You Shouldn’t Hire Someone to Clean Up a Malware Infected Website Until They Have Confirmed There is an Issue

If you deal with malware infected websites on a regular basis, like we do, you know that with just about any issue that can occur with a website there will be someone who thinks it was caused by malware or some other hack, so what we always want to determine before taking on a cleanup of a website the owner thinks is infected, is if it is really infected. That isn’t the case with everybody, as this recent review of another company in the industry, Sucuri, which we noticed while looking at another review that a recent clients of ours (after having hired previous hire Sucuri) left about them on Trustpilot:

In December 2019, I received several urgent messages from my webhost, SiteGround, stating that Malware had been detected in 3 URLs on my website. Each alert urged me to use professional clean-up service by Sucuri and included a link to purchase Sucuri’s service. Panicked, I signed up for an annual service with Sucuri for $199.99 (the cheapest option) that included a 30-day trial period in which I could cancel. I immediately put in a ticket for Sucuri to address the urgent malware problem on my website that I’d been informed about by SiteGround. Sucuri was unable to find any evidence of malware. Meanwhile, SiteGround continued to send me malware notifications, and each time, Sucuri said there was no malware to be found. Realizing Sucuri couldn’t fix the issue and that I’d need to find another service, I immediately requested my service be cancelled as I was still well within the initial 30 day trial period. I was informed by Sucuri that they could not refund me anything because if a customer puts in even one ticket for malware removal–and EVEN IF SUCURI FAILS TO REMOVE IT–it voids the customer’s ability to cancel their service.

That Sucuri wasn’t finding something that existed, isn’t surprising considering our own experiences like what we mentioned in a previous blog post, a situation where we were brought in after they were claiming there was no issue, despite it being easy to find.

That all is out of line with how they market their service, as they make claims like this:

Our dedicated researchers monitor active malware campaigns. With a trained team of analysts, we aim to provide the best malware removal service around.

And this:

We use scripts and tools to quickly scan your website for malware. Our analysts check your site manually too. No hack is too complex for our incident response team.

Trustpilot

That review also highlights a problem when it comes to trying to find the right company to hire to do website malware removal, as that company, like others, is paying review sites, which allows them to hide negative reviews:

**I’d like to also point out that where Sucuri’s customer service team does appear to spend their time is flagging their negative reviews here on Trust Pilot. This is my 2nd time posting a review about Sucuri. Sucuri challenged my last review as not being valid, stating I wasn’t one of their customers. After I provided evidence of my customer status and my back-and-forth with Sucuri to Trust Pilot, my review was reinstated. However, Sucuri then claimed that my review violated Trust Pilot’s guidelines (for reasons that have not been disclosed to me) and they ultimately succeeded in getting my first review removed. If this is how Sucuri conducts themselves on Trust Pilot in order to get the numerous negative reviews about their services removed, then I think there’s likely little hope of their customer service and business model improving anytime soon.**

SiteGround

Also worth noting, is that like people we have dealt with after they had a bad experience with Sucuri, the web host SiteGround had promoted them. It would appear they continue to do that despite at least having some awareness of the problems with Sucuri:

After getting nowhere with Sucuri’s customer service, in February, I finally decided to address my terrible experience with Sucuri with SiteGround, my webhost, since SiteGround was the one who referred me to Sucuri–a fact that made me question whether or not I should continue using SiteGround as my webhost. SiteGround immediately contacted Sucuri on my behalf and got them to issue a refund in the full amount of $199.99. Prior to SiteGround’s involvement, I had been in contact with multiple customer service representatives at Sucuri and their only reply was basically, “Sorry you misunderstood the terms of our contract, but it is what it is and we can’t refund you.” I’m very relieved to see that at least SiteGround takes an interest in their customers and in doing the right thing in their business practice because my webdesigner recommends SiteGround to all her clients. As for Sucuri, my opinion of them remains unchanged. I have no interest in ever using their services again and I cannot in good faith recommend them to anyone.

What might explain why they continue to promote them is that they are getting paid to do that.

SiteLock Using Trustpilot to Try to Deceive Public as to How SiteLock’s Customers Really Feel About Them

We frequently deal with people that come to us looking for help after having an interaction with the web security company SiteLock or their web hosting partners. To be able to better understand what is going on with their sitaution, we occasionally check up on various websites where people leave reviews of SiteLock as that helps us to keep up with the various shady stuff that SiteLock is up to.

Earlier this year we noticed that there started to be a massive influx of positive of reviews for SiteLock on one of those website, Trustpilot. That seemed unnatural as we continued to hear from people that were describing situations that have lead to scams to be a commonly associated word with SiteLock at the same rate:

It also was out of line with the amount of and view being expressed in reviews we saw being left at other websites.

The other thing that stood out was that most of the reviews seemed to be people who were describing just interacting with SiteLock, which could have explained some of why they had positive comments about them as many of the problems are only realized later.

One of the recent reviews seems to explain at least some that, as the review starts:

I prefer to leave a review when I am ready but SiteLock insisted so here is my experience thus far.

The rest of the review is rather detailed, so that claim seems unlikely to be made up:

I became a customer after being hit by defacement hackers. They were able to get my site back up after a few hours. Their customer service is good in the sense that they walked me through their portal and call me to provide updates.

At present I feel like they are trying to get more money out of me after I have already paid quite a bit. They want me to pay an additional monthly fee per site to upgrade my firewall once I get a new SSL certificate due to Google’s new requirements.

As having compatible firewalls with Google’s SSL certificate is a requirement now, I feel it should be part of the basic package and I should NOT have to pay more to get a firewall that is compatible. If a firewall isn’t compatible and will shut my site down, what am I paying for? Why even bother selling something that doesn’t work? The basics should be enough to keep my site functional! I shouldn’t have to pay additional just to get a firewall that will keep my site functional.

The claim of insisting that people leave a review is out of line with what Trustpilot believes about SiteLock’s involvement with that website:

What we also recently noticed is that SiteLock is trying to get some of the negative reviews removed. For example, as of few days ago one of the reviews was hidden with a message that SiteLock had reported the review for “for breach of Trustpilot guidelines”:

That review is now visible with an indication that review relates to a verified order (it is the only review on the first page of results that has that designation), which according to Trustpilot indicates that the reviewer “has sent documentation to Trustpilot showing an experience with SiteLock”:

So what did SiteLock not want people to see? Well this:

This service is totally a waste of time …

This service is totally a waste of time and money. Once they have you locked in to their contact that’s the last you will ever hear from them. Do yourself a favor and hang up when they call. Not much more than a scam business in my opinion!

Some of the other recent reviews that SiteLock doesn’t appeared to have tried to take down seem equally bad to us, but maybe the accurate reference to them scamming people is what made the difference here.

SiteLock Claims Are Not Always False

While SiteLock has well earned poor reputation that doesn’t mean that if they or one their partnered web host with a claim that your website is infected with malware or is otherwise hacked that isn’t true, as we have seen many people incorrectly assume. What we would recommend you do in that situation is to get a second opinion as to the whether the website is in fact hacked. For someone to be able to do that, you should first get any evidence that the web host and or SiteLock will provide, which usually is something that should have already been provided to you. We are always happy to provide that second opinion for free and we would hope that others would as well.