One of the problems we have seen with the web security company SiteLock is that they label all sorts of things as being malware, making it hard for anyone else to determine what they might be referring to and therefore if the claim is valid. Sometimes their claims seem absurd, like the time they claimed a link to a non-existent domain name in a comment on a blog post was “critical” severity malware.
That type of issue could be an indication that their tools are overly sensitive or that they produce poor results. Something we just helped someone deal with reiterates what we have seen in the past,which is that it looks like the issue is the later.
We were contacted by someone for whom their website was being reported by the Chrome web browser as being dangerous and SiteLock’s SMART (Secure Malware Automatic Removal Tool) Scan had been unable to fix the issue for them. They were looking for quote from us to clean up the website.
When visiting the website in the Chrome web browser the following warning was being shown:
We have blacked out the domain listed, but the domain was the most important thing in the message because it wasn’t the domain of the website we were contacted about. Instead Google was warning about content from another website that was being served on this website, which is referred to as a cross-site warning.
In looking at the homepage’s content we found that the only content being loaded from that domain name was an image. When that image was removed the warning also went away.
That was easy for us to spot, but it was something that SiteLock’s tool wasn’t able to detect, while at the same time the tool flagged other things it seems like it shouldn’t.
This situation also shows why it is a good idea to come to us if you think you have a hacked website, because the first thing we do is to make sure the website is actually hacked and then we provide a free consultation on how best to deal with the issue. In this case that meant it didn’t cost this person anything more than whatever they had already paid SiteLock, to get this resolved. As once we saw what the issue was, we could tell them they simply needed to remove the image being loaded from that other website to resolve this.