incorrect Profile color when powering on the console.
Starting at 2:00 p.m. PST today, members of the Xbox One Preview Alpha Ring will begin receiving the latest 1907 Xbox One system update (Build: 19H1_RELEASE_XBOX_DEV_190718362.5042.190624-1923).
DETAILS:
OS version released: 19H1_RELEASE_XBOX_DEV_190718362.5042.190624-1923
Available: 2:00PM PDT 6/26/19
Mandatory Date/Time: 3:00 AM PDT 6/27/19
Fixes:
System
Stability fixes to the system.
Various Localization fixes.
Known Issues:
Profile Color
Sometimes users may encounter the incorrect Profile color when powering on the console.
Watch Dogs Legion has sounded ambitious from the word go, and the more we hear about it, the crazier and crazier it sounds. As you may already know, the game lets you play as loads of different characters, all of them randomly generated to some degree. Each and every character comes with their own strengths, weaknesses, name, and appearance. The system was shown off quite well during the title’s E3 2019 gameplay demo.
Gran Turismo Sport’s next big update will leave the workshop 27th June, but there’s no mention of the recently teased wet weather conditions in the big 1.40 patch. Instead, there’ll be six new circuits, all based upon the Sardegna Road Track. This is located in roughly the same area as the existing Sardegna Windmills Rally Track, but is obviously all set on asphalt.
In addition to the track, there’ll be five new cars available, as listed below:
Fresh from inspiring a series of articles about sports bras, Final Fantasy VII Remake’s re-envisioning of Tifa Lockhart will join fighting game mash-up Dissidia Final Fantasy NT from 3rd July on the PlayStation 4. She’ll be added to the arcade version this week, so you can get an early look if you happen to have a couple of quarters knocking about. Or any nearby arcades, for that matter.
You can catch her and her ridiculously glossy lips in action courtesy of the video embedded above.
