{"id":3040,"date":"2016-11-08T10:00:35","date_gmt":"2016-11-08T17:00:35","guid":{"rendered":"http:\/\/www.whitefirdesign.com\/blog\/?p=3040"},"modified":"2016-11-08T10:00:35","modified_gmt":"2016-11-08T17:00:35","slug":"more-evidence-that-sitelocks-trueshield-web-application-firewall-is-really-incapsulas-waf","status":"publish","type":"post","link":"https:\/\/www.whitefirdesign.com\/blog\/2016\/11\/08\/more-evidence-that-sitelocks-trueshield-web-application-firewall-is-really-incapsulas-waf\/","title":{"rendered":"More Evidence That SiteLock’s TrueShield Web Application Firewall Is Really Incapsula’s WAF"},"content":{"rendered":"

Last week we looked at the evidence we had found that a couple of services that SiteLock was claiming to provide directly were actually provided by Incapsula<\/a>. That would be an issue both because you have a security company pretty blatantly lying, but also because websites using the services would have traffic is going through a company they are neither aware would have access to their traffic and or that they have a relationship with.<\/p>\n

For one of the services, Sitelock’s\u00a0TrueSpeed\u00a0CDN, the evidence was beyond a reasonable doubt to us that the service is really provided by Incapsula. For their\u00a0TrueShield Web Application Firewall (WAF) it seemed likely that was also the case, due in part that it would be easier to use Incapsula’s WAF when they already were using their CDN, but the evidence wasn’t as strong. We ran into another piece of evidence that makes it pretty conclusive that the service is also actually provided by Incapsula.<\/p>\n

While requesting a page be saved on archive.org, so that we could link to it if it got removed from the website it was on, this was saved instead:<\/p>\n

\"sitelock-trueshield-web-application-firewall-captcha-page\"<\/a><\/p>\n

That page claims that the website is “protected and accelerated by SiteLock” and that there is a ” SiteLock security network”:<\/p>\n

The web site you are visiting is protected and accelerated by <\/span>SiteLock<\/a>. Your computer might have been infected by some kind of malware and flagged by <\/span>SiteLock<\/a> security network. This page is presented by SiteLock to verify that a human is behind the traffic to this site and malicious software.<\/span><\/p><\/blockquote>\n

Here is one of a number a screenshots we found with of the exact same page when coming from Incapsula:<\/p>\n

\"incapsula-waf-captcha-page\"<\/a><\/p>\n

The only difference with it\u00a0is the branding. There really isn’t a way that could be coincidental.<\/p>\n

That doesn’t match with SiteLock’s description on the page\u00a0for the service though<\/a>. For example, they claim that SiteLock is analyzing the request, when in fact it is Incapsula:<\/p>\n

\"sitelock-trueshield-web-application-firewall-diagram\"<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Last week we looked at the evidence we had found that a couple of services that SiteLock was claiming to provide directly were actually provided by Incapsula. That would be an issue both because you have a security company pretty blatantly lying, but also because websites using the services would have traffic is going through … Continue reading “More Evidence That SiteLock’s TrueShield Web Application Firewall Is Really Incapsula’s WAF”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25],"tags":[39,99],"class_list":["post-3040","post","type-post","status-publish","format-standard","hentry","category-bad-security","tag-sitelock","tag-trueshield-web-application-firewall"],"_links":{"self":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/3040","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/comments?post=3040"}],"version-history":[{"count":5,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/3040\/revisions"}],"predecessor-version":[{"id":3049,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/3040\/revisions\/3049"}],"wp:attachment":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/media?parent=3040"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/categories?post=3040"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/tags?post=3040"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}