We often have people coming to us looking for advice after an interaction with the web security company SiteLock. That frequently involves claims by SiteLock that a website contains malware. Not only is the claim not always true, but in some instances the files they have labeled as being malicious don’t really make sense as being malicious (compressed database backups for example). Back in February we ran across what looks to be part of the explanation for this, SiteLock’s malware scanner labels evidence of non-malware based hacks as malware.
In that instance it involved SiteLock’s detection of a website defacement (they were identifying the wrong website as being defaced though), which they were labeling as malware. Back in May we ran across a tweet from SiteLock that seemed to be saying that they would also label spam comments in a database as malware. It turns out that when it comes to spammy content this also applies to spammy links.
Here is screenshot we were forwarded while providing a consultation recently, showing a spam link being identified as malware and being labeled “SiteLock-HTML-SEOSPAM-iar”:
Seeing as website malware refers to either malicious code being served to visitors of a website or malicious code that is in the underlying files or database that that generate a website, labeling spammy links as malware isn’t accurate.
Why SiteLock is doing this isn’t clear. It could be as simple as lack of understanding of what they are doing. While they promote themselves as the “global leader in website security”, there is plenty of evidence out there that really don’t know much on the subject. It also could be intentional. Someone would probably be more likely to order a $100 a month protection plan (which their commissioned sales people are often trying to sell people on) if you told them they had malware on their website instead of a spam link. This also makes it harder for another security company to figure out what is going on, because if they look for malware on the website and don’t find anything they might reasonable assume they missed something that SiteLock had found.
This all is good reminder for anyone dealing with a claim from SiteLock that a website contains malware, to get evidence from them as to what they are claiming is the malware as that should go a long way to clearing up if it is fact malware, some other type of hack, or a false positive. If you have gotten that information from them about a claimed malware issue with your website and are still not sure what is going on, we are always happy to provide a second opinion on the issue.