More Evidence That SiteLock’s TrueShield Web Application Firewall Is Really Incapsula’s WAF

Last week we looked at the evidence we had found that a couple of services that SiteLock was claiming to provide directly were actually provided by Incapsula. That would be an issue both because you have a security company pretty blatantly lying, but also because websites using the services would have traffic is going through a company they are neither aware would have access to their traffic and or that they have a relationship with.

For one of the services, Sitelock’s TrueSpeed CDN, the evidence was beyond a reasonable doubt to us that the service is really provided by Incapsula. For their TrueShield Web Application Firewall (WAF) it seemed likely that was also the case, due in part that it would be easier to use Incapsula’s WAF when they already were using their CDN, but the evidence wasn’t as strong. We ran into another piece of evidence that makes it pretty conclusive that the service is also actually provided by Incapsula.

While requesting a page be saved on archive.org, so that we could link to it if it got removed from the website it was on, this was saved instead:

sitelock-trueshield-web-application-firewall-captcha-page

That page claims that the website is “protected and accelerated by SiteLock” and that there is a ” SiteLock security network”:

The web site you are visiting is protected and accelerated by SiteLock. Your computer might have been infected by some kind of malware and flagged by SiteLock security network. This page is presented by SiteLock to verify that a human is behind the traffic to this site and malicious software.

Here is one of a number a screenshots we found with of the exact same page when coming from Incapsula:

incapsula-waf-captcha-page

The only difference with it is the branding. There really isn’t a way that could be coincidental.

That doesn’t match with SiteLock’s description on the page for the service though. For example, they claim that SiteLock is analyzing the request, when in fact it is Incapsula:

sitelock-trueshield-web-application-firewall-diagram


A Better Alternative to SiteLock For Cleaning Up a Hacked Website
If your web host is pushing you to hire SiteLock to clean up a hacked website, we provide a better alternative, where we actually properly clean up the website.

Leave a Reply

Your email address will not be published.