As RapidSpike’s Attack Detection runs it monitors whenever your configured websites send data to a new destination. These hosts are then recorded – if we recognise them (e.g. Google or Facebook), we can automatically flag them as safe. Occasionally we may run into a host we do not recognise, these hosts are flagged as “Untrusted”.
If you know this host you can approve them and this alert will disappear, if you don’t they could be malicious. This is a key aspect to our Magecart Attack Detection service, so it’s important you know who to trust.
To view which third party triggered the “untrusted host” alert, log in to RapidSpike and click “Client-Side Security” in the main menu.
Then click “Untrusted List”
Listed on this page will be all “untrusted” hosts we have detected. “Untrusted” simply means that they are unknown – they are not already part of RapidSpike’s safelist of pre-trusted hosts, and you have not safelisted them in your account.
To decide whether to approve or alert us to these hosts, ask yourself 3 questions:
- Who are they?
- What do they do?
- What are they doing on my website?
If you know the answers to these questions, click trust and they will be safelisted. If you’re not sure, then it is important to research the host to identify it. We have provided a few options to help you.
- Discuss the host internally with your development team. Does anyone know where the host has come from, or what tool it relates to?
- Click the WHOIS button.
This takes you to whois.com, where you can find out more information about the host domain registration, which may help you understand what company owns it.
3. Click the OTX button. OTX is the AlienVault Open Threat Exchange, a database of known malicious hosts.
4. Click the VirusTotal button. VirusTotal analyses suspicious code for malware and provides a database of known threats.
If you have researched a host and it seems suspicious get in touch with your account manager at RapidSpike or contact us via the support channels and we’ll be able to assist.