123 Reg’s Idea of Security Also Involves Leaving Websites to Get Hacked

Earlier this week we noted that GoDaddy’s idea of security involved leaving websites insecure and dealing with the after effects of that. They are not alone, as here is how another web host, 123 Reg, promotes a security service provided by their security partner SiteLock:

Malware is malicious code that can attack your website and cause security or performance issues.

Google has discovered that approximately 30,000 sites are affected by this malicious code every day and just 14% are protected, leaving 86% of websites vulnerable to attack. It sounds scary, but there is a way to protect your website.

SiteLock® from 123 Reg provides your website with a credible, state-of-the-art diagnostic system that scans for threats and identifies known malicious code, removing it from your website automatically. Giving you peace of mind in knowing that your site is malware free.

There are 110 million variants of malware in existence today. You can’t check your website every day in case you’ve been attacked. Let us do it for you.

Of course if SiteLock is detecting malicious code on your website then it has been affected by malicious code. Real protection would stop the malicious code from getting there in the first place.

What seems like it should also raise questions there is if the really were “110 million variants of malware in existence today”, what are the chances that SiteLock might miss some. The answer from an earlier post of ours is that in reality SiteLock misses malicious code that 123 Reg is able to spot themselves.

Even if they were good at spotting malware, if code is able to get on the website then its malicious impact could already have happened by the time it gets removed. For example if the malicious code copies all of an online store’s customer details, removing the malicious code isn’t going to undo it.

If you are looking to protect your website we recommend doing the security basics since those will actually stop the possibility of many attacks, while services that claim to protect websites present no evidence they are effective at all and we frequently had people coming to us looking for one of those that works after having used a service that didn’t prevent their website from being hacked. If your website has already been hacked, then the solution is to have it properly cleaned instead of security service.

SiteLock Falsely Claims That Website Hosted By Their Partner 123 Reg Is Malware Free

Over two years ago we noted the that then recently started partnership between the web host 123 Reg and the security company SiteLock was already producing the bad results expected that should have been expected based on SiteLock’s well earned reputation as being scammers. If the website we were contacted about earlier this week is any indication, things haven’t changed.

One of the more annoying aspects of the scam that is so much of the security industry is that after people get scammed by security companies like SiteLock that don’t even attempt to properly do the work they are being hired to do, people come to us wanting us to help them out for free since they already paid the scamming company (which we are not in the business of doing for what should be obvious reasons). That was the case with someone that contacted us after being told by 123 Reg that their website was hacked, hiring their partner SiteLock to clean it, and having SiteLock claim to have cleaned it up. While SiteLock claimed the website was the malware free, 123 Reg wouldn’t unsuspend the website to due them claiming their still was malicious code on it.

When we were contacted about the website it was suspended, so we couldn’t see what was going on with it, but when we went to check on the website a couple of days after we were initially contacted, we found that the website was no longer suspended and that clearly it still had malicious code on it since when trying to access the homepage we were redirected to a malicious website.

What this situation shows is that 123 Reg should certainly be aware that the security company they have partnered with isn’t getting things done. That they continue the partnership is a good indication that the partnership is based not on helping their customers get connected with a reputable security company, but instead is based on them getting paid to push their customers to hire SiteLock.

What is the most unfortunate element is that there really isn’t a solution apparent here. If people hired reputable companies like ours they could avoid this type of situation, but what we have found is that most people will ignore warnings about companies like SiteLock until after they have been scammed and then in situation like this they want someone else to help them for free.

123 Reg Sending Out Scammy Emails Based on Baseless SiteLock Risk Assessments

Earlier this month we discussed what seemed to be new attempt to scam people by the web security company SiteLock and their web hosting partners, using a supposed assessment of a website’s likelihood of attack. That post was based on information in an article written by a contributor at Forbes that had been contacted by their web host Network Solutions about the supposed risk of compromise of their website. The author of that article did a very good job of breaking down on how the claimed “comprehensive analysis” leading to risk score seems to be without a basis and we recommend reading that article.

The web host 123 Reg, which is now part of GoDaddy, has now started sending out emails based on the same assessment and the results are equally questionable. We were contacted by someone that received one of these that has a small website built on HTML files, so there is limited ability for it to be hacked when compared to, say, a website using CMS and a lot addons for the CMS. Despite that, the email claims that the “website is at high risk of vulnerabilities or compromise” and that “vulnerabilities are 12 times more likely to be exploited than the average website”, which is completely ridiculous. If you were to believe that there website is at high risk of being exploited then we can’t think of one that you wouldn’t.

Here is the email they are sending out:

Dear [redacted],

We take a proactive approach to protecting our customers’ website security. There are many factors that make a website vulnerable to hackers, and some sites are more vulnerable than others simply because of their software, plug-ins and passwords.

To help you understand where your website may be vulnerable, we have completed an automated scan of your website via the SiteLock Risk Assessment, a predictive model that analyses over 500 variables to determine a website’s likelihood of attack. The Risk Assessment is designed to score a website on a scale of low, medium or high.

After performing a comprehensive analysis of [redcated], we can confirm that your website is at high risk of vulnerabilities or compromise. When a website indicates a high risk score, vulnerabilities are 12 times more likely to be exploited than the average website, according to SiteLock data.

