SiteLock is Now Trying to Scam People Out of $70 to $100 a Month Due to Non-Malicious Files Created by cPanel

From our years of experience dealing with the cleanup of hacked websites the first thing legitimate providers would want to do when contacted is to make sure that the website that they are being contacted about is in fact hacked, as we have found that people experiencing just about any problem with a website can jump to the conclusion that it was caused by the website being infected with malware or otherwise hacked. Much of the security industry isn’t what we would call legitimate and the company that seems to be the farthest from legitimate is SiteLock, which has a well earned reputation for scamming people. Part of how they can stay in business despite that reputation is that they have “partnerships” with web hosts where the web host pushes their services and SiteLock in term provides them a large commission for services they can sell through that. That type of relationship is often to the disadvantage of customers of the web hosts, as a situation we were just consulted on shows.

Recently one of SiteLock’s partners, HostMonster, deactivated one of their customer’s websites due to claimed malware on the website. When the customer contacted the support department they were transferred to SiteLock and told the only way to get the website back up was to pay to pay them $70 to $100 a month (charged annually). In reality the web host only requires that the website be cleaned for them to reactivate it. In this case though the situation is much worse since there wasn’t any malware on it.

All of the files that were claimed to be malicious had names similar to .wysiwygPro_preview_edcf331f0ffc35r4b482f1d15a887w3b.php and had contents similar to this:

<?php
if ($_GET['randomId'] != "Qd8f8yQpZe0JyipHkqUDWIwUrHqUixgfdQfEvwy1fU29Q0V_3kf_mw01oJmeF_g6") {
    echo "Access Denied";
    exit();
}
 
// display the HTML code:
echo stripslashes($_POST['wproPreviewHTML']);
 
?>

Those are legitimate files created by an HTML editor that has come with the cPanel control panel offered by the web host. They are not malicious. The code in them is potentially susceptible to reflected cross-site scripting (XSS) due to outputting user input without escaping it, but someone would have to know both the apparently randomized name of the file and the apparently randomized additional value checked for that to even come in to play.

Based on the identifier given for them, “SL-PHP-JSINCLUDE-cu.UNOFFICIAL FOUND”, it appears that SiteLock is causing them to be falsely flagged as malicious.

Based on our years of seeing what SiteLock is up to, it seem possible that the incorrect flagging here is caused by SiteLock’s incompetence instead of actual malice, but in either case this is scam, since if they can’t correctly handle identifying malicious files then they shouldn’t be offering the services they are.

When we were contacted about the situation the first thing we did was to ask about the evidence provided by the web host to support the shutting down of the website and once we saw that, we were able to explain what was going on and help get this resolved for free instead of scamming money out of someone who was already attempted to be scammed.

Get a Free Consultation From Us

If you are have been contacted by SiteLock or a SiteLock partnered web host claiming your website is hacked, feel free to contact us to get a second opinion as to whether the website is really hacked and if it is we will provide you with a free consultation on how you can best deal with the issue. To provide that second opinion please provide us with the evidence SiteLock or the web host is providing to back up their claim.

If your web host is pushing you to use SiteLock you should be aware of a number of items before making any decisions and you should know that we can provide you with a better alternative for cleaning up the website for less money.

123 Reg’s Idea of Security Also Involves Leaving Websites to Get Hacked

Earlier this week we noted that GoDaddy’s idea of security involved leaving websites insecure and dealing with the after effects of that. They are not alone, as here is how another web host, 123 Reg, promotes a security service provided by their security partner SiteLock:

Malware is malicious code that can attack your website and cause security or performance issues.

Google has discovered that approximately 30,000 sites are affected by this malicious code every day and just 14% are protected, leaving 86% of websites vulnerable to attack. It sounds scary, but there is a way to protect your website.

SiteLock® from 123 Reg provides your website with a credible, state-of-the-art diagnostic system that scans for threats and identifies known malicious code, removing it from your website automatically. Giving you peace of mind in knowing that your site is malware free.

There are 110 million variants of malware in existence today. You can’t check your website every day in case you’ve been attacked. Let us do it for you.

Of course if SiteLock is detecting malicious code on your website then it has been affected by malicious code. Real protection would stop the malicious code from getting there in the first place.

