Wednesday, January 11, 2017

SiteLock TrueShield is Incapsula WAF

SiteLock recently pushed an article titled:


SiteLock TrueShield Updates here: https://blog.sitelock.com/2016/12/sitelock-trueshield-updates/

In it, they tell us to update our network to accomodate SiteLock's new ranges:

107.154.129.0/24
107.154.192.0/24
107.154.193.0/24
107.154.194.0/24
107.154.195.0/24
107.154.196.0/24
Decided to check the WHOIS of these ranges, look what we found:

 OrgName:        Incapsula Inc
OrgId:          INCAP-5
Address:        3400 Bridge Parkway, Suite 200
City:           Redwood Shores
StateProv:      CA
PostalCode:     94065
Country:        US
RegDate:        2010-09-14
Updated:        2016-03-15
Ref:            https://whois.arin.net/rest/org/INCAP-5


OrgNOCHandle: INCAP2-ARIN
OrgNOCName:   Incapsula Operations
OrgNOCPhone:  +1-866-250-7659
OrgNOCEmail:  ip@incapsula.com
OrgNOCRef:    https://whois.arin.net/rest/poc/INCAP2-ARIN

OrgTechHandle: BRONS9-ARIN
OrgTechName:   Bronstein, Tomer
OrgTechPhone:  +1-866-250-7659
OrgTechEmail:  tomer@incapsula.com
OrgTechRef:    https://whois.arin.net/rest/poc/BRONS9-ARIN

OrgTechHandle: INCAP2-ARIN
OrgTechName:   Incapsula Operations
OrgTechPhone:  +1-866-250-7659
OrgTechEmail:  ip@incapsula.com
OrgTechRef:    https://whois.arin.net/rest/poc/INCAP2-ARIN

OrgAbuseHandle: INCAP1-ARIN
OrgAbuseName:   Incapsula AbuseDesk
OrgAbusePhone:  +1-866-250-7659
OrgAbuseEmail:  abuse@incapsula.com
OrgAbuseRef:    https://whois.arin.net/rest/poc/INCAP1-ARIN
This reaffirms what I previously wrote about the GoDaddy partnership with Incapsula, I mean SiteLock.

To be sure, I checked their "complete" range as provided in their article:

199.83.128.0/21
198.143.32.0/19
149.126.72.0/21
103.28.248.0/22
45.64.64.0/22
185.11.124.0/22 
192.230.64.0/18
107.154.0.0/16
They are all Incapsula ranges.. :(... 

It seems that SiteLock doesn't do anything for themselves. They are an empty marketing and sales shell pushing technology that other firms have built. With that in mind, you're probably better off going to Incapsula directly. Might get better service. : / unless you like to be taken: https://sitelock.pissedconsumer.com/sitelock-uses-scare-tactics-to-sell-their-services-20170109988389.html

What a shame.

Friday, December 23, 2016

SiteLock Pricing - HostGator Asks for 80,000% Increase in Price with Security Partner

I have not had this website long, but recently I got this crazy story that I just have to share with everyone.

He put it in a comment, including his name, so I guess it's ok to share.. : /

Morpheus,

Thank you for sharing your story. I have just entered the begining of this craziness as well. I am getting scammed by EIG and UnitedWeb and it is time to unite and do something about this.

Here is some of my story.

I have been with hostgator for over 10 years. Never had a problem until about a month or two ago. I started getting dozens of emails from Sitelock as a new "partner" of hostgators, and then after 10 years I suddenly started having phishing content on a few of my websites.

I have an unlimited domain and subdomain account, with over 300 websites that I oversee. Instead of just taking down the website in question, they suspended all 300 of my websites, and made it extreamily difficult to get my sites back up even when all the phishing content was removed. But then just a few weeks later with no notification, they are telling me that my sites are permanently suspended until I get a 3rd party verification from sitelock, or "equevelent" which they say will cost me $5,000-$10,000 minimum. 

My contract with them is only for $144 per year, and they are forcing me into buying something that is 80,000% more expensive. THis is a total scam. 

I never had any problems with any of myebsites until I started getting all these emails from sitelock about website security, and then BAM! suddenly I have phishing content on my website that I didn't put there. Hostgator gave 3rd party access to my websites without my permission, and in my understanding the only people who should be able to have access to my servers are hostgator and myself. Yet somehow there are these new files. I only had one or two websites that had this new phishing content, but I change all the ftp passwords and other umbrella passwords, yet still they were able to come upload new files. Then hostgator says that it is my fault that they couldn't keep their server secure when they are the ones leting 3rd parties involved, and then their 3rd party "partners" are trying to charge me $10,000's for a product that is only worth about $100. This is CRAZY and it is a total scam!

