We have frequently mentioned the fact that many security companies don’t know and or care much about security. That not surprisingly leaves the public with a lot of bad options when they are looking for someone with security expertise to help them deal with a hacked website or other security issues. So how can they find one of the few companies that don’t fall in to one of those categories? We don’t know of an easy way, but we do know that looking at customer reviews of security companies isn’t a good way to do that.
We frequently are brought in to re-clean hacked websites after another company had been brought in to do that. While that isn’t always the company’s fault, we have found that in almost every instance the company doing the cleanup either didn’t know what they were doing or intentionally cut corners. We know that because we always ask in these instances if the previous company had determined how the website was hacked (since if the vulnerability hasn’t been determined and fixed it would leave the website open to being hacked again), and the response is almost always that trying to determine how the website never even came up. Considering that is one of three main components of a proper hack cleanup, that shouldn’t be the case. In more than a few cases even at that point the person we are dealing with said that the previous company did a good job, which doesn’t seem accurate considering they didn’t do things properly and the website was hacked again. If people think they did a good job at that point, we would assume that even more would have said that right after the original work was completed.
To give you another example of this we thought something we ran across involving web security SiteLock is worth highlighting. Here is a review of SiteLock from August of last year that comes from the BBB page for them:
Sitelock has been a great and affordable toll to achieve… security challenges, and enabled idbasolutions.com to offer our visitors peace of mind. In one and only incident in 2012, Sitelock emailed us as soon as they detected that some malicious software had infiltrated our comment pages…they quickly deleted all malicious code.
The problem with that review is that the website isn’t actually secure and hasn’t been secure for some time. The website is running Joomla 1.5, for which supported ended in September of 2012, over four years ago.
You wouldn’t know that if you were to believe SiteLock, as of today they are claiming it is secure:
It would be easy for SiteLock to determine that the website was running outdated software and isn’t secure, as the source code of each page on the website contains the following line:
<meta name=”generator” content=”Joomla! 1.5 – Open Source Content Management” />
So the review’s claim that SiteLock services “offer our visitors peace of mind” is true, but it is because SiteLock is not telling the website’s visitors the truth.
Considering that SiteLock missed such an easy to spot issue, it isn’t hard to believe they might also miss more serious issues, and in fact our past experience shows that it isn’t a theoretical issue. So while the review is positive, the underlying reality is the opposite.
Considering that customers of security services are hiring them in the first place, it isn’t likely that many reviews come from someone who would actually be aware of a failure like SiteLock’s here, so many other reviews of them are probably unintentionally misleading others as well.A Better Alternative to SiteLock
If your web host is pushing you to hire SiteLock to clean up a hacked website, we provide a better alternative, where we actually properly clean up the website if it is truly hacked or if isn't we will help you to get the issue resolved for free.
Before you do anything else though, you should check out our post on what you should know when you get contacted by or about SiteLock.