What seems like it should also raise questions there is if the really were “110 million variants of malware in existence today”, what are the chances that SiteLock might miss some. The answer from an earlier post of ours is that in reality SiteLock misses malicious code that 123 Reg is able to spot themselves.

Even if they were good at spotting malware, if code is able to get on the website then its malicious impact could already have happened by the time it gets removed. For example if the malicious code copies all of an online store’s customer details, removing the malicious code isn’t going to undo it.

If you are looking to protect your website we recommend doing the security basics since those will actually stop the possibility of many attacks, while services that claim to protect websites present no evidence they are effective at all and we frequently had people coming to us looking for one of those that works after having used a service that didn’t prevent their website from being hacked. If your website has already been hacked, then the solution is to have it properly cleaned instead of security service.

SiteLock Falsely Claims That Website Hosted By Their Partner 123 Reg Is Malware Free

Over two years ago we noted the that then recently started partnership between the web host 123 Reg and the security company SiteLock was already producing the bad results expected that should have been expected based on SiteLock’s well earned reputation as being scammers. If the website we were contacted about earlier this week is any indication, things haven’t changed.

One of the more annoying aspects of the scam that is so much of the security industry is that after people get scammed by security companies like SiteLock that don’t even attempt to properly do the work they are being hired to do, people come to us wanting us to help them out for free since they already paid the scamming company (which we are not in the business of doing for what should be obvious reasons). That was the case with someone that contacted us after being told by 123 Reg that their website was hacked, hiring their partner SiteLock to clean it, and having SiteLock claim to have cleaned it up. While SiteLock claimed the website was the malware free, 123 Reg wouldn’t unsuspend the website to due them claiming their still was malicious code on it.

When we were contacted about the website it was suspended, so we couldn’t see what was going on with it, but when we went to check on the website a couple of days after we were initially contacted, we found that the website was no longer suspended and that clearly it still had malicious code on it since when trying to access the homepage we were redirected to a malicious website.

What this situation shows is that 123 Reg should certainly be aware that the security company they have partnered with isn’t getting things done. That they continue the partnership is a good indication that the partnership is based not on helping their customers get connected with a reputable security company, but instead is based on them getting paid to push their customers to hire SiteLock.

What is the most unfortunate element is that there really isn’t a solution apparent here. If people hired reputable companies like ours they could avoid this type of situation, but what we have found is that most people will ignore warnings about companies like SiteLock until after they have been scammed and then in situation like this they want someone else to help them for free.

The Repercussions of Failing to Properly Cleaning Up Your Hacked Website is Not a SiteLock Scam

When it comes to the poor security of websites the unfortunate reality for a company like ours that actually try to improve security, is that much of the security industry is only really focused on taking advantage of people (whether intentionally or because they don’t have even a basic grasp of security) and many people with real security issues often are not interested in getting things properly dealt with, instead looking for magic fixes. The end result is that legitimate security companies suffer, while scammers that will sell people things that don’t work, but are marketing with fantastical claims, do.

On one side of that, take the company SiteLock, which we have seen taking advantage of people for years, by doing things like selling security services that claim provide incomparable security that don’t even attempt to actually secure websites or trying to sell unneeded security services based on phishing emails. Much of what they are up to could accurately be described as a scam, but in addition to having people come to us after being scammed by them, we often deal with people who have not being scammed by them yet, but only seem interested in claiming they are being scammed by them instead of being interested in actually dealing with a real security issue with their website.

One recent example of that came from someone that contacted us directly and also left a long comment on one of our posts about SiteLock. In their case what seems pretty likely to be going on is that they have not been properly cleaning up hacked website and then blaming their web host and SiteLock for the repercussions of that.

At the core of this is something we often hear about, but don’t quite understand since it seems to ignore clear information provided by web hosts and common sense.  Mentioned in their comment was that they were simply removing files listed by their web host as being malicious:

The few files I found in the scan report took like 3-minutes to remove and had nothing to do with the domain.

Doing that isn’t enough, as among other things, those files had to get on the website somehow, so you need to try to figure out how that is happening. Not all that surprisingly the issue then kept occurring, but that didn’t cause them to consider changing course.

