WebTrap

WebTrap works by using JavaScript that sends you a notification whenever your website is copied and hosted somewhere else. Why would a hacker ever do this? For money, of course! This is usually the first step in a phishing campaign, so it’s good thing to know. Hackers also do this to look for weak security on your site.

To make this work, you create the HackTrap and embed it into your webpage. When the webpage is loaded in the browser, the JavaScript is run, and part of it’s routine verifies that the URL resolves to .mydomain.com. If your website was cloned and hosted somewhere else, it would resolve to clonedhackersite.com, at which time the WatchPoint alert would be triggered.

For extra sneakiness, you can use an obfuscator to scramble the JavaScript before placing it on your page. This will make it more difficult for a hacker to detect. Be sure to setup a cname record on your public DNS server, as you will need to use the domain name of your site, and not watchpointdata.com. Here is a sample JavaScript:

if (document.domain != “watchpointdata.com”) { var l = location.href; var r = document.referrer; var m = new Image(); m.src = “http://watchpointdata.com/288s4fjy3li3yv7ep6ev79f4s.jpg?l=” + encodeURI(l) + “&r=” + encodeURI(r); }

For additional recommended reading, please visit our Need to Know page.