HTTP and SSL

Due to this being a PHP plugin effectively it works with both HTTP connections and those using SSL, giving users peace of mind knowing their personal and private data is encrypted. This does not impact your websites encryption setting and both can be used independently of the other.

Attack matching engine

Using a completely custom attack matching engine you know you have bleeding edge detection. We are constantly working to improve this, analyzing attack trends and detecting them accordingly. We aim to reduce false-positives & false-negatives as much as we can, reducing latency and keeping this service as transparent as possible.

Low latency

Increasing internet speed matters, as is transparency, the quicker and less noticeable the service the better (with increased effectiveness of course) as such we focus on keeping thinks as quick as we can, making PHP as optimized as possible and using technologies such as: CloudFlare, yui compressor, jpegtran, optipng & htmlcompressor.

Real time

Attacks are detected and displayed as quick as possible (using AJAX) the quicker attacks are detected the quicker they can be mitigated against. Leave this website open in a tab, check the favicon every now and then - it will change when an attack has been detected that you haven't viewed. otherwise you can watch them as they come in!

AJAX

Unlike most other WAF's/IDS's which only protect static web pages and scripts we protect as much as possible, including AJAX content, whether you are using Jquery or custom scripts.

Ease of setup

There is no need to change CNAME records, no need to update DNS settings, no need for nameserver changes, no complicated scripts to install and no server setup or configuration needed. In fact there are no changes you need to make to your website whatsoever, simply upload a single file and you will be protected, complete with customization.

Domain records

We log and report on DNS record changes daily, making sure you have an up to date view of what usualy goes un-noticed. This will ensure your domain name (eg. www.checkattacks.com) is always pointing to the correct location and displaying your website accordingly.

Attacker view

Run the attacks the hackers tried on your website using the same details at them, effectively mimicking the attacker, showing you what they saw and whether it was successful or not. This will show weather the exploit is indeed something that needs to be patched or just a failed attempt.

Reports

Monthly reports are emailed to all customers with details of what attacks we have detected, showing you what the most attacked pages are and what the common attack vectors on your site are - giving you an edge on other similar websites.

Multiple websites

With most companies owning more than one domain or website the need to protect more than one asset is increasing, using this you can protect them all and have details all in one place, simplifying things a lot.

Standards compliance

Due to the very nature of internet transactions it is important for people to be compliant with data protection regulations. Using this service on your website will greatly increase this, rather than having to hire a security contractor or some expensive external service you can easily print and use our report as needed. We secure as best as we can against the OWASP top 10 threats and comply with PCI DSS (PCI 6.6)