Protection Against All The
Current Threats

  1. Malware Attacks Scan
  2. Reputation Check

The Perfect Port In All Future Web Security Storms

  1. In-Depth Monitoring
  2. 24/7 Incident Monitoring & Response
 

Why Choose bodHOST VTMScan?

bodHOST VTMScan provides an exuberant delivery experience to the users and their websites as well as their web applications. With VTMScan, you can protect your online presence at all points of time.

 
vtm

In web security, it has now become important to understand the meaning of prevention. bodHOST VTMScan helps you provide a deep scanning solution that are backed by instant alerts.

Fully Compatible with all Platforms and Content Management Systems (CMS)
  1. WordPress
  2. Joomla
  3. Drupal
  4. VBulletin_logo

Be at comfort when you leverage your protection.

Get assistance with -

Our passionate team provides you with
  1. Faster responses
  2. Dedicated and proactive team
  3. Thorough Scanning
  4. Through and thorough solution
  5. Advanced Security
  6. Enhanced UX
  7. Advanced and Secured Application Protection

Leverage your website security with bodHOST VTMScan to secure your digital assets

seo

Search Engine Friendly

Auto scanning for CMS with an agent-based server-side scanning

threat

Threat Detection

Proactively scanning for presence of any malware, security threats, infections, botnets, etc.

webserverfit

Keeps the Web Servers Fit

Carry out open port scanning against all security threats and validating mail server IP

 
attacks

Website Attacks Prevention

Specialized and secured defence against all types of exploits, advisory security patches with a complete trusted and tested security for websites

proactive

Proactive Flaw Detection

Quick mail alerts and warning alarms for web pages and codes

intensedet

Specialization in Intense Detection

Remote web-shell and unexpected file detection along with CMS specific scanning like- WordPress and Joomla.

Features of Scan Plans Standard Scan Enterprise Scan
Domains 2 Domains 2 Domains
Total No. of Scans 4 4
Per Month Cost $2.99 $3.99
Per Scan Cost 0.75 1.00
  Buy Now Buy Now
Features of Scan Plans Standard Scan Enterprise Scan
Domains 4 Domains 4 Domains
Total No. of Scans 8 8
Per Month Cost $4.99 $6.99
Per Scan Cost 0.62 0.87
Features of Scan Plans Buy Now Buy Now
Features of Scan Plans Standard Scan Enterprise Scan
Domains 10 Domains 10 Domains
Total No. of Scans 20 20
Per Month Cost $9.99 $13.99
Annual Cost 0.50 0.70
  Buy Now Buy Now
Features of Scan Plans Standard Scan Enterprise Scan
Domains 50 Domains 50 Domains
Total No. of Scans 100 100
Per Month Cost $44.99 $59.99
Annual Cost 0.50 0.59
  Buy Now Buy Now
Reputation and Blacklist Monitoring    
Reputation Monitoring
Blacklist Monitoring
Basic assessment    
Http security header check
OS Vulnerability detection
Banner grabbing
Standard Malware Detection    
SQL Injection
Cross Site Scripting
Malware Detection
Webpage Defacement Detection
Insecure Deserialization
Local File Inclusion
Remote File Inclusion
Advanced Malware Detection    
Content Change Monitoring -
Phishing Page Detection -
Defined scan time -
CMS Scan -
 Port Scan  -
SSL Scan -
URL Monitoring -
Cross-Site Request Forgery -
Additional Functionality    
Error reporting including recommendation 
Email Support

OWASP Top 10:

Open Web Application Security Project (OWASP) refers to an online community that works in the domain of web application security. It releases the list of top-10 vulnerabilities after every few years. VTMScan identifies these vulnerabilities and complies with the rules laid by OWASP. VTMScan scans for Cross-site Scripting, SQL Injections, etc. and report these vulnerabilities along with recommendations to cure these issues.

