{"id":3727,"date":"2017-08-18T09:22:12","date_gmt":"2017-08-18T15:22:12","guid":{"rendered":"https:\/\/www.whitefirdesign.com\/blog\/?p=3727"},"modified":"2017-08-18T09:22:12","modified_gmt":"2017-08-18T15:22:12","slug":"is-sitelock-not-even-saying-what-website-they-are-claiming-is-vulnerable","status":"publish","type":"post","link":"https:\/\/www.whitefirdesign.com\/blog\/2017\/08\/18\/is-sitelock-not-even-saying-what-website-they-are-claiming-is-vulnerable\/","title":{"rendered":"Is SiteLock Not Even Saying What Website They Are Claiming is Vulnerable?"},"content":{"rendered":"<p>A few days ago we discussed a Forbes article about a report from the web security company SiteLock that claims be a score of how likely a website is to be compromised that seems to be based on nothing, as despite claiming a website had a &#8220;Medium&#8221; likelihood of compromised <a href=\"https:\/\/www.whitefirdesign.com\/blog\/2017\/08\/15\/sitelock-likelihood-of-compromise-reports-look-like-another-sitelock-scam\/\">SiteLock couldn&#8217;t point to any way that the website would be compromised other than ones that are not considered in their score<\/a>. In that post we noted that previously we have had people come to us after SiteLock had contacted and claimed that there was vulnerability on their website, but wouldn&#8217;t give them any details of it. It looks like they can provide even less information, as the following portion of an email sent to someone that was formerly a customer of one of their web hosting partners shows:<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"550\">\n<p lang=\"en\" dir=\"ltr\">This amuses me as the only hosting I&#39;ve had with <a href=\"https:\/\/twitter.com\/bluehost\">@bluehost<\/a> was cancelled months ago. Hey <a href=\"https:\/\/twitter.com\/SiteLock\">@SiteLock<\/a>, GO AWAY KTHNXBAI! <a href=\"https:\/\/t.co\/oBcC0Ji3Rs\">pic.twitter.com\/oBcC0Ji3Rs<\/a><\/p>\n<p>&mdash; Indie (@IndieAtWork) <a href=\"https:\/\/twitter.com\/IndieAtWork\/status\/898228159396560896\">August 17, 2017<\/a><\/p><\/blockquote>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>It is baffling that telling the owner of a website which one of their websites is claimed to have a vulnerability, without providing any details whatsoever of the vulnerability, is going to somehow expose the vulnerability.<\/p>\n<p>What is a bit odd about this message is that Bluehost&#8217;s name is incorrectly capitalized as &#8220;BlueHost&#8221; with the &#8220;h&#8221; capitalized when it shouldn&#8217;t. It seems like you should get your partners name right, especially when that partner is ultimately <a href=\"https:\/\/www.whitefirdesign.com\/blog\/2016\/09\/08\/one-of-sitelocks-owners-is-also-the-ceo-of-many-of-the-companys-web-hosting-partners\/\">run by SiteLock&#8217;s owners<\/a>. Without seeing the rest of the email we can&#8217;t see if there is any indication that this actually another phishing email being sent to Bluehost customers, like <a href=\"https:\/\/www.whitefirdesign.com\/blog\/2017\/08\/09\/false-claim-from-bluehost-phishing-email-leads-to-bluehost-trying-to-sell-unneeded-sitelock-service\/\">the one we that came up last week when Bluehost was pushing someone to hire SiteLock to deal with a non-existent malware issue<\/a>. Though that phishing email actually mentioned a specific website.<\/p>\n<p>One alternate explanation that isn&#8217;t too far out there considering SiteLock&#8217;s track record and the fact this person isn&#8217;t even with the web host anymore is that there is no basis for the claim. By not mentioning a website they might hope to get more interest from webmasters than if they mentioned one and it wasn&#8217;t important.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A few days ago we discussed a Forbes article about a report from the web security company SiteLock that claims be a score of how likely a website is to be compromised that seems to be based on nothing, as despite claiming a website had a &#8220;Medium&#8221; likelihood of compromised SiteLock couldn&#8217;t point to any &hellip; <a href=\"https:\/\/www.whitefirdesign.com\/blog\/2017\/08\/18\/is-sitelock-not-even-saying-what-website-they-are-claiming-is-vulnerable\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Is SiteLock Not Even Saying What Website They Are Claiming is Vulnerable?&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25],"tags":[77,39],"class_list":["post-3727","post","type-post","status-publish","format-standard","hentry","category-bad-security","tag-bluehost","tag-sitelock"],"_links":{"self":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/3727","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/comments?post=3727"}],"version-history":[{"count":2,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/3727\/revisions"}],"predecessor-version":[{"id":3729,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/3727\/revisions\/3729"}],"wp:attachment":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/media?parent=3727"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/categories?post=3727"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/tags?post=3727"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}