We need to unite and set up a class action lawsuite or something. Also I don't know what to do. I can't get my websites back up and re-activated, and I don't know where else to go, but it looks like I won't be doing service with hostgator anymore unless the change their act VERY Quickly. 

Please contact me - Jay


Jay, sorry it has taken me a while to respond, but don't worry I'm sending you an email. Have you seen all the people on the pisseconsumer site here: https://sitelock.pissedconsumer.com/

I don't understand how they can continue to run. Makes me so mad to read these.

Do you have a story to share?

Wednesday, December 21, 2016

GoDaddy Partners with Incapsula through SiteLock

Came across an article titled:

GoDaddy Expands Security Product Lineup With SiteLock TrueShield & TrueSpeed


I was curious what this meant, so did some research... 

So this TrueShield feature seems to be a way to stop hacks via something known as a WAF. Which sounds interesting enough, don't know enough of how it works. Seems to be similar to what CloudFlare offers. The TrueSpeed feature seems to be a caching system, which would in turn speed your website up. Sounds interesting. 

What I found interesting was that it doesn't seem that SiteLock owns this technology. 

The team at WhiteFirDesign did some research too and found:
What they neglected to mention is that these services are not actually provided by SiteLock, but as we recently discovered, by another company, Incapsula. 
I was curious about Incapsula, so looked them up. They seem to offer a partnership program that could potentially offer a white label option, which is what SiteLock would need to pull this off. What's interesting is that they don't call out white label options on their page. They did introduce a partnership program in 2012 though.

Someone from their team also responded to a quora post in 2015:

We are looking for a simple white-label DDoS protection provider. does anyone know of one? with:


Hi,
I work for Imperva Incapsula, the market leader in Cloud DDoS Mitigation.
We have great partnerships with many vendors, Hosting Providers, MSSPs, VARs and other digital agencies. Feel free to contact us here:
This tells me that they are offering it, but not disclosing it. I find that odd..

Perhaps the most interesting bit came from another WhiteFir article where he compared the error pages and noticed that the only difference was the branding. But more damaging was that a number of their sites seemed to be running through Incapsula's network:

Doing a traceroute for www.sitelock.com showed their IP address to be 199.83.134.143, for the which the canonical name is 199.83.134.143.ip.incapdns.net. Incapdns.net as in Incapsula, which you wouldn’t expect since you expect that SiteLock would be using their own TrueSpeed content delivery network (CDN) to serve their website. Next up we did a traceroute on their WordPress focused sub-domain wpdistrict.sitelock.com, which showed a canonical name of iasx4.sitelockcdn.net and an IP address of 192.230.66.155, which in turn has a canonical name of 192.230.66.155.ip.incapdns.net. We then looked at several of their customers websites listed in case studies on wpdistrict.sitelock.com and found they were running through Incapsula as well.
This is all very weird to me.  Why would GoDaddy not mention that they really partnered with Incapsula?

The technology seems to interesting enough, but why partner with a middle man? Seems that partnering with a middle man would only complicate things. I think back to my time with HostGator, it was hard enough working with HostGator and SiteLock. Now, someone like me would have to work with GoDaddy, SiteLock and Incapsula?

Does that sound right?

Friday, October 7, 2016

SiteLock Independent Study is Rubbish!!

This is pretty great... SiteLock engaged a company to perform an independent test of their environment.

Press Release: http://www.prnewswire.com/news-releases/independent-testing-shows-sitelock-web-based-malware-protection-outperforms-traditional-endpoint-solutions-300339429.html

Sounds great!

WhiteFirDesign put out a post on the subject: http://www.whitefirdesign.com/blog/2016/10/05/would-you-be-surprised-to-hear-that-sitelocks-idea-of-independent-testing-doesnt-involve-actual-independence/

Here is a summary:


  • SiteLock paid Tolly to perform an "independent" analysis of their effectiveness
  • The Tolly report compared SiteLock to the McAfee Complete Endpoint Protection solution - McAfee Complete Endpoint Protection focuses on desktops / notebooks.....SiteLock focuses on websites
    • Shows why you have to invest in website security solutions, because your existing solution is no good
  • Tolly used 3,000 web-based malware samples
    • The samples were provided by SiteLock to Tolly
  • McAfee performed horribly - detecting only 6%, magically SiteLock detected 100% of the malware strains they provided to the reviewer
    • Can you imagine if they wouldn't have detected 100% of the samples they provided? That would have been bad.
Thinking McAfee got the short end of the stick on this test.. 

Monday, October 3, 2016

Bava Tuesday Shares Experience with Bluehost and SiteLock

Check out this article by Bava Tuesdays... http://bavatuesdays.com/sitelock-scam/comment-page-1/

They share their experience working with Bluehost and SiteLock...

