When it comes to the poor security of websites the unfortunate reality for a company like ours that actually try to improve security, is that much of the security industry is only really focused on taking advantage of people (whether intentionally or because they don’t have even a basic grasp of security) and many people with real security issues often are not interested in getting things properly dealt with, instead looking for magic fixes. The end result is that legitimate security companies suffer, while scammers that will sell people things that don’t work, but are marketing with fantastical claims, do.
On one side of that, take the company SiteLock, which we have seen taking advantage of people for years, by doing things like selling security services that claim provide incomparable security that don’t even attempt to actually secure websites or trying to sell unneeded security services based on phishing emails. Much of what they are up to could accurately be described as a scam, but in addition to having people come to us after being scammed by them, we often deal with people who have not being scammed by them yet, but only seem interested in claiming they are being scammed by them instead of being interested in actually dealing with a real security issue with their website.
One recent example of that came from someone that contacted us directly and also left a long comment on one of our posts about SiteLock. In their case what seems pretty likely to be going on is that they have not been properly cleaning up hacked website and then blaming their web host and SiteLock for the repercussions of that.
At the core of this is something we often hear about, but don’t quite understand since it seems to ignore clear information provided by web hosts and common sense. Mentioned in their comment was that they were simply removing files listed by their web host as being malicious:
The few files I found in the scan report took like 3-minutes to remove and had nothing to do with the domain.
Doing that isn’t enough, as among other things, those files had to get on the website somehow, so you need to try to figure out how that is happening. Not all that surprisingly the issue then kept occurring, but that didn’t cause them to consider changing course.
The more important issue with that though is that their web host would usually mention when listing the files they noticed are malicious, that removing them is not enough, here for example the boiler plate text someone else that contacted us recently received from the same company along with the list of impacted files:
Please Note: While the content listed was specifically reported, it may not be a complete list of all infected content on your website. It is very common for additional infected content to exist and not be captured in our report. For this reason, we highly recommend that you review all of your website content as well as your entire cPanel account to help prevent further security issues and malware reports. Not doing so could leave your website vulnerable to another infection.
So you have someone repeatedly ignoring the advice of their web host, which relates to something else the web host warned about:
For the safety of our servers and your website visitors, repeated reports of malicious content on your account within 60 days of this initial notice will lead to necessary further actions, which may include permanent suspension.
When we replied to this person to point out that you can’t just remove the files and that we haven’t had any of the issues they are complaining about when we have been hired to do a proper cleanup, the just steamrolled forward with their belief that their web host and SiteLock were up to shady behavior. So our time was just wasted there as they were no closer to getting things properly resolved. Instead they said their next move was to move to a new web host, which wouldn’t resolve the hack, just cause a new web host having to deal with having a hacked website on their systems.
We really can’t emphasize enough that if your web host is telling you your website is hacked, after confirming the claim is accurate, you or someone else needs to properly clean up the website, otherwise you are likely to have additional problems that could have been avoided.