The more important issue with that though is that their web host would usually mention when listing the files they noticed are malicious, that removing them is not enough, here for example the boiler plate text someone else that contacted us recently received from the same company along with the list of impacted files:

Please Note: While the content listed was specifically reported, it may not be a complete list of all infected content on your website. It is very common for additional infected content to exist and not be captured in our report. For this reason, we highly recommend that you review all of your website content as well as your entire cPanel account to help prevent further security issues and malware reports. Not doing so could leave your website vulnerable to another infection.

So you have someone repeatedly ignoring the advice of their web host, which relates to something else the web host warned about:

For the safety of our servers and your website visitors, repeated reports of malicious content on your account within 60 days of this initial notice will lead to necessary further actions, which may include permanent suspension.

When we replied to this person to point out that you can’t just remove the files and that we haven’t had any of the issues they are complaining about when we have been hired to do a proper cleanup, the just steamrolled forward with their belief that their web host and SiteLock were up to shady behavior. So our time was just wasted there as they were no closer to getting things properly resolved. Instead they said their next move was to move to a new web host, which wouldn’t resolve the hack, just cause a new web host having to deal with having a hacked website on their systems.

We really can’t emphasize enough that if your web host is telling you your website is hacked, after confirming the claim is accurate, you or someone else needs to properly clean up the website, otherwise you are likely to have additional problems that could have been avoided.

Bluehost and SiteLock Still Trying To Profit Off of Phishing Emails Being Sent to Bluehost Customers

In August of 2017 we first interacted with someone that had gotten a phishing email made to look like it was from Bluehost, who then when they contacted the real Bluehost was attempted to be sold on a security service they didn’t need since there wasn’t any issue with their website. More than a year later Bluehost and their security partner SiteLock continue to do that. The latest incident is absurd on its own since they were trying to sell someone security services they largely couldn’t effectively use since there website is hosted with Squarespace, so much of the SiteLock service wouldn’t even work and others wouldn’t be relevant in that situation.

Below is the phishing email. Interestingly the domain used for the phishing is also a Bluehost customer (maybe that is from someone that fell for a previous phishing email).

Hello, [redacted]

We are contacting you today because we have disabled your outbound email services temporarily. The reason for this is because you’ve got a forum that spammers were subscribing to to get messages sent out. They used a spam trap email address that actually resulted in our mail server getting blacklisted.

We need you to add protection to it so it isn’t being exploited in the future. You will need to contact us and let us know this has been resolved for us to restore your email services.

For protection, we ask that you require an account to subscribe to topic notifications if you haven’t already. We also ask that you add protection to your sign-up page so that spammers cannot automate it. You can do this by using a captcha or something similar to that.

To activate your account, please visit our BlueHost account reactivation center. Use the link below:
http://my.bluehost.com.3483e5ec0489e5c394b028ec4e81f3e1.[redacted]/account/6626/reactivation.html

Thank you,
BlueHost.com Terms of Service Compliance
http://www.bluehost.com
For support go to http://helpdesk.bluehost.com/
Toll-Free: (888) 401-4678

Below is the email that was sent by SiteLock trying to sell this person on the unneeded services after they had tried to get in touch with Bluehost. Bluehost apparently directs people over to SiteLock before even doing basic checking to insure that there is actually situation that could use SiteLock’s input. The person that received this is not named Vish (or anything close to that) despite it being address to someone with that name.

You’ll notice they claim that the website has been infected, despite that not being the case or even what the phishing email claimed.

Hi Vish

Thanks for taking the time to speak with me today. Like I mentioned before your website has been infected and we need to clean it as soon as possible before its suspended by the host. The reason your website was fount with malware is that you currently have no security measures in place to stop malware from entering your site.

The simple solution to protect your website is adding a firewall as well as a smart scanner. The smart scanner removes malicious content from your source coding before it infects the website. Also a Firewall blocks any malicious traffic and hacking attempts from entering your website in the first place, its the single most important preventative measure you can have for your website. What I did was attach a couple of documents that fully go over the features of our upgraded scanner and firewall. You can also go to www.sitelock.com to get further details and services. If you have any questions or concerns my contact info is below.

So to break everything down price wise, it’s $30 dollars a month for our secure starter which includes a Professional firewall and Premium scanner. You will get a free cleaning for the website with this that will save you $300.

