One of the oddest claims that we have seen related to the web security company SiteLock was that they “don’t control how the hosts sell their services to customers”, which came from a journalist and seemed to be based on their conversation with a SiteLock employee. It’s odd because in what kind of partnership would one partner not have any control over how their services are being sold, but especially in the case of SiteLock’s partnerships where they are paying the web hosts a lot of money to partner with them (one web hosting company disclosed to investors that they get 55% of the revenue of sales of SiteLock services) and when many of the partnered web hosting brands are run by SiteLock’s owners. The other thing that made this so odd is that from everything we have seen the problematic way their services are sold usually involves sales made by SiteLock themselves. The web hosts just push their customers to SiteLock and then when their customer gets in touch with SiteLock they are put in touch with a commissioned sales person, which is where the problems really start.
We have seen and heard plenty snippets of what that involves in the past, but we recently ran across an example of an email from SiteLock that shows how they try to trick people into overpriced services. Not surprisingly considering that they are willing to tell people things that are not true even when the truth doesn’t seem to be a big deal, much of what they said is far from the truth.
Let’s start from the beginning of the email:
It looks like the issue your website is having is more than just infected files and you’re goign to need a manual clean. I recommend the SecureSite plan. I recommend this plan because you’re going to need several cleans during this process (of being under a targeted attack) but the malware itself isnt the biggest issue. The biggest issue the vulnerability that is allowing a hacker (or bots controlled by a hacker) to inject code or infect your files.
SiteLock makes a big deal of their automatic malware removal and how that sets them apart, but what we often see is they tell people that it won’t handle the issue on their website and they are going to need a manual clean, which comes with an additional cost. In one case they also claimed that a website couldn’t be automatically cleaned “without risking bringing down our site”.
A real problem with automated malware removal is that when cleaning up malware or other malicious code what is found can often provide important information on how the website was hacked, so if the cleanup is fully automated the cleaner is potentially going to miss important information needed to get the website secured. Normally SiteLock doesn’t actually determine how the website is hacked, so that doesn’t matter, but not doing that leaves the website open to the possibility of being hacked again. While doing that is actually a basic part of a cleanup, as will come up later SiteLock will charge even more money to do that (for a lot of cleanups they charge more to just remove the malicious code than we do for a proper cleanup including getting the website secured).
There is always going to be a vulnerability that allowed a hacker in, otherwise how would the hack have even happened.
The claim that website is being targeted isn’t actually true, unless you count every hack as being a targeted one. The explanation of how the website is being targeted doesn’t make sense:
You are being targeted by this hacker, they already know how and where the vulnerability exists and they will not stop sending bots to you until your website is destroyed or until the bots “hit a wall”. Typically about 4-5 months of rejected attempts the hacker will send the bots elsewhere as they’re usually after low hanging fruit. They’re hacking 10s of thousands of sites at a time and usually the goal is stealing traffic or placing malware on your site to get onto peoples computers to steal information. After the vulnerability is fixed, they’ll move on, I wish I could elaborate on what’s causing this right now but I don’t want to just guess, the data in the manual clean will give me exactly the information I need whether it’s having our technicians recode entry fields on the website or if something needs to be done on a server level via your host.
From dealing with many hacked websites we get the sense that this is written by someone who has no idea what actually happens with hacking attempts on websites, which they probably don’t, since it was coming from a sales person not a technical person.
The reality is that most hackings are not targeted at specific websites; instead hackers try to exploit the same vulnerability across many websites, which is often referred to as a mass hack. Either the website is vulnerable and the hacker will take further actions once they successfully exploit the vulnerability or they will move on to other websites. Often times there look to be numerous different people or groups trying to exploit the same vulnerability, so a vulnerable website might get hacked more than once (that is good reason to promptly deal with a hacked website once you become aware it has been hacked).
Hackers are not usually interested in destroying websites. The closet we see with that are defacements hacks where a hacker causes a website’s pages normal content to be replaced with a message from the hacker. The website’s content would normally not be destroyed by that. In other cases hackers are interested in using the website to do something else, say sending spam emails, which wouldn’t destroy it at all. Of course if you are trying to scare people, then telling hackers are trying to destroy their website would make sense.
Another part of shouldn’t really make sense even if you are not familiar with hacked websites. The email claims that “Typically about 4-5 months of rejected attempts the hacker will send the bots elsewhere as they’re usually after low hanging fruit.” Why would a hacker keep trying to exploit a vulnerability for months on end when either the vulnerability is exploitable or isn’t? The answer would seem to be that they are trying to lock you in to a six month commitment to one of their services, again this coming from a salesperson.
After the manual clean we will also your host (if your website is suspended) so that they can re-instate the account if you’ve been deactivated, we will also take care of any blacklisting issues (Google, Norton, AVG, Avast, Bing , Yahoo, etc… if there is a warning screen stating that your website is malicious or that it has malicious content). You do have the option of purchasing a one time clean from us but typically within 24 – 72 hrs, you’ll need another clean due to the bots attacking you. One time cleans are also $300 per clean, per domain and vulnerability fixes are the same price of $300 per domain.
A proper one time cleanup would actually involve determining how the website has gotten hacked and making sure it is fixed. Their pricing is just outrageous. If you want a poor quality cleanup that doesn’t involve doing things properly, you can spend a lot less than $300. For many websites we charge less than $300 to do things properly, meanwhile SiteLock wants $600 to do that. The idea that they would even sell a service that they know leaves a website vulnerable is rather troubling.
I would also be happy to review the services with you after 6 months to make sure that bot traffic has decreased, I encourage you to reach out to me so we can determine whether you’re still being targeted. I can proudly say that 100% of my customers that follow my recommendations (after the clean, as far as general maintenance) not only are malware free and no longer the victim of a targeted attack but also likely will not have a need for unlimited cleans and can explore other options (we have nearly 70 different products and services).
Here we get to them trying to get you to a six month commitment, the price of this wasn’t mentioned, but we have recently had people mention that they are trying get them to sign up for services that are $100 a month (in some instances it is even higher than that). That would be the same price as their overpriced cleanup and securing service, but with the added difficulty of trying to cancel the service at six months. The fact that they offer a service with unlimited cleanups is a good indication that they don’t properly secure websites, since if you do a proper cleanup the website shouldn’t be able to be exploited through the same issue again at all.
Considering that very few websites are ever targeted by hackers, the person receiving this email likely was never targeted in the first place.