It all started with this email from Bluehost, like so many of us:

In order to remove the restrictions we’ve placed, you must resolve the security issue and remove what malicious content was listed. If you do not believe you can do so on your own, you may use a reputable third-party security service, such as SiteLock, who can be reached directly at 877-563-2849. Please note that repeated reports of malicious content on your account within 60 days of an initial notice will lead to further action being taken, including permanent suspension after failing to professionally clean the account.
 And they really capture the post here... 
This is a really good example of the worst of these web hosting scams. Preying off customers who may not be able to understand it or do it themselves is an abuse of power, and the idea should be you turned to this web host to protect you from these things, not to hijack your online world. Quite frankly we see this type of predatory selling, I think Mike Caulfield called it “hate-selling,” and a lot of domain scammers do this, but it is even worse to have your own hosting company taking it hostage. This also speaks to the broader problem with only basic literacy around the managing of your online life.

Wednesday, August 24, 2016

Beware of Hostgator/Sitelock

Funny how many times this happens..

I moved all my sites from Godaddy to Hostgator.I bought a shared hosting and paid for 36 months.
Within 2 weeks I started getting sites hacked. Hostgator recommended that I contact Sitelock to protect my sites. The wanted 3X more than my hosting to protect all my sites 50+. I had EVERY one of my sites hacked in the past couple days.
Nothing on any of them but a black splash screen with a Wolf and Arabic Writing on it. I called Hostgator and asked if they had any solution to this that didn't include Sitelock. The didn't. I asked the tech if Sitelock and Hostgator were owned by the same company.
The answer was, "I think so".
I have cancelled my hosting with Hostgator and we will see if they really credit my card as they said they would.BEWARE OF HOSTGATOR AND SITELOCK.

Imaging paying 3x more than your hosting package... This poor chap needs to read my past post.  Amazing that no one else is talking about this.. damn shame.. more people just getting screwed over...

Wednesday, August 10, 2016

SiteLock Switch and Bait - Screwing Website Owners One Contract at a Time

Check out this poor blokes experience with our beloved Sitelock... they got switched and baited by the sales team.. "Oh.. oops, was supposed to be a 6 month contract, not a 12 month.." my bad... cute, very cute...

I got ripped off but revered charges.
They tried to pull a bait and switch by changing the agreed upon 6 month contract to 12 months. When I found out they pulled a fast one, I contacted them:
On Tue, Aug 2, 2016 at 12:04 PM, Tony wrote:
I thought this was supposed to be for 6 months?
------
From: Antoinette Cromartie [mailto:acromartie@sitelock.com]
Sent: Tuesday, August 2, 2016 3:06 PM
To: Tony
Subject: Re: Securing Your Site (HostGator/SiteLock)
I just checked the agreement.
My apologies,
I did send you the 12 month. I will send you the 6 month agreement now.
Antoinette
-----------------
On Tue, Aug 2, 2016 at 12:11 PM, Tony wrote:
Hi Antoinette,
I don’t want to sign up to both a 12 month contract and a 6 month contract.
Is the 12 month one canceled?
Thank you,
Tony S.
--------------------------------------------
Tony,
Once the 6 month agreement is signed it will void out the 12 month agreement.
For us both to have the 6 month agreement in our records, the new agreement does need to be signed.
Phone or email me directly.
Thank You
Antoinette
-------------------
Tony,
We can't manually cancel the agreement. It is only voided once the new one is signed.
Thank You
Antoinette
--------------
From: Tony
Sent: Tuesday, August 2, 2016 3:54 PM
To: 'Antoinette Cromartie'; 'HostGator'; 'support@sitelock.com'
Subject: RE:: Securing Your Site (HostGator/SiteLock)
Importance: High
Antoinette,
No. Cancel all the invalid 12 month contract(s) right now.
You intentionally baited and switched and sent me the wrong document and when I found out what you did, you admit in your email you sent the wrong document.
The 12 month contract is invalid. Are you operating in a phone boiler room?
Cancel the charges now or I will contact my CC company to reverse the charges and I will report you to Host Gator, the BBB and I will copy/paste these emails and leave bad reviews on you.
------------
Hello Tony.
I just tried to phone you.
Again, my apologies for the 12 month agreement. It was an honest mistake.
We can honor the 6 mth agreement, once it is signed. Once that is signed it will void out the 12 month agreement.
xxxxxxxxxxxx
This is a condensed version of the full email thread. It goes on and on. However, I'm not doing business with sitelock under any circumstance. They pulled a bait and switch, then refused to refund my money even though they sent me the wrong contract and admitted to it in writing.
I contacted my CC company and reversed the charges.
These guys are scammers. Dont do business with them.