A few days ago we discussed a Forbes article about a report from the web security company SiteLock that claims be a score of how likely a website is to be compromised that seems to be based on nothing, as despite claiming a website had a “Medium” likelihood of compromised SiteLock couldn’t point to any way that the website would be compromised other than ones that are not considered in their score. In that post we noted that previously we have had people come to us after SiteLock had contacted and claimed that there was vulnerability on their website, but wouldn’t give them any details of it. It looks like they can provide even less information, as the following portion of an email sent to someone that was formerly a customer of one of their web hosting partners shows:
— Indie (@IndieAtWork) August 17, 2017
It is baffling that telling the owner of a website which one of their websites is claimed to have a vulnerability, without providing any details whatsoever of the vulnerability, is going to somehow expose the vulnerability.
What is a bit odd about this message is that Bluehost’s name is incorrectly capitalized as “BlueHost” with the “h” capitalized when it shouldn’t. It seems like you should get your partners name right, especially when that partner is ultimately run by SiteLock’s owners. Without seeing the rest of the email we can’t see if there is any indication that this actually another phishing email being sent to Bluehost customers, like the one we that came up last week when Bluehost was pushing someone to hire SiteLock to deal with a non-existent malware issue. Though that phishing email actually mentioned a specific website.
One alternate explanation that isn’t too far out there considering SiteLock’s track record and the fact this person isn’t even with the web host anymore is that there is no basis for the claim. By not mentioning a website they might hope to get more interest from webmasters than if they mentioned one and it wasn’t important.
A Better Alternative to SiteLock For Cleaning Up a Hacked Website
If your web host is pushing you to hire SiteLock to clean up a hacked website, we provide a better alternative, where we actually properly clean up the website.