Sitelock Malware
Auto Removal
SiteLock™
Cloud-Based Comprehensive Website Security Solutions
SiteLock is recognised as the global leader in website security. It uses proprietary technology to detect and remove malware that is found on websites. SiteLock offers channel clients industry-leading cloud-based security solutions that can be quickly integrated into any existing products portfolio.
It is designed to deliver affordable and immediately deployable website protection solutions for organisations of all sizes and complexity. SiteLock solutions deliver an instant recurring revenue stream.
Beneficiaries
Personal Website Owners
SMB’s
Web Development Agencies
eCommerce
Non-Profit Organisations
Enterprise
Government
Features
Prevent Blacklisting and Business Failure
SiteLock protects businesses from blacklisting by blocking malicious access and monitoring sites for security flaws. This ensures business websites are always online and the business can continue to operate.
Enhance Website Performance
The speed performance of a website plays a huge role in creating a positive customer experience — which will ultimately lead to higher revenue and increased customer loyalty. SiteLock advanced Content Delivery Network (CDN) greatly increases your website speed, while also using significantly less bandwidth.
Protect Brand Reputation
SiteLock provides a complimentary Trust Seal to all websites utilizing SiteLock's web security products. This badge instantly informs prospective clients that the site is safe, thus increasing trust and boosting conversions.
Scanning & Removal of Malware
SiteLock® SMART™ (Secure Malware Alert and Removal Tool) is a technologically advanced product with an acute ability to find and automatically remove malware found on website.
Mitigate DDoS Attacks
DDoS attacks are becoming the weapon of choice for hackers today. SiteLock provides comprehensive DDoS protection, including the most sophisticated forms of DDoS attacks.
Application Scanning
SiteLock performs web applications scanning to find outdated or vulnerable applications that hackers can utilise to gain access to your website and data.
| Features | FIND | FIX | PREVENT | 911 |
| Malware Scanning | 25 Pages | 500 Pages | 500 Pages | Unlimited |
| Vulnerability Scanning (XSS, SQLi, & Application) | One-time | Daily | Daily | N/A |
| File Change Monitoring | • | • | N/A | |
| Automatic Malware Removal | • | • | One-time | |
| Content Delivery Network (CDN) | • | N/A | ||
| TrustShieldTM Web Application Firewall | • | N/A |
| Features | FIND | FIX | PREVENT | 911 |
| Comprehensive Malware Scanning | ||||
| Daily Malware Scan | • | • | • | N/A |
| Automatic Malware Removal (SMART)
(?) Secure Malware Alert and Removal Tool. |
2GB/page | 2GB/page | 1-time | |
| Daily FTP Scanning | • | • | N/A | |
| File Change Monitoring | • | • | N/A | |
| Multi-Level Vulnerability Scanning | ||||
| Network Scan (Port Scan) | • | • | • | N/A |
| SQL Injection Scan | 1-time | Daily | Daily | N/A |
| Cross Site Scripting (XSS) Scan | 1-time | Daily | Daily | N/A |
| Website Application Scan | 1-time | Daily | Daily | N/A |
| Reputation Management | ||||
| Blacklist Monitoring | • | • | • | N/A |
| Business Verification
(?) Automatic verification through WebNic. Not required client to answer phone call. |
• | • | • | N/A |
| Verifiable Trust Seal | • | • | • | N/A |
| Spam Verification
(?) Check spam blacklist |
• | • | • | N/A |
| SiteLock Risk Assessment | • | • | • | N/A |
| Platform Scan (WordPress) | • | • | • | N/A |
| TrueSpeed Acceleration | ||||
| Static Content Caching | • | N/A | ||
| 38 Global Data Centers
(?)  |
• | N/A | ||
| Basic DDoS Protection | 1 Gb/s | N/A | ||
| Support for SSL Websites | • | • | • | N/A |
| Traffic Statistics | • | N/A | ||
| TrueShield Web Application Firewall | ||||
| Bad Bot Blocking | • | N/A | ||
| SQL Injection Prevention | • | N/A | ||
| Cross Site Scripting Prevention | • | N/A | ||
| Blocks Access to Hackers’ Backdoor Files | • | N/A | ||
| OWASP Top 10 Threats Protection | • | N/A | ||
| Blacklisting of Clients, Countries and IPs | • | N/A |
Initial Set-up
We are currently in the process of scanning your website, servers and other hardware for vulnerabilities. This initial scan can take up to 24 hours. Please check back throughout the day. If you are still seeing this message after 24 hours, please contact support.
