Monitoring whether your websites are available, and that everything is up and running is really useful. Getting an alert if there is an issue means you can be ready to take the necessary steps to resolve the problem.You can check if your site is available all around the world and if all the services like MySQL, FTP, DNS or REST API are up and running on the server. (e.g.: site24/7, Alerta)
There are plenty of tools to use for monitoring purposes. A good number of them are free and you don’t even have to register to use them, which is really nice and convenient. However, these free solutions might hide a huge security risk. So, checking the service with your sysadmin and / or hosting provider is a must before using it.
If there is any firewall in front of the server then these monitoring tools might give false warnings about your sites not being available, but when you check the website, it is up and running. This means that the firewall is blocking the IP address of the monitoring service.
Well then, let’s whitelist the IP addresses! Right?Not really.Whitelisting these website checking, and monitoring, solutions could resolve this issue, but it would create a huge gap in the server’s defenses if done without evaluating the security risks. As requests from a whitelisted IP bypass the firewall, if the monitoring or site checking solution is not secure almost any request or scan can be launched from it.
On the screenshot above you can see that this checking solution simply accepted the parameters I added. There is no need for registration or even solving a captcha, and all this can be done by a bot too. The site checker can be also used to scan popular ports to see if they are open, thus exposing services running on the server. For example, check-host.net and uptrends’ free demo also allow parameters in the URL field.
Make sure the whitelisted monitoring service cannot be used to harm your server or your websites or to expose sensitive information about your server. We only recommend the whitelisting of a monitoring service if you are certain that the monitoring solution you wish to use cannot be exploited by hackers.
Indicators of a secure monitoring tool:
Start the 7-day free trial with full functionality without spending a cent.
After the “Hello, Peppa!” zero-day botnet, our Attack Vector Miner detected another zero-day...
At the end of the last year, we made...