Tag: 123 Reg

Earlier this week we noted that GoDaddy’s idea of security involved leaving websites insecure and dealing with the after effects of that. They are not alone, as here is how another web host, 123 Reg, promotes a security service provided by their security partner SiteLock:

Malware is malicious code that can attack your website and cause security or performance issues.

Google has discovered that approximately 30,000 sites are affected by this malicious code every day and just 14% are protected, leaving 86% of websites vulnerable to attack. It sounds scary, but there is a way to protect your website.

SiteLock® from 123 Reg provides your website with a credible, state-of-the-art diagnostic system that scans for threats and identifies known malicious code, removing it from your website automatically. Giving you peace of mind in knowing that your site is malware free.

There are 110 million variants of malware in existence today. You can’t check your website every day in case you’ve been attacked. Let us do it for you.

Of course if SiteLock is detecting malicious code on your website then it has been affected by malicious code. Real protection would stop the malicious code from getting there in the first place.

What seems like it should also raise questions there is if the really were “110 million variants of malware in existence today”, what are the chances that SiteLock might miss some. The answer from an earlier post of ours is that in reality SiteLock misses malicious code that 123 Reg is able to spot themselves.

Even if they were good at spotting malware, if code is able to get on the website then its malicious impact could already have happened by the time it gets removed. For example if the malicious code copies all of an online store’s customer details, removing the malicious code isn’t going to undo it.

If you are looking to protect your website we recommend doing the security basics since those will actually stop the possibility of many attacks, while services that claim to protect websites present no evidence they are effective at all and we frequently had people coming to us looking for one of those that works after having used a service that didn’t prevent their website from being hacked. If your website has already been hacked, then the solution is to have it properly cleaned instead of security service.

Over two years ago we noted the that then recently started partnership between the web host 123 Reg and the security company SiteLock was already producing the bad results expected that should have been expected based on SiteLock’s well earned reputation as being scammers. If the website we were contacted about earlier this week is any indication, things haven’t changed.

One of the more annoying aspects of the scam that is so much of the security industry is that after people get scammed by security companies like SiteLock that don’t even attempt to properly do the work they are being hired to do, people come to us wanting us to help them out for free since they already paid the scamming company (which we are not in the business of doing for what should be obvious reasons). That was the case with someone that contacted us after being told by 123 Reg that their website was hacked, hiring their partner SiteLock to clean it, and having SiteLock claim to have cleaned it up. While SiteLock claimed the website was the malware free, 123 Reg wouldn’t unsuspend the website to due them claiming their still was malicious code on it.

When we were contacted about the website it was suspended, so we couldn’t see what was going on with it, but when we went to check on the website a couple of days after we were initially contacted, we found that the website was no longer suspended and that clearly it still had malicious code on it since when trying to access the homepage we were redirected to a malicious website.

What this situation shows is that 123 Reg should certainly be aware that the security company they have partnered with isn’t getting things done. That they continue the partnership is a good indication that the partnership is based not on helping their customers get connected with a reputable security company, but instead is based on them getting paid to push their customers to hire SiteLock.

What is the most unfortunate element is that there really isn’t a solution apparent here. If people hired reputable companies like ours they could avoid this type of situation, but what we have found is that most people will ignore warnings about companies like SiteLock until after they have been scammed and then in situation like this they want someone else to help them for free.

As we have continued to dig deeper in to how the web security company SiteLock takes advantage of people, one central element of it is their partnerships with web hosting companies. From their main website you can’t even sign up for their services, only request a quote, and if people were to be looking around for a security provider they would likely come across many horror stories involving them when doing. Instead it looks like the services gets sold on the trust in them implied by their web hosting partnerships marketing them and due to the fact that to varying degrees the web hosts push people to use them if their website is hacked (or in some cases when SiteLock or the web host is falsely claiming it is hacked). The reality of the partnerships is that they are not based on the web hosts believing SiteLock, instead it is based on them getting paid a significant amount of money (one major web hosting company disclosed they get 55% percent of the revenue from SiteLock services sold through the partnership with SiteLock).

Neither SiteLock or the web hosts are upfront about the real reason for their partnerships. Take for example how 123 Reg announced their partnership with SiteLock last month, there is no mention of that financial arrangement. Instead they make a number of claims that don’t match what we have seen of SiteLock’s services in the real world, including:

By partnering with SiteLock, small business customers now have access to best-of-breed security solutions that deliver proactive and reliable protection from internet threats and vulnerabilities.

And:

Our partnership will ensure that websites run safely and smoothly, and will further secure the infrastructure in the UK. Through our combined efforts and commitment, we can make it easy for customers to seamlessly integrate security into their sites and prevent future attacks.

That things are not as they are claiming is hinted at by the paragraph that follows that though:

SiteLock can detect known malware the minute it hits. After identifying malicious content, it automatically neutralizes and removes the threats. SiteLock then provides businesses with complete reports on scans, threats detected and items removed.

On the one hand 123 Reg is claiming that they “can make it easy for customers to ” “prevent future attacks”, but then they are claiming that SiteLock is going detect malware the minute it hits, which indicates they can’t prevent future attacks (otherwise there wouldn’t be malware to detect). No evidence is provided that SiteLock can actually detect malware the minute it is hits and we have seen rather bad results in their attempts to detect malicious code, in one situation we found SiteLock claiming a website was secure while it contained malicious JavaScript code that compromised credit card details entered on the website.

Our experience is that SiteLock does a quite poor job of cleaning up hacked websites. For example, everything we have seen indicates that they fail to do two of three basics steps for cleaning up a hacked website, 1) making sure the website has been secured (which usually means getting the software up to date) and 2) determining, to the extent possible, how the website was hacked. In one recent instance their failure to do those not only left hackers with two forms of access to the website, but also meant that a security problem at one of their partner web hosts remained unfixed, which would allow even more website to be hacked (that vulnerability remaining unfixed would provide them more people to to have the potential to take advantage of as well).

Not to surprisingly then we have already run into an example of the partnership with 123 Reg producing the bad results you would then expect:

It’s not been awful, but it’s been repetitive. A few links stuck in the index page as far as I can see. They’ve tried to put in malware which Sitelock has found and got rid of. But they’re still getting in. We’ve changed passwords, sitelock has changed dns settings (after this I don’t understand much), any coding on the site is from the lastest version of xara web designer and xara say they’re safe. 123reg (who sold me Sitelock) said they can’t keep everything out, which beggars the question – what’s the point? PC that the site was uploaded from is free from viruses and malware. Hosting service are saying it shouldn’t happen again but are advising me to move anyway (!).

If SiteLock was doing things properly they would have done the work to determine how the website was getting hacked and fixed that, but since their idea of protection is to detect a website is hacked instead of actually protecting it, that doesn’t happen, leading to situation like what is described there.

If your web host is a partner with SiteLock your best move is probably to move to another web host since through that partnership they are showing that they don’t really care for their customers. If you are at the point where you are being contacted by your web host or SiteLock about your website being infected with malware or otherwise hacked we recommend you read one of our previous posts that takes you through some of the  important information to understand about the situation before you make any decisions on dealing with it.