Best regards,

Secure Starter $30.00/Mo
Premium Scanner and Professional Firewall
– Automated Malware Removal Tool (removes basic infections that do not directly effect the code of your site)
– Daily Malware, Spam and Network scanning to alert you to security issues
– Daily Cross-Site Scripting and SQL injection vulnerability scanning
– File Change Monitoring
– Application and Advisory scanning to alert you to possible vulnerabilities or suspicious items
– Protection of the website at the domain level
– Basic DDos Protection
– Illegal Resource Access Prevention
– Site acceleration due to Content Delivery Network (CDN) and Minification
– Firewall works with the SSL on the site
– Blocks Bad Bots (Bad Traffic) at the domain level
– Daily Traffic Stats (Shows Bots vs Real Human Visitors)
– Block Specific Countries from viewing your site(if requested)

Secure Speed $50.00/Mo
Premium Scanner and Premium Firewall
– Automated Malware Removal Tool (removes basic infections that do not directly effect the code of your site)
– Daily Malware, Spam and Network scanning to alert you to security issues
– Daily Cross-Site Scripting and SQL injection vulnerability scanning
– File Change Monitoring
– Application and Advisory scanning to alert you to possible vulnerabilities or suspicious items
– Protection of the website at the domain level
– Basic DDos Protection
– Illegal Resource Access Prevention
– Site acceleration due to Content Delivery Network (CDN) and Minification
– Firewall works with the SSL on the site
– Blocks Bad Bots (Bad Traffic) at the domain level
– Daily Traffic Stats (Shows Bots vs Real Human Visitors)
– Block Specific Countries from viewing your site(if requested)
– Protects against OWASP Top 10 (Common type of hacks and targeted attacks)

Secure Site $70.00/Mo with unlimited free manual cleans and vulnerability patching
Infinity Scanner and Premium Firewall
-Automated Malware Removal Tool (continual & non-stop scanning removes basic infections that do not directly effect the code of your site)
– Daily Malware, Spam and Network scanning to alert you to security issues
– Daily Cross-Site Scripting and SQL injection vulnerability scanning
– File Change Monitoring
– Application and Advisory scanning to alert you to possible vulnerabilities or suspicious items
– Protects against OWASP Top 10 (Common type of hacks and targeted attacks)
– Protection of the website at the domain level
– Basic DDos Protection
– Illegal Resource Access Prevention
– Site acceleration due to Content Delivery Network (CDN) and Minification
– Firewall works with the SSL on the site
– Blocks Bad Bots (Bad Traffic) at the domain level
– Daily Traffic Stats (Shows Bots vs Real Human Visitors)
– Block Specific Countries from viewing your site(if requested)
– Unlimited access to our Cyber Engineers to manually adjust your website coding if malware removal tool does not clean the malware
– Multiple (19) Vulnerability Testing on the site

The Poor Quality of Web Security Products and Services Can Lead To a False Belief That Websites Have Been Hacked

We think a baseline requirement for using any web security product or service that claims to protect websites should be that there is evidence that the service is effective. That would preferably be evidence from independent testing. What we have found though is plenty of products and services not only don’t provide that, but their marketing materials actually indicate that the services fail to secure websites. For example, SiteLock’s idea of security seems to revolve around dealing with after effects of websites being hacked instead of stopping them from being hacked in the first place, which isn’t security.

Even with what SiteLock claims to do instead of securing the website, they don’t provide evidence they are effective at it. We have seen plenty of evidence to the contrary. The latest example is also a reminder of another issue we sometimes see with security products and services, they lead to people falsely believing that their website has been hacked, so instead of securing a website they lead to people to believe that the website insecure. That might be good for security companies since it can mean more businesses dealing from dealing phantom hacks and more fear leading to more purchases of services that don’t have to work, but it, like so much else from the security industry, is bad for everyone else.

The other day we were contacted by someone using SiteLock’s services, for a second opinion on a claim from them that a website was infected with malware. We were sent the following screenshot from SiteLock’s website:

While that does claim that the website contains malware, the signature listed, SiteLock-HTML-SEOSPAM-fkl, seems to actually indicate that there was spam content detected. From what we have seen SiteLock labels any indication that a website has been hacked as malware. We don’t know if they don’t what malware actually refers to or if this is done to make what they are detecting sound more concerning than it really is, but it is sometimes very misleading. In this case they also make this sound very concerning by claiming the severity is “Urgent”.

