You Shouldn’t Hire Someone to Clean Up a Malware Infected Website Until They Have Confirmed There is an Issue

If you deal with malware infected websites on a regular basis, like we do, you know that with just about any issue that can occur with a website there will be someone who thinks it was caused by malware or some other hack, so what we always want to determine before taking on a cleanup of a website the owner thinks is infected, is if it is really infected. That isn’t the case with everybody, as this recent review of another company in the industry, Sucuri, which we noticed while looking at another review that a recent clients of ours (after having hired previous hire Sucuri) left about them on Trustpilot:

In December 2019, I received several urgent messages from my webhost, SiteGround, stating that Malware had been detected in 3 URLs on my website. Each alert urged me to use professional clean-up service by Sucuri and included a link to purchase Sucuri’s service. Panicked, I signed up for an annual service with Sucuri for $199.99 (the cheapest option) that included a 30-day trial period in which I could cancel. I immediately put in a ticket for Sucuri to address the urgent malware problem on my website that I’d been informed about by SiteGround. Sucuri was unable to find any evidence of malware. Meanwhile, SiteGround continued to send me malware notifications, and each time, Sucuri said there was no malware to be found. Realizing Sucuri couldn’t fix the issue and that I’d need to find another service, I immediately requested my service be cancelled as I was still well within the initial 30 day trial period. I was informed by Sucuri that they could not refund me anything because if a customer puts in even one ticket for malware removal–and EVEN IF SUCURI FAILS TO REMOVE IT–it voids the customer’s ability to cancel their service.

That Sucuri wasn’t finding something that existed, isn’t surprising considering our own experiences like what we mentioned in a previous blog post, a situation where we were brought in after they were claiming there was no issue, despite it being easy to find.

That all is out of line with how they market their service, as they make claims like this:

Our dedicated researchers monitor active malware campaigns. With a trained team of analysts, we aim to provide the best malware removal service around.

And this:

We use scripts and tools to quickly scan your website for malware. Our analysts check your site manually too. No hack is too complex for our incident response team.

Trustpilot

That review also highlights a problem when it comes to trying to find the right company to hire to do website malware removal, as that company, like others, is paying review sites, which allows them to hide negative reviews:

**I’d like to also point out that where Sucuri’s customer service team does appear to spend their time is flagging their negative reviews here on Trust Pilot. This is my 2nd time posting a review about Sucuri. Sucuri challenged my last review as not being valid, stating I wasn’t one of their customers. After I provided evidence of my customer status and my back-and-forth with Sucuri to Trust Pilot, my review was reinstated. However, Sucuri then claimed that my review violated Trust Pilot’s guidelines (for reasons that have not been disclosed to me) and they ultimately succeeded in getting my first review removed. If this is how Sucuri conducts themselves on Trust Pilot in order to get the numerous negative reviews about their services removed, then I think there’s likely little hope of their customer service and business model improving anytime soon.**

SiteGround

Also worth noting, is that like people we have dealt with after they had a bad experience with Sucuri, the web host SiteGround had promoted them. It would appear they continue to do that despite at least having some awareness of the problems with Sucuri:

After getting nowhere with Sucuri’s customer service, in February, I finally decided to address my terrible experience with Sucuri with SiteGround, my webhost, since SiteGround was the one who referred me to Sucuri–a fact that made me question whether or not I should continue using SiteGround as my webhost. SiteGround immediately contacted Sucuri on my behalf and got them to issue a refund in the full amount of $199.99. Prior to SiteGround’s involvement, I had been in contact with multiple customer service representatives at Sucuri and their only reply was basically, “Sorry you misunderstood the terms of our contract, but it is what it is and we can’t refund you.” I’m very relieved to see that at least SiteGround takes an interest in their customers and in doing the right thing in their business practice because my webdesigner recommends SiteGround to all her clients. As for Sucuri, my opinion of them remains unchanged. I have no interest in ever using their services again and I cannot in good faith recommend them to anyone.