Business Verification includes verifying the domain, business phone number and postal address.
The phone number provided is called within 1 hour after signing up. This automated call will provide user with a four-digit pin to insert within Dashboard. If the first call goes unanswered, SiteLock will attempt to reach the user again within three hours. Customers can also request for a call from within the Dashboard.
The postal verification can take up to 7-10 business days, based on the postal service’s delivery.The letter you get is nondescript, so please keep an eye out for it and make sure you open it upon arrival. Once you have it, the code is enclosed on the letter.
SiteLock’s SMART, or Secure Malware Alert & Removal Tool, performs deep internal website scans that will tell you when any file on your website changes, giving you full visibility of all activities on your site. If malware is detected, SMART can automatically remove it so that your website maintains as a safe and secure environment for your visitors.
This comprehensive scan performs daily inside-out, as well as outside-in checks of your website that go beyond most surface scans. SMART is included in FIX, PREVENT and 911.
The time depends on the size of the site. Typically, SMART scans are completed within 24 hours.
To configure SMART:
- Log into your Premier Partner Central.
- Look for your SiteLock subscription, login to SiteLock management portal.
- Click the “Settings” link in the top menu next to the SiteLock logo.
- On the “Settings” page, click the “SMART Settings” tab.
- Enter your site’s FTP address into the field labelled “FTP host address” (this information can be found in the Control Panel).
- Enter your FTP username for this site into the “User ID” field.
- Enter your site’s FTP password into the “Password” field.
- Select “Yes, remove malicious code automatically” from the “Automatically remove malware” dropdown box.
- Select “Normal (1 connection)” from the “Select a speed for FTP file downloads” dropdown box.
- Leave the “Root Directory” field blank.
- Leave the “(S)FTP Port number” field blank.
- Leave the “Maximum Download Time for your website data synchronization” dropdown box in the default position (30 minutes/day).
- Select how frequently you want the scan to run from the “Scan Frequency” dropdown.
- Click the “Submit” button.
- When the box pops up asking if you want to run the scan now, click “Yes”. Your scan will be queued and you can check the results of the scan in the SiteLock dashboard.
Infected Pages/Links
You have several options to remediate network vulnerabilities. When you open the detail section, you will see a list of all open ports. If you believe that we have identified these ports in error, click the “Report False Positive” link at the top of the box. The resulting page will allow you to mark any ports as false positive, or mark lower priority ports to ignore them. You can also take advantage of our Expert Services team, who can help you resolve security issues.
The malware scan will notify you of any pages or links on your site that have been listed as distributors of malware (viruses, spyware, identity theft scams, etc.). If your site is on these lists, many browsers and search engines will ‘blacklist’ your site, meaning Internet users will not be able to see it in search results and it will be flagged if they navigate to your site. To get your site cleaned up and off of these lists, remove offending links and clean your website to make sure there are no viruses or spyware present. Another option is to let us help you. SiteLock offers its Expert Services to help you remediate these issues.
The email scan will notify you if your website or servers are sending spam emails or are referenced in spam emails. If you are identified on these lists, many email programs will ignore or classify emails from your site as spam. This means your customers and users will not get email from you in many cases. To get your site off these lists and reopen communication with your customers, you must get off these email ‘blacklists’.
If your business requires SSL encryption of data, you need an up-to-date certificate to ensure that your customers’ data is safe. The SSL scan will show as failed if your certificate is out of date. You need to renew your certificate with your SSL provider.
There are two possible explanations. First, check the limits of the package you have purchased. Certain limits apply to our packages. If that is not the reason, it may be that our “spider” cannot find all of the pages on your site. In many cases, this can occur if there are portions of your site not linked in some way to your home page. Since our spider works primarily by “crawling” from link to link on your site, unlinked pages are sometimes missed. To help us get a more comprehensive scan, you can place a “sitemap” file on your site, which will tell our spider where to look. For details on how to create this file, please visit http://www.sitemaps.org
SiteLock probes your site to determine if fields and forms on your site are vulnerable to attempts by hackers looking to exploit these forms to gain access to your data. This will result in attempts to submit forms on your website with encoded data.