The sample provided for the supposed issue doesn’t appear to be related to malware or spam. Instead it is just shows a link to another page on the website and harmless HTML code generated by the WPBakery Page Builder plugin for WordPress. We also didn’t find any other indications of a spam hack on the website, so this “Urgent” situation seems to really be a false positive.

Considering that their service is supposed to provide “security” by detecting and removing malware, the poor quality of their scanner makes it unlikely that they could even accomplish effective detection, much less effectively remove what they find.

This was apparently the third time that SiteLock had claimed that there was malware on the website, based on the quality of the claim in this instance, it seems unlikely it was the only false positive.

You Also Shouldn’t Be Relying On SiteLock to Clean Up Hacked Websites

Part of what makes us have such disgust at so much of what goes on in the security industry is that we see the damage that so many of the people and companies in it cause, over and over. Just yesterday we were discussing the mess caused on one website by Sucuri’s poor attempts to secure and clean the website. That isn’t an isolated incident with them and it isn’t justified in anyway, instead that is the type of company that shouldn’t even be in business since they either are simply unable to do the work they claim to be able to do or intentionally don’t things right. That not only harms their own customer, but they make everyone less secure by spreading false information and doing things that make all website less secure (like not determining how websites are hacked, so that unfixed issues can be resolved). They are not alone in this.

Just a couple of days ago we got yet another example of that type of issue with a company named SiteLock, which also isn’t an isolated incident when it comes to this particular company. In this case they were hired to clean up a hacked website. After the clean up, there were errors and the owner of the website was unable to edit the website (possibly because of the web application firewall that was put in place on the website, which isn’t an isolated issue with WAFs). When SiteLock was contacted about those errors they said that there now was more malware on the website and an additional fee was going to be needed over the $500 just paid, to deal with that.

If you just cleaned a website and there is immediately malware on it again, that means you didn’t get things properly cleaned up the first time, so charging more money to deal with that seems highly inappropriate to us. It certainly isn’t something we would do.

An easy way to avoid ending up in situation like this is to avoid hiring SiteLock. We can’t emphasize enough how many problems we have seen caused by this company that we have dealt with over the years that should have never happened if they had an interest in doing things right.

The Truth Behind Conflicting SiteLock Reviews

Recently something we had written about the web security company SiteLock was linked to in thread that starts out with someone discussing the conflicting reviews of SiteLock:

Just had a word press site hacked. Out host suspended our site and recommended site lock to clean it up. I looked at online reviews of their service. There are reviews that say they’re good, and reviews that say they are a scam. They say that you pay to have your site cleaned and then monthly to protect it. There are numerous reviews saying that even with the monthly fees, their sites still got hacked, and they were charged hundreds of dollars to fix it again. If these reviews are true, I want a better solution. What would you do? Are the reviews true?

As we monitor the reviews of SiteLock to keep track of what they are up to since we are frequently contacted by people looking for help after being contacted by them or having hired them, we thought it would be worth touching on what explains those conflicting reviews.

Positive Reviews

The positive reviews of SiteLock mostly fall in to two categories. The vast majority of recent reviews are by people that are pushed by SiteLock to provide a review after any interaction with them. We really do mean any interaction. Here for example are two reviews shown on the review website consumeraffairs.com from the same day, giving SiteLock five stars for helping them to update credit card information:

I contacted SiteLock because I needed to update my credit card information. I was delighted by the speed and helpful service I received from the support team. I would highly recommend SiteLock for their valuable products and services, which are consistently stellar.

Tyrell was very helpful in walking me through updating my credit card billing information online. He was also very courteous and patient while he waited as I entered my information. It would be a pleasure to work with Tyrell again.

That doesn’t seem like something people would do on their own all that often. More importantly, that really doesn’t tell you anything about how good or bad the service is, just that this company is interested in making sure it keeps getting paid.

It isn’t even clear that the people leaving those reviews would be aware of that website as a company that pays consumeraffairs.com a monthly fee, as SiteLock does, is provided various methods to have reviews collected:

ConsumerAffairs also helps Accredited Members collect reviews through Facebook, email, feedback cards, targeted phone calls and through its website.