What might explain why they continue to promote them is that they are getting paid to do that.

Sucuri’s Scare Tactics on Display with Their Claim That the Washington Post’s Website Contains Malware

Back in March we put out a post about the, now GoDaddy owned, website security company Sucuri’s SiteCheck scanner falsely claiming that our website was “defaced” and that “malicious code was detected”. That claim was based on a page on our website being named “Hacked Website Cleanup – White Fir Design”.

We recently had someone contact us that ran across our post after having Sucuri make a similar false claim about their website. In their case they were contacted by their web host SiteGround with the Sucuri results. In looking in to what was going on we found a post on SiteGround’s blog from March announcing they were going to start doing that. What they say about Sucuri is disconcerting:

There are several reasons to change our scan partner from Armorize to Sucuri. First, Sucuri is one of the most respected companies in the website security field. In addition, we have been working in partnership with them for several years. We have relied on their expertise for solving numerous complex security issues. And last, but not least, many of our clients’ websites have also been cleaned by Sucuri from malicious code over the years. That is why it was only natural that we extend this already successful partnership and make it cover the daily site scans too.

If they are truly one of the most respected companies in the website security field, that doesn’t same much about the field. Not only has their scanner been quite bad for years, but what we have seen with their clean up of hacked website hasn’t been good either, an example of that involved a website they claimed clean despite compromising credit info entered on it. They also don’t seem to understand the basics of security. And about a year ago they accidentally made a good case for avoiding themselves.

But let’s get back to their scanner, which SiteGround is now helping to cause more people to interact with the results of.

Scare Tactics

If you go to the web page for Sucuri’s Scanner you will notice that just below where you enter an address to have it scanned, it states:

Disclaimer: Sucuri SiteCheck is a free & remote scanner. Although we do our best to provide the best results, 100% accuracy is not realistic, and not guaranteed.

That sound reasonable, the problem is that it doesn’t in any way match how they present results from it. Here is what it looks like when they think a web page contains malware, as can be seen with a page from the Washington Post’s website, which we happened to submit to test out something related to the false defacement claims:

Among the very scary sounding things they have on their are:

Warning: Malicious Code Detected on This Website!

Status: Infected With Malware. Immediate Action is Required.

Malware Detected Critical GET YOUR SITE CLEANED

Get Immediate Clean Up CLEAN UP MY SITE

Your site appears to be hacked. Hacked sites can lose nearly 95% of your traffic in as little as 24 to 48 hours if not fixed immediately – losing your organic rankings and being blocked by Google, Bing and many other blacklists. Hacked sites can also expose your customers and readers private and financial information, and turn your site into a host for dangerous malware and illicit material, creating massive liability. Secure your site now with Sucuri.

Though looking at the evidence presented to back that all up they seem a lot less sure there is even an issue as it is stated that “Anomaly behavior detected (possible malware)”.

When looking at the malware definition given, MW:ANOMALY:SP8, things are also unclear, as first they refer to what it detects as being “suspicious” and “possibly malicious”:

A suspicious block of javascript or iframe code was identified. It loads a (possibly malicious) code from external web sites that was detected by our anomaly behaviour engine. Those types of code are often used to distribute malware from external web sites while not being visible to the user.

But then states their “engine found it to be malicious”:

This is not a signature-based rule, but looks at anomaly behaviors on how the web site is being loaded. Our engine found it to be malicious (related to remote includes).

It isn’t reassuring that on one page they both claim detecting this would mean that something is malicious and that it is only possibly malicious.

Get a Second Opinion

We would strongly recommend that web hosts don’t do what SiteGround is doing here and further spreading Sucuri’s inaccurate results. It would probably be best to avoid any web host that does something like this as well, since it doesn’t show they have an interest in best helping their customers or that they are doing proper due diligence.

If you do get sent results by your web host that claim your website is hacked, whether they come from Sucuri or another company, we would recommend that you get a second opinion as to their veracity from a more trustworthy company that does hack cleanups. We are always happy to do that for free and we would hope that others would too.