In looking in to some things for recent posts about SiteLock, their web application firewall (WAF) had come up a number of times and that then made us recall that previously it seemed that service was actually provided by the company Incapsula. Looking at the page for the service there was no mention of that or anything that might indicate that SiteLock was not providing the service themselves. The only mention of Incapsula on SiteLock’s website according to Google is them being cited in a couple of blog posts. The same holds true for mentions of SiteLock on Incapsula’s website.
So were we confused in thinking that there was connection between the two companies or have they just hidden it away from the public (like how one of their hosting partners wouldn’t admit to the ownership connection between SiteLock and them)? A little more looking showed the connection actually existed.
The True Provider of TrueSpeed CDN
Doing a traceroute for www.sitelock.com showed their IP address to be 18.104.22.168, for the which the canonical name is 22.214.171.124.ip.incapdns.net. Incapdns.net as in Incapsula, which you wouldn’t expect since you expect that SiteLock would be using their own TrueSpeed content delivery network (CDN) to serve their website. Next up we did a traceroute on their WordPress focused sub-domain wpdistrict.sitelock.com, which showed a canonical name of iasx4.sitelockcdn.net and an IP address of 126.96.36.199, which in turn has a canonical name of 188.8.131.52.ip.incapdns.net. We then looked at several of their customers websites listed in case studies on wpdistrict.sitelock.com and found they were running through Incapsula as well.
From all that it is clear that the TrueSpeed CDN is actually being provided by Incapsula, which you wouldn’t have any clue if you looked at how SiteLock describes the service. One part of the description that stood out for us was this:
Dynamic Content Caching
SiteLock patent-pending technology continuously profiles website resources, gathering information on how content is displayed. Static content can be safely cached. Some dynamic content might change continuously, while other content might rarely change or change only for specific users. This information enables truly optimized caching, and ensures content that is rendered is accurate—a premium feature you won’t get with most content delivery networks.
To claim you have a patent pending certainly makes it sounds like you provide the service yourself. But a quick search pulled up a PDF datasheet for Incapsula’s Content Delivery Network, which pretty clearly is the source of material on SiteLock’s page, with some rewriting of the text having been done. Here is relevant section from Incapsula’s document:
Dynamic Content Caching
Patent-pending advanced learning algorithms continuously profile website resources, gathering intelligence on each resource. Some of these resources, which may be dynamically generated, rarely change over time and for different users. This intelligence allows for optimized caching and ensures resource accuracy.
SiteLock’s lack of truthfulness to their customers about this is pretty troubling as all of the customer’s website’s traffic is going to be running through a company that they don’t have a relationship with or are even likely to know is involved. Even if there is no concern about Incapsula, SiteLock could always switch to some other provider without notice, that isn’t as trustworthy and their customer could find that out too late.
This definitely is something that should make people avoid SiteLock, as trust is so important when it comes to security companies.
What About TrueShield Web Application Firewall?
Our looking into a connection between Incapsula and SiteLock started with looking for a connection with SiteLock’s web application firewall (WAF), so is that also provided by Incapsula as well? The circumstantial evidence points in that direction, but there was no smoking gun that we have found so far.
From a practical stand point if you are already running the website’s traffic through Incapsula it would seem to be easier to use their existing WAF in their systems than creating your own and then integrating that in to their systems, if they would even allow it. SiteLock’s CDN and WAF were introduced at the same time, so that would certainly fall in line with the possibility of them having the same source.
Here is the screenshot of a report from SiteLock’s WAF from the service’s page on SiteLock’s website:
And here is a screenshot of a report form Incapsula, also related to “Bot Access Control”:
The data presentation is quite similar between the two of those, which we have hard time believing could have been coincidental.
Know Something More About The Connection Between The Companies?
If you are aware of additional details related to the connection between SiteLock and Incapsula please leave a comment.
A Better Alternative to SiteLock For Cleaning Up a Hacked Website
If your web host is pushing you to hire SiteLock to clean up a hacked website, we provide a better alternative, where we actually properly clean up the website.