If you wish to stop receiving these emails or entries, you may want to do some validation on the fields within your form to ensure that the data is being submitted in the correct formats before triggering emails or database inputs. Since we insert data that is likely not valid for any fields on your site, these validation measures should stop you from getting these empty emails or entries. It’s also good coding and security practice to make sure your site’s visitors are providing the correct data in the expected formats. If you need help with form validation, contact our Support team.
General
During the process of subscribing for the SiteLock service, you can assign your client to a user account. Your client can then manage his/her service through https://wam.manage.name. Note that the client can manage all the sites under the same user account, hence it is advisable to assign different user accounts for different clients.
SiteLock is sold as a subscription per domain. You would purchase a separate subscription for each website that you would want to protect.
You can manage and monitor all your sites and domains under the same dashboard if they are using the same user account.
Malware, short for malicious software, can be installed on your website by hackers who are able to find weaknesses on your web server. A typical website may have thousands of potential vulnerabilities for malware injection.
Once placed on a website, malware can then be used to spread viruses, steal personal or financial data, and even hijack computers. It is not easy to detect and may even infect your customers’ computers after they have visited your website. Ultimately, this negatively affects your business reputation and can result in lost business.
SiteLock’s patent-pending 360-degree scan helps you to make sure your website and communications are reaching your visitors as intended in three key ways:
Malware blacklist monitoring: We monitor search engine and proprietary lists of sites reported as malware to make sure visitors are able to arrive at your site, instead of a “Red Screen” warning from their browsers or search engines.
Email spam blacklist monitoring: We compare your email address, domain name and email server to industry and proprietary lists used by popular email programs to identify which messages to mark as “Spam”. This ensures that your emails reach your customers’ inbox – not their spam folder.
SSL scanning: If you have an SSL certificate installed on your site for data encryption, we will scan that certificate to verify that it is not expired or otherwise out-of-compliance with web browser expectations. This prevents users from seeing warnings about data security when they visit your site.
Failure to keep up with and monitor any of these items can result in the lost of customers, abandoned visits to your website and wasted marketing and website design efforts.
Application scanning will verify the applications you’ve installed on your website against known vulnerabilities. As application versions age (like Joomla 1.5 or WordPress 3.0), hackers will find ways to attack these programs. The publishers then update them with newer versions, which you need to upgrade to in order to stay safe. SiteLock verifies your version against catalogues of vulnerabilities to ensure you are running safe software on your site.If we discover a vulnerability in our testing, we report it to you immediately and help you secure your site.
SQL injection is an extremely damaging attack in which hackers will attempt to access information stored in your database, such as customer data or user IDs and passwords. SQL stands for Structured Query Language and is the programming language used by most database systems. By inserting commands from this programming language into fields on your website’s input forms, hackers can gain access to the database records of vulnerable sites, stealing credit card data, passwords, e-mail addresses and any additional data available in the database.
SiteLock SQL injection scanning reviews all of the files and applications on your website to detect any injections that have been inserted into your website code. If we identify an infiltration, we will notify you immediately via email. Your SiteLock dashboard will show a list of infected pages, and our Expert Services team can help you to repair your website.
You can enable the Auto Renew option for your subscription. The service will be automatically renewed monthly or annually (depending on your subscription model). Please make sure you have sufficient balance within your account to ensure the service will not be unsubscribed due to low balance.
If you choose not to use the auto renewal feature, you can renew the service any time before the subscription ends via your partner central.
Yes, you can upgrade your subscription to a higher tier package anytime.
Yes, you can terminate your subscription any time, however please note that the subscription fee is non-refundable.
SiteLock TrueShield WAF
A Web Application Firewall (WAF) protects websites from attempts by malicious bots or hackers to break in to your website. Attacking websites through the applications (like your blog or shopping cart) has become the leading way for hackers and cybercriminals to bypass traditional security measures to steal data or traffic. Thousands of websites are compromised every day.
