Canary Tokens
Use Canary Tokens to notify ChainPatrol when your website is cloned and have them blocked immediately
What is a Canary Token?
Canary Tokens are a free, open-source tool that helps you discover when bad actors access your data. They can be used to detect unauthorized access to your website, documents, or other sensitive information.
You can read more on the Canary Tokens website.
Cloned Website Tokens
Cloned Website Tokens are a type of Canary Token that can be used to detect when your website is cloned. They work by embedding a unique token into your website that is invisible to your users. When a bad actor clones your website, they will also clone the token. When the token is accessed, you will be notified and ChainPatrol will proceed to block and takedown the malicious cloned site.
You can read more about Cloned Website Tokens on the Canary Tokens website.
Setup Instructions
Create a new Canary Token
Go to the Canary Tokens Nest and select the JS cloned website from the list.
Fill the fields with the information below:
| Field | Value |
|---|---|
| Domain of protected website | <YOUR DOMAIN> |
| Mail me here when the alert fires | <YOUR EMAIL> |
| Remind me of this when the alert fires | Any note you’d like (ex. Token for <YOUR DOMAIN>) |
Next, click Add Webhook Notification, and fill in the following information:
| Field | Value |
|---|---|
| Notify me here when the alert fires | https://app.chainpatrol.io/api/v2/canary/webhook |
It should look something like this when you are done:
Click Create Canarytoken.
Navigate to Manage Token
After the token is created, you will see the modal with the token information.
Click Manage Canarytoken to navigate to the token’s page.
Save the URL and send it to ChainPatrol
You should save this current page’s URL for future reference. This is a uniquely generated URL containing the token that you can come back to see the history of the your Canary Token.
Example: https://canarytokens.org/nest/manage/<NEST_ID>/<TOKEN_ID>
In order for ChainPatrol to automatically detect cloned websites, send this URL to ChainPatrol via a secure channel. We will connect your token to your organization’s account.
Add the generated JavaScript snippet to your website
Finally, to complete the setup of the Canary Token, you need to add the generated JavaScript snippet to the domain that you indicated earlier.
- Toggle ON the “Obfuscate this script” option and copy the generated code.
- Paste the code into your website’s HTML code, preferably in the
<head>tag on the homepage.
Note: We recommend turning OFF Email Alerts, since they may include localhost URLs and other false positives. We will handle the alerts via webhook.
What happens when a cloned website is detected?
When your website is cloned, we will create a new report in your ChainPatrol dashboard. ChainPatrol will proceed to block and takedown the malicious cloned site.
Was this page helpful?