OWASP
Content

Content Change Monitoring:

VTMScan provides Content Change Monitoring and is an important feature. It scans every page of the website for detecting if any change has occurred. Every change is observed across the entire website along with the respective percentage in the URLs. Here, a snapshot is generated of all the webpages and then each page is scanned for any modifications and changes. Once this is done, irregularities are reported, if any. This feature is of great benefit for the website owners for checking if any changes are being done on the website without their concern.

Malware Scan

Website defacement refers to an attack on a website that can the visual appearance of a webpage.

  1. Forced redirected test for injections
  2. Scanning JavaScript code snippets for generic signatures. Checking for any iframes
  3. Special algorithm devised for detecting JavaScript Obfuscation. Obfuscation is used for converting vulnerable codes into a format that can’t be read easily
  4. Checking for third-party links from reputed databases
  5. Malware monitoring is mostly done for the detection of JavaScript, iframe & Defaced keywords. JavaScript is checked for malicious code. The website is also scanned for any defaced keywords
Malware
Phishing

Phishing

Protecting the customers and safeguarding the website as well as web applications with VTMScan

  1. Look for similar domains
  2. Common misspelling or use of foreign language
  3. Misspelling such as typographical error
  4. Swapping letters in the URL
  5. Using different domain names

Detection of any Punycode phishing attacks

CMS Scan

  1. Very less number of scanners are provided in this feature
  2. Detects CMS tools such as- WordPress, Joomla, Drupal, etc.
  3. Scanning is done for themes, plugins and unprotected admin area
  1. Enumerating users
  2. Use of brute-force for detection of simple passwords
  3. Scanning of File Path Disclosures or FPDs
  4. Detecting CMS across all directories
CMS
Domain reputation

Domain Reputation Check

Domain reputation check done in Google, SURBL, Malware Patrol, Clean-MX and Phishtank

  1. VTMScan performs checking of the user domain across popular domain databases like- Google, SURBL, Malware Patrol, Clean-MX and Phishtank. These have an in-house database that contains the IP addresses and domains that might be extracted for malware, spamming and other phishing activities

Mail server IP check-in 58 RBL Repositories

RBL or Real-time Blackhole Lists contain IP addresses of all those owners who’ve declined to stop the growth of spams. RBL lists all such IP address from several ISPs and identifies users who’re responsible for all these spams. RBL can also form the list of all ISPs whose servers have been hijacked for serving the purpose of spam relay. VTMScan performs checking of mail server IPs in 58 RBL repositories.

Robust Link Crawling

Link crawling refers to a process of capturing all the URLs of a website. It can be useful for VTMScan to understand how many webpages are existing at a given time instance on websites and what are all these webpages relating to. The website owner can perform cross-checking of his webpages to identify whether they are legitimate or not.

VTMScan performs following tasks under link crawling-

  1. Crawling links from various sources such as- web pages, robots.txt, iframes, hacker’s favorite search engines, directory indexes, and directory traversals.
  2. Checking admin and directory busters
  3. Checking the directory access
Link Crawling
Banking grabbing

Banner Grabbing

Banner grabbing refers to collecting information related to the user website such as- web server information, header info as well as open ports. Banner grabbing is a technique that is used for gaining information regarding a computer system over a network and the associated services that are running on its open ports. Any intruder can use the banner grabbing for finding network hosts running different versions of applications and OS by using the most-known exploits.

VTMScan performs checks for following-

  1. Scanning of ports
  2. Detecting operating systems
  3. Detection of Web Application Firewall (WAF)

SSL Scan

VTMScan validates checking for SSL Poodle, BEAST, CRIME, Heartbleed, DROWN, etc.

Under SSL Check, the following checks are performed by VTMScan-

  1. NULL Cipher used or is less than 128 bits
  2. Domain is using an invalid security certificate
  3. Domain is using an expired security certificate
  4. Domain using security that is going to expire by the end-of-day
SSL
LFI RFI

LFI & RFI Detection

Local File Inclusion (LFI):

Local File Intrusion refers to a process where the file or a script has been injected on a server using a web browser, allowing traversals in local directories to be injected in case the page is not ‘sanitized’. This attack can give rise to the disclosure of user-sensitive information.