If hackers are able to access your sensitive information or administrative area though the web applications they can do extensive damage. They can steal data, deface or destroy your website, use your server to launch attacks on other sites, or worse.
TrueShield WAF protects websites from malicious traffic and blocks harmful requests. By using TrueShield you can protect your site from bots and targeted attacks with a 5-minute setup. Additionally, TrueShield will eliminate spammers and scrapers from attacking your website.
Purchase and set up a PREVENT plan that includes TrueSpeed, a global Content Delivery Network (CDN) and advanced acceleration to increase your website’s security while optimising its speed.
A Content Delivery Network (CDN) is a large distributed system of servers that are deployed in multiple data centres across the world. This system of servers delivers webpages and other web contents to a user, based on the geographic location of the user, the origin of the webpage and where the content delivery server is located. The closer the CDN server is to the user geographically, the faster the content will be delivered to the user.
SiteLock TrueSpeed CDN is an additional feature of the TrueShield firewall, which provides your customers the fastest and most secure experience when visiting your website.
First, select the necessary version to protect your online business from malicious traffic and bots. TrueShield Basic is included with any website scanning package. Once a plan has been selected, SiteLock uses the domain supplied to automatically identify if SSL support is needed. If it is needed, SiteLock will lead you through a simple process for activating SSL support. SSL support is included in TrueShield Premium and Enterprise versions. You will then be asked to change your DNS settings and route traffic through SiteLock’s network, rather than directly to your web server IP. Once you complete the DNS changes, traffic to your website will pass through SiteLock’s network.
SiteLock does not host your website. SiteLock only serves as a proxy, standing between the website and malicious traffic to prevent attacks. Your hosting will stay the same. The only thing you are changing is the A record and a CNAME in your DNS records.
We make sure you won’t lose even a single visit. SiteLock has a globally distributed network of datacentres (POPs) that ensures that every user and website are serviced by the closest POP. TrueSpeed CDN ensures that your site runs faster and consumes less computing and bandwidth resources by caching site data and applying other acceleration techniques.
Yes. From the SiteLock dashboard, you can choose to disable and enable TrueShield/TrueSpeed anytime you want. When TrueShield is disabled, visitors will not pass through TrueShield and will reach your website directly.
Yes, TrueShield is a PCI-certified cloud Web Application Firewall & CDN.
Dynamic content caching – TrueSpeed caches website content on its proxies in order to return resources faster to users and reduce page load time, bandwidth and server load. TrueSpeed Premium and Enterprise not only cache static content but can also identify content dynamically, which can be cached while it remains unchanged.
Compression – An average website page is 100KB to 500KB, depending on its content, structure, functionality and the resources it contains. For content-rich applications, the simple task of transferring the page to the browser can take a long time. Common web servers and browsers support content compression. Configuring the compression of resources on your web server requires complicated settings, technical expertise, and substantial processing power from your web server. TrueSpeed compresses this content for you, even if it is sent uncompressed from your server.
Minification is the process of removing all unnecessary characters from the source code, without changing its functionality. These unnecessary characters usually include white spaces, new line characters and comments, which are often used to add readability to the code but are not required for its execution. By removing these characters, TrueSpeed minimises your website’s size, making it lighter and reducing load time.
SiteLock SMART (Secure Malware Alert & Removal Tool)
If the customer has turned ‘auto-clean’ on then the fix is instantaneous, and we upload the file back up to the customer’s site upon completion.
If auto-clean is off, then customers have the option of fixing it by clicking a button or cleaning the site themselves based on the report that they see in the detail screen.
- Signature based malware scans.
- Links to bad websites.
- Fuzzy logic scans.
i. We look for certain ‘things that look suspicious’.
- Some of these may actually be advance warning on new malware, e.g., code that has been obfuscated through 5 or more layers of obfuscation and not human-readable.
- They may be bad practices (e.g. there is code that sends email right next to code that takes a credit card)
ii. Known malware from signatures / database
Only the FTP login. This should be entered in the settings section for SMART.
- The current or ‘Outside-In’ scan finds ‘bad things’ showing up