{"id":3016,"date":"2016-11-07T14:12:40","date_gmt":"2016-11-07T21:12:40","guid":{"rendered":"http:\/\/www.whitefirdesign.com\/blog\/?p=3016"},"modified":"2016-11-07T14:12:40","modified_gmt":"2016-11-07T21:12:40","slug":"looking-at-how-sitelock-sells-their-services-versus-the-reality-behind-them","status":"publish","type":"post","link":"https:\/\/www.whitefirdesign.com\/blog\/2016\/11\/07\/looking-at-how-sitelock-sells-their-services-versus-the-reality-behind-them\/","title":{"rendered":"Looking At How SiteLock Sells Their Services Versus the Reality Behind Them"},"content":{"rendered":"

We recently have been taking a close look at the\u00a0practices of the web security SiteLock after finding that not only were they providing poor quality services (as is par for the course for web security companies), but a lot of what they look to be doing falls more closely to outright scamming<\/a>. We thought it would be useful to show how some of what we have found comes in to play to their interactions with a customer. To do that lets look at a recent complaint from one of SiteLock’s customers<\/a> that hits on a number of issues with what SiteLock is doing.<\/p>\n

After their website had been hacked in February of last year SiteLock sold them on one of their services:<\/p>\n

[L]ast February we purchased \u201cSiteLock Premium\u201d for $500\/year. I was told this was the best security product available. With it, I would have a firewall that would prevent any further attacks.\u00a0 And since it runs \u201cin the cloud\u201d it would actually make our site faster. We were assured that SiteLock has never been hacked and even if we are hacked, our site would be cleaned.<\/p><\/blockquote>\n

There are a number of issues we see with that.<\/p>\n

We are not sure how SiteLock’s website never being hacked (if that were even true) would mean that their customer’s website wouldn’t be hacked, but that would seem to require the same practices being done on both, but that isn’t the case as we will get to in a later in the post.<\/p>\n

Then there is the issue that as best we can tell SiteLock’s web application firewall (WAF) isn’t actually their own, instead there are reselling\u00a0Incapsula’s WAF service<\/a>. That raises several issues. One is that SiteLock promotes the service as if they are providing it, if they would lie about that, you can reasonably wonder what else they are not being honest about. Since the service involves sending the website’s traffic through the CDN, that means all the traffic is flowing through a company the SiteLock’s customers are not even aware of, much less have a relationship with. Finally you have to wonder if SiteLock is even aware of how good or bad the WAF is at protecting against attacks, since it isn’t actually something they run.<\/p>\n

Another serious issue is that SiteLock failed to do a basic part of a proper hack cleanup, making sure that they software is brought up to date. In this case the website is still using Joomla 2.5:<\/p>\n

\"A<\/p>\n

That version of Joomla reached end of life on December 31, 2014<\/a>\u00a0and therefore was not receiving further security updates. So any cleanup in 2015 should have included upgrading to a supported version of Joomla. (It is important to note that SiteLock is certainly not alone in doing this important part of hack cleanup, many providers cut corners like this.)<\/p>\n

By comparison SiteLock does keep their website up to date. Both their blog and their WordPress focused sub-domain, wpdistrict.sitelock.com, are using the latest version of WordPress:<\/p>\n

\"The<\/p>\n

\"SiteLock's<\/p>\n

Keeping the software running your website up to date is going to provide real protection, whereas other security services may not (we haven’t seen SiteLock present any evidence that their services provide better protection then doing the security basics<\/a>). Its telling that SiteLock does that for their own website, but doesn’t for\u00a0their customers.<\/p>\n

More Money<\/h2>\n

One of the things we frequently see brought up with SiteLock is after purchasing one security services that was supposed to protect the website and then doesn’t, they want to sell your more expensive services (that was even mentioned by someone who praising their service<\/a>\u00a0(and then deleted their post for some reason)). Remember that this person was sold a $500 a year plan that they say SiteLock claimed was the “best security product available”, then the website got hacked again and they are pushing a $720 a year plan:<\/p>\n

We were recently informed by SiteLock that our site had sustained a Pharma attack that had inserted links directly into our code. This attack could not be automatically cleaned their software could not remove the malware systematically without risking bringing down our site. The SiteLock technician suggested that we purchase their \u201cInfinity Scan\u201d product for $60 \/month.\u00a0 That product includes manual cleaning of our site.<\/p><\/blockquote>\n

Again there are multiple issues raised here.<\/p>\n

You can start with the fact that SiteLock makes a big deal about their automated malware removal in their marketing material, but\u00a0never mention that it can have the serious problem of taking down a website. It also seems to us that in an instance where it isn’t up to task they shouldn’t be charging extra to deal with the situation,\u00a0as it is unable to do what it is promoted to do (and considering their track record you would also have to wonder if they sometimes claim it couldn’t to get more money from people).<\/p>\n

The other troubling aspect of this is that they have a service that provides manual hack cleaning\u00a0on a repeated basis. If a website is properly cleaned then it shouldn’t get re-hacked, so unless you are not taking basic security measures or get unlucky and have get hacked thorough multiple zero-day vulnerabilities in a year you shouldn’t need multiple cleanups in one year. The fact that they provide this would be a red-flag on it own that they don’t do proper hack cleanups, but we already knew that SiteLock doesn’t proper clean up hacked websites<\/a>, so you don’t have to wonder about that.<\/p>\n

What would seems to have happened here seems to be another example of that. So how did SiteLock explain how the\u00a0website was hacked again after they were brought in:<\/p>\n

Now, after we\u2019ve been hacked yet again, I find out that is not true. SiteLock assures me that everything is set up correctly, and that the hacker must have a back door access point.\u00a0 They don\u2019t cover that. Bluehost doesn\u2019t cover that. I\u2019m screwed.<\/p><\/blockquote>\n

The backdoor access must have either existed when SiteLock was first brought in to deal with the website and should have been handle during the cleanup or was\u00a0gained after the were supposed to protecting the website. In either case we don’t understand how that wouldn’t be on them. The explanation seems to be that since things were set up correctly it couldn’t be their fault, which doesn’t make any sense to us.<\/p>\n

Also worth noting here is that their web host, Bluehost, who\u00a0pushes\u00a0SiteLock services as one of their “partners”, is ultimately run by the owners of SiteLock<\/a>\u00a0and looks to be getting a majority of the money from services sold through their partnership<\/a> (which explains the high price of SiteLock’s services and the low quality for the amount paid). That isn’t something they publicly disclose and something that one of the other web hosting owned by the same company, Hostgator, wouldn’t even acknowledge<\/a> is after it was pointed out those facts were coming from their parent company.<\/p>\n","protected":false},"excerpt":{"rendered":"

We recently have been taking a close look at the\u00a0practices of the web security SiteLock after finding that not only were they providing poor quality services (as is par for the course for web security companies), but a lot of what they look to be doing falls more closely to outright scamming. We thought it … Continue reading “Looking At How SiteLock Sells Their Services Versus the Reality Behind Them”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25],"tags":[77,39],"class_list":["post-3016","post","type-post","status-publish","format-standard","hentry","category-bad-security","tag-bluehost","tag-sitelock"],"_links":{"self":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/3016","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/comments?post=3016"}],"version-history":[{"count":6,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/3016\/revisions"}],"predecessor-version":[{"id":3030,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/3016\/revisions\/3030"}],"wp:attachment":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/media?parent=3016"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/categories?post=3016"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/tags?post=3016"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}