Remote File Inclusion (RFI):

Remote File Intrusion depicts an attack that can explore for vulnerabilities in a web application for including a remote file using a script on the web browser. The intruder might want to exploit the functionalities in an application for uploading malware from different domains.

Q: Does VTMScan scan subdomains of a given domain?

A: Yes, VTMScan will also scan subdomains of your website, but you need to mention those subdomains in the additional domain field while you schedule your scan.

Q: Can VTMScan schedule website scan as per user time frame?

A: Yes, VTMScan can schedule scans as per user time frame so that it won't affect user website during peak time. User will be provided with a custom scan option where he can set his time frame.

Q: What is OS Detection in VTMScan?

A : OS Detection is one of the striking features of VTMScan. Most of the time website is coded very securely and is very hard to crack so, hackers target website server Operating System. VTMScan predicts your Operating System and lists down vulnerabilities regarding that website.

Q: How exactly does VTMScan Ports remotely?

A: VTMScan checks for all ports on the server. It finds out all open ports and services/products running on those ports. It checks those products in vulnerability database and alerts if any product is vulnerable.

Q:Does VTMScan installs any agents on my website?

A : VTMScan does not install any agent. VTMScan also takes care that it sends you harmless requests and payloads which will not affect performance and availability of the user website.

Q : What is WAF?

A : A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.

Q : What is Content Change Monitoring and it's usage?

A : Content Change Monitoring compares the current state of your website with the snapshot of your website which was taken by you earlier and informs if any changes are observed on the website.

Q : Is Authentication Based Scanning supported by VTMScan?

A : Yes, VTMScan supports authentication based scanning viz. htaccess and web based authentication.

Q : What do you mean by a CSRF vulnerability?

A : Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the website trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.

Q : Does VTMScan detects CMS? If Yes, then which types of CMS are detected?

A : Yes, CMS is detected in VTMScan. Types of CMS that are detected and scanned are Wordpress, Joomla, vBulletin and Drupal.

Q : How do I get my domain off the phishtank blacklist?

A : Please visit the following page: http://www.phishtank.com/contact.php and follow the instructions for reporting an incorrect phishing page.

Q: Does VTMScan scan subdomains of a given domain?

A: Yes, VTMScan will also scan subdomains of your website, but you need to mention those subdomains in the additional domain field while you schedule your scan.

Q: Can VTMScan schedule website scan as per user time frame?

A: Yes, VTMScan can schedule scans as per user time frame so that it won't affect user website during peak time. User will be provided with a custom scan option where he can set his time frame.

Q: What is OS Detection in VTMScan?

A : OS Detection is one of the striking features of VTMScan. Most of the time website is coded very securely and is very hard to crack so, hackers target website server Operating System. VTMScan predicts your Operating System and lists down vulnerabilities regarding that website.

Q: How exactly does VTMScan Ports remotely?

A: VTMScan checks for all ports on the server. It finds out all open ports and services/products running on those ports. It checks those products in vulnerability database and alerts if any product is vulnerable.

Q:Does VTMScan installs any agents on my website?

A : VTMScan does not install any agent. VTMScan also takes care that it sends you harmless requests and payloads which will not affect performance and availability of the user website.

Q : What is WAF?

A : A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.

Q : What is Content Change Monitoring and it's usage?

A : Content Change Monitoring compares the current state of your website with the snapshot of your website which was taken by you earlier and informs if any changes are observed on the website.

Q : Is Authentication Based Scanning supported by VTMScan?

A : Yes, VTMScan supports authentication based scanning viz. htaccess and web based authentication.

Q : What do you mean by a CSRF vulnerability?

A : Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the website trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.

Q : Does VTMScan detects CMS? If Yes, then which types of CMS are detected?

A : Yes, CMS is detected in VTMScan. Types of CMS that are detected and scanned are Wordpress, Joomla, vBulletin and Drupal.

Q : How do I get my domain off the phishtank blacklist?

A : Please visit the following page: http://www.phishtank.com/contact.php and follow the instructions for reporting an incorrect phishing page.