SiteLock’s Poor Cleanup Leads to Website Being Down Long After It Should Have Been Back Up

We continued to be troubled by companies and other entities that would get involved with the web security company SiteLock, as even a quick check would show how they are taking advantage of their customers. Unfortunately you have far too many web hosts and WordPress that continue to do that. Is the money SiteLock is providing them really worth the damage they are helping to cause?

We recently ran into yet another example of the mess they cause not just for those that unfortunately hire them, but for the public as they their action in this situation would lead to website remaining hacked (and leading to more of the negative impact the hack causes) after it should have been fixed.

We were recently contacted by someone that said that multiple websites in an account they had with the web host Bluehost had been shut down due to malware and they were looking for some sort of help.

It wasn’t clear what clear what kind of help they were looking for as the message just said “Help!” after mentioning that the websites had been taken down. That isn’t much to go on, so we first asked them what evidence Bluehost had presented that the websites were hacked, seeing as we have seen some rather bad false positives coming from Bluehost in particular, and in general from SiteLock partnered web hosts. That being said, these days the majority of websites we are contacted about in this type of situation are in fact hacked. Usually Bluehost and other web hosting brands of the Endurance International Group (EIG) (which is run by the majority owners of SiteLock) will provide a list of files that are impacted or some example files or URLs that have been impacted along with the email informing the customer that their account has been disabled. For someone that knows what they are doing, that evidence is usually enough to determine if the claim is legitimate or not.

The response we got didn’t answer our question. Instead the person that contacted us responded that they were having the websites transferred to another hosting provider because they felt like the deal between Bluehost and SiteLock was a scam. We then explained that if the websites were hacked that it would not be a good idea to do that, as it could make it harder to properly clean up the websites, since transferring the websites could cause both data on the files (most importantly the last modified date) and the logging for the website during the time of the hack to no longer be available. That information can sometimes be important to make sure all of the files have been cleaned and is very important to determine how the website was hacked and therefore what needs to be done to fix it and make sure it doesn’t happen again.

After notifying them of that as well as mentioning that assuming this was a scam was not a good idea, since the majority of time in this type of situation we have been seeing that they websites were hacked, they told us they thought the websites were hacked. So they were moving websites they thought were hacked to get around their web host having taken an action to protect the public (though also possibly to get people more likely to hire SiteLock as well).

What they also mentioned was that they had in fact tried to get the website cleaned before doing that. The problem is they hired SiteLock and not surprisingly based on everything we have seen over multiple years, the website wasn’t actually cleaned up properly. Instead of SiteLock working to get things properly resolved here after they failed the first, they wanted more money, $200 a month to manually clean out malware. The fact that SiteLock is offering a service that will continually remove malware, is on its own a good indication that they don’t properly clean up hacked websites, as when done properly the website shouldn’t need to be continually cleaned up.

After that we told them again that moving the websites was not a good idea and that it likely would take longer to get them backup by doing that, which they said was their main concern, than getting them properly cleaned up. At that point they said they would take their chances.

Taking their chances on that turned out to be a bad bet. We usually are able to clean up hacked websites in a few hours and while there is some variability in how long it then take Bluehost and EIG brands to then restore access, it would usually be done within 24 hours (and possible happen in much sooner than that). When went to take a look the next day to see what had happened so far, we found that the website was still being hosted by Bluehost and not accessible. Another day later we took another look and the result was the same.

Properly Handling Such a Situation

As if there was another reminder needed, this situation is good example of why everyone should avoid SiteLock. At best you might get lucky their poor cleanups don’t lead to your website being hacked again right away, but you are going to greatly overpay for what you are getting. On top of that SiteLock often tries to lock in to people in to unneeded ongoing services that people have variety of problems trying to cancel later on.

If you are contacted by a SiteLock partnered web host with a claim that your website is infected with malware or is otherwise hacked, we would recommend that first get a second opinion as to the whether the website is in fact hacked. For someone to be able to do that, you should first get any evidence that the web host and or SiteLock will provide, which usually is something that should have already been provided to you. We are always happy to provide that second opinion for free and we would hope that others would as well.

If the website is hacked then what we would recommend, if you can afford it, is to hire someone that properly cleans up hacked website to do that for you. A proper cleanup involves three basic components: removing anything added by the hacker, security the website (which usually mainly involves getting the software up date), and trying to determine how the website was hacked. In a lot of cases it actually costs less to hire us to properly clean up a website than it would to hire SiteLock for their improper hack cleanup.

We have repeatedly seen that people try to instead clean it up themselves and cause themselves more problems, as they often don’t even know how or what to clean up (we recently have had a lot of people contact who have incorrectly just deleted the example files their web host listed). That often leads to continue problems which are then exacerbated by them purchasing security products and services that claim they will protect websites from being hacked, but don’t live up to that (which isn’t surprising since we have yet to run across one that is promoted with evidence much less evidence from an independent testing, that it is effective). At that point they are bringing us in to clean things, which if they had just done that in the first placed would have lead to the issue being quickly resolved and them spending less money.


A Better Alternative to SiteLock For Cleaning Up a Hacked Website
If your web host is pushing you to hire SiteLock to clean up a hacked website, we provide a better alternative, where we actually properly clean up the website.

Leave a Reply

Your email address will not be published.