It is important that you act. For £0.99 per month, SiteLock ‘Find’ carries out a daily scan of your website. It can reveal where your website is vulnerable, and discover any malware. For £4.99 per month, SiteLock ‘Fix’ can also remove the malware from your site.

Find out more about SiteLock from 123 Reg

Alternatively, you can call us on 0330 221 1007 for more information.

Good website security comes down to teamwork. Here at 123 Reg, we do everything we can to keep your website safe server-side, and we urge you to do the same. A security breach can undo years of hard work in a matter of minutes. That is why, as a security precaution, we recommend you always upgrade outdated software like web applications or plugins to the latest versions when available.

Kind regards,

123 Reg Team

Based on everything we have seen so far these seems to be a rather naked attempt to sell security services based on scaring customers of web hosts under the guise of providing serious analysis of the security risk of the website. What makes it worse is that from what we have SiteLock services are not very good at providing protection, so the end result wouldn’t even be a good one even if the means is quite bad (as well as the company not doing much to help improved security for everyone in comparison something like our Plugin Vulnerabilities service).

One of the other people that received one of these emails raised another issue with them:

It should go without saying that no company involved with security should be doing something like this. SiteLock already has a well earned reputation for this type of thing. Who seems like they should be taking more heat for this is GoDaddy, as not only are they multi-billion dollar company, but they also provide security services under the brand Sucuri (which has lots of issues of its own).


123 Reg’s Partnership With SiteLock is Already Producing the Expected Bad Results

As we have continued to dig deeper in to how the web security company SiteLock takes advantage of people, one central element of it is their partnerships with web hosting companies. From their main website you can’t even sign up for their services, only request a quote, and if people were to be looking around for a security provider they would likely come across many horror stories involving them when doing. Instead it looks like the services gets sold on the trust in them implied by their web hosting partnerships marketing them and due to the fact that to varying degrees the web hosts push people to use them if their website is hacked (or in some cases when SiteLock or the web host is falsely claiming it is hacked). The reality of the partnerships is that they are not based on the web hosts believing SiteLock, instead it is based on them getting paid a significant amount of money (one major web hosting company disclosed they get 55% percent of the revenue from SiteLock services sold through the partnership with SiteLock).

Neither SiteLock or the web hosts are upfront about the real reason for their partnerships. Take for example how 123 Reg announced their partnership with SiteLock last month, there is no mention of that financial arrangement. Instead they make a number of claims that don’t match what we have seen of SiteLock’s services in the real world, including:

By partnering with SiteLock, small business customers now have access to best-of-breed security solutions that deliver proactive and reliable protection from internet threats and vulnerabilities.


Our partnership will ensure that websites run safely and smoothly, and will further secure the infrastructure in the UK. Through our combined efforts and commitment, we can make it easy for customers to seamlessly integrate security into their sites and prevent future attacks.

That things are not as they are claiming is hinted at by the paragraph that follows that though:

SiteLock can detect known malware the minute it hits. After identifying malicious content, it automatically neutralizes and removes the threats. SiteLock then provides businesses with complete reports on scans, threats detected and items removed.

On the one hand 123 Reg is claiming that they “can make it easy for customers to ” “prevent future attacks”, but then they are claiming that SiteLock is going detect malware the minute it hits, which indicates they can’t prevent future attacks (otherwise there wouldn’t be malware to detect). No evidence is provided that SiteLock can actually detect malware the minute it is hits and we have seen rather bad results in their attempts to detect malicious code, in one situation we found SiteLock claiming a website was secure while it contained malicious JavaScript code that compromised credit card details entered on the website.

Our experience is that SiteLock does a quite poor job of cleaning up hacked websites. For example, everything we have seen indicates that they fail to do two of three basics steps for cleaning up a hacked website, 1) making sure the website has been secured (which usually means getting the software up to date) and 2) determining, to the extent possible, how the website was hacked. In one recent instance their failure to do those not only left hackers with two forms of access to the website, but also meant that a security problem at one of their partner web hosts remained unfixed, which would allow even more website to be hacked (that vulnerability remaining unfixed would provide them more people to to have the potential to take advantage of as well).

Not to surprisingly then we have already run into an example of the partnership with 123 Reg producing the bad results you would then expect:

It’s not been awful, but it’s been repetitive. A few links stuck in the index page as far as I can see. They’ve tried to put in malware which Sitelock has found and got rid of. But they’re still getting in. We’ve changed passwords, sitelock has changed dns settings (after this I don’t understand much), any coding on the site is from the lastest version of xara web designer and xara say they’re safe. 123reg (who sold me Sitelock) said they can’t keep everything out, which beggars the question – what’s the point? PC that the site was uploaded from is free from viruses and malware. Hosting service are saying it shouldn’t happen again but are advising me to move anyway (!).

If SiteLock was doing things properly they would have done the work to determine how the website was getting hacked and fixed that, but since their idea of protection is to detect a website is hacked instead of actually protecting it, that doesn’t happen, leading to situation like what is described there.

If your web host is a partner with SiteLock your best move is probably to move to another web host since through that partnership they are showing that they don’t really care for their customers. If you are at the point where you are being contacted by your web host or SiteLock about your website being infected with malware or otherwise hacked we recommend you read one of our previous posts that takes you through some of the  important information to understand about the situation before you make any decisions on dealing with it.