Well come back to what else that SiteLock’s paying that website provides them in a bit, but first there are second set of positive reviews. Those largely look to be made up of people who generally believe that SiteLock is providing a good service and have left a review on their own. Considering that even many people in the security industry don’t have a good understanding of security, it wouldn’t be surprising to hear that these positives reviews from the public are not necessarily providing a good picture of what SiteLock really provides. For example, one five star review of SiteLock we used as an example of that last year, actually indicated that SiteLock was leaving a website insecure. That isn’t surprising since as we mentioned more recently, SiteLock’s own marketing material indicates they think that security doesn’t involve keeping a website secure, but dealing with the after effects of leaving it vulnerable.

Negative Reviews

If you were to look at the most recent one star reviews of SiteLock on consumeraffairs.com what you would notice is that you have to go back months to see one where the one star rating is shown. The most recent ones either say “Insufficient response received” or “No response received”. The reason for that is that by SiteLock being a paying customer of consumeraffairs.com they can challenge reviews and they in fact have challenged every single recent negative review. The reason for that is that by doing they can get the low ratings excluded from the overall rating:

While ConsumerAffairs never changes star ratings at a company’s request, a consumer may choose to change a star rating after resolving a complaint. In addition, if a consumer does not respond to a request for more information, or the consumer’s complaint is resolved privately with the company, or the factual basis for a complaint is unresolved, the consumer’s star rating may not be displayed and will not be included in a company’s overall star rating.

The business model of that website and other review websites looks to be built on companies paying them to present a positive image of the company.

What seems to be a telling indication that negative reviews are the ones of value is that all the most helpful reviews are currently negative ones.

That doesn’t mean that those reviews are accurate either. Just as the natural positives reviews can be inaccurate due to a lack of understanding of security, plenty of the negative reviews we have seen are also inaccurate. For example, we have seen numerous negative reviews that claim that SiteLock hacked websites. We have also had people contacting us that claim the same thing. We have never seen any evidence to support that despite it being such a serious allegation and plenty of evidence to the contrary.

If you want to a summary of what SiteLock really offers, this review on consumeraffairs.com from May 23 does a great job of that:

It’s my opinion that SiteLock is exhibiting predatory sales tactics. In my case they sold me on the service to monitor and protect my website from malware for a subscription fee. They are aggressive. But the worst part is that malware infected my site again and I called SiteLock for help since I’m a paying customer. Even though they originally sold me on the effectiveness of their products they told me they were not going to be able to remove the new malware and it would cost $300 to remove it. They also were trying to sell me on more services. It’s just my opinion but then I believe they set up a system to catch people when they are most vulnerable then charge them a lot to get their website working again. The support people that I talked to are salespeople. Look elsewhere folks. Save yourself the wasted time, money and the headaches that come with choosing the wrong company to protect your website.

One thing that we would note about that is that we are not aware of any company that provides a service that will provide effective protection of a website. If you are looking for something like that we would recommend instead you do the things that are going to actually keep your website secure, but otherwise you would want to look for one that present evidence, preferably from independent testing, that shows that is effective (if someone finds a company that provides that we would love to hear about that).

If your website is already hacked, before focusing on the things that will protect it going forward, it should be properly cleaned, which involves three key components:

  • Cleaning up the hack.
  • Getting the website secured as possible (which which usually involves getting any software on the website up date).
  • Trying to determine how the website was hacked and fix that.

From what we have seen SiteLock usually doesn’t attempt to do the last two and doesn’t do all that good a job of the first. Unfortunately, based on our experience frequently being brought in to re-clean up hacked websites they are far from the only company that is not even attempting to properly clean up hacked websites.

That SiteLock doesn’t attempt to determine how websites were hacked explains in part why they are not good at protecting websites from being hacked either as they wouldn’t even know what to protect against.

Here Is How SiteLock Tries To Mislead People with Their Meaningless Attacks per Day Stat

We frequently have people contacting us looking for help after they have been contacted by the web security company SiteLock, through that we often hear bit and pieces of the misleading and outright false claims they frequently make. Recently we have been sent complete sets of communications between them and the people they were trying to take advantage of. There are a number of things we have noticed in those that seem worth touching on, but we will first start with something related to something we discussed in another blog post a month ago.

This comes from an email conversation with a SiteLock “website security consultant”, which is really just a commissioned sales person. You can probably guess from that how misleading the title is from what the person really does that what they are telling people also isn’t truthful.

