What is a Canary Token?

Canary Tokens are a free, open-source tool that helps you discover when bad actors access your data. They can be used to detect unauthorized access to your website, documents, or other sensitive information.

You can read more on the Canary Tokens website.

Cloned Website Tokens

Cloned Website Tokens are a type of Canary Token that can be used to detect when your website is cloned. They work by embedding a unique token into your website that is invisible to your users. When a bad actor clones your website, they will also clone the token. When the token is accessed, you will be notified and ChainPatrol will proceed to block and takedown the malicious cloned site.

You can read more about Cloned Website Tokens on the Canary Tokens website.

Setup Instructions

1

Create a new Canary Token

Go to the Canary Tokens generator and select the Cloned Website type from the dropdown.

Fill the fields with the information below:

FieldValue
Webhook URLhttps://app.chainpatrol.io/api/v2/canary/webhook
Domain<YOUR DOMAIN>
Reminder noteAny note you’d like (ex. Cloned website token for <YOUR DOMAIN>)

It should look something like this when you are done:

Click Create my Canarytoken to create the token.

2

Save the Token URL and send to ChainPatrol

If the page was not automatically redirected, click on Manage Token in the top right.

You should save this current page’s URL for future reference (we’ll refer to this as the “Token URL” going forward). This is a uniquely generated URL that you can come back to see the history of the token.

In order for ChainPatrol to automatically detect cloned websites, send the Token URL to ChainPatrol via a secure channel. We will connect your token to your organization’s account.

3

Add the generated JavaScript snippet to your website

Finally, to complete the setup of the Canary Token, you need to add the generated JavaScript snippet to the domain that you indicated earlier.

Toggle ON the “Obfuscate this script” option and copy the generated code.

Paste the code into your website’s HTML code, preferably in the <head> tag on the homepage.

Result

You will see new reports in your ChainPatrol dashboard when your website is cloned. ChainPatrol will proceed to block and takedown the malicious cloned site.