Honeypot and Canary Token Detection
infoWhat is Honeypot Canary?
Honeypot URLs and canary tokens are decoy resources deployed on your domain to detect unauthorised access attempts. When an attacker or automated scanner accesses these fake endpoints, an immediate alert is triggered.
How it works
A fake admin URL (e.g., /shield-admin) or decoy file is deployed on the domain. Legitimate users and applications never access it. When any IP requests the honeypot URL, the system captures the IP address, user agent, timestamp, and request details, then sends an instant alert via SMS, email, or webhook.
Impact
Honeypots provide early warning of reconnaissance activity. Detecting an attacker during the probing phase — before they find real vulnerabilities — gives defenders time to block the source IP, tighten controls, and investigate the threat.
ShieldReport deploys honeypot canary URLs on your domain and monitors access in real time. Any hit triggers an instant notification with full request forensics.
How to fix it
No remediation needed — honeypots are a defensive measure. When triggered, investigate the source IP, check other logs for related activity, and consider blocking the IP range. Review access patterns to determine if the probe is automated or targeted.
Tags
Is your site vulnerable to Honeypot Canary?
Run a free scan to find out in under 2 minutes.
Scan Now