Here is a claim that the sales person made:

You have been very blessed if you site has not been hacked for 6 months as a typical website faces 44 attacks a day. With out the proper security any and all of those attacks can effect your site.

When we discussed that stat last month we noted that what would relevant would be how many successful attacks there are, not how many attempts there were. As we also noted then, SiteLock’s president actually claimed they were able to determine what were successful attacks:

As our research shows, cybercriminals are now able to successfully breach a site with fewer, more targeted attacks.

If they truly know that (it seems like they probably didn’t, but were claiming otherwise to make a reduction in claimed average attacks sound scary) why wouldn’t they let people know how many successful attacks there are seeing as those are what what actually matter? An obvious answer would be that successful attacks are incredibly rare. It isn’t like the average website is being hacked once a year, much less multiple times a day as the sales person’s claim implies is possible.

In the rest of the email no evidence was provided that the $99 a month service they wanted this person to purchase would do anything to protect the website from being hacked and they even promoted that the service includes unlimited cleanups, which wouldn’t be needed if the service actually protected the website since it shouldn’t be needed to be repeatedly cleaned up if the services actually secured the website. Based on their marketing material it seems that SiteLock believes that a security service shouldn’t actually be able to secure website against being hacked, which in way makes sense since simply doing the basics is what will actually provide real security.

Just Because SiteLock Is Trying To Con You Doesn’t Mean Your Website Hasn’t Been Hacked

In interacting with people about hacked websites one of the things that comes up frequently is people conflating security companies trying to take advantage of them with a belief that their websites haven’t really been hacked. A lot of the blame for this resides with the security companies that are trying to take advantage of people (and look to be very successful at it) and others that help enable that, which includes their business partners and government entities that don’t take any action against them. But some of the blame has to be placed on customers of these services that seem to take a completely uncritical view of these services, as among other things, their funding of these companies allows the companies to expand and take advantage of more people.

As an example of that, we had someone contact us recently after they ran across a post we had written how the web host Bluehost was continuing to try to sell SiteLock services based on claims that were made in phishing emails meant to look like they came Bluehost support. The situation this person had was very different than that.

They had been contacted by a company informing them that their website was being used for phishing. Their web host, Bluehost, which is a SiteLock partner, had suspended their account for the same issue. They said they were “shocked” because they had SiteLock on the account and they thought that with that the website wouldn’t have been able to be hacked.

As company that deals in the field we obviously have a very different view of things, but it still is hard to understand a view like that when you consider that SiteLock and every other similar company we have run across don’t provide evidence that their services are effective at protecting websites. To us that seems like a baseline before purchasing any service like that, but clearly it isn’t.

The next part of the story is something that we have heard plenty of times before, but it still doesn’t make much sense to us. That being that they were then told they would need a higher level of SiteLock service to protect against the issue from happening again. To us that raises what seem to be some obvious questions, like why would SiteLock by their own admission be selling security services that don’t actually provide security. Another one would be why would at that point people still not expect some evidence to presented as to the effectiveness of the services considering SiteLock have just admitted that they are selling services that don’t actually work.

When we had responded explaining about that lack of evidence that SiteLock services are effective (along with plenty of evidence to the contrary that we have run across) and that SiteLock’s own marketing indicates that they are not even attempting to provide real security the response from the person was not concern with SiteLock’s practices, but that the whole situation seemed suspicious. We asked about the evidence presented that the website had been using for phishing, but the person seemed uninterested in actually checking over things. Based on past experience our guess is that the website was actually hacked in this case.

Dealing With a Possibly Hacked Website

While in this case we guess the website had actually been hacked, we have run into plenty of instances where SiteLock and their web hosting partners are falsely claiming that websites have been hacked. So what we recommend you do in that situation is get a second opinion on their claim. We are always happy to provide that for free and would hope that other reputable security companies (to the extent that there are any) would do the same.

If the website is hacked what you want done is to have it properly cleaned up, which involves cleaning up the hack, securing the website (which usually mainly involves getting the software up to date), and trying to determine how the website was hacked and fix that. If a service doesn’t do those things (as is true of SiteLock’s main services) then you stand a decent chance of having continuing issues. After things have been cleaned, instead of paying for a security service that won’t protect your website, you should make sure to do the basics to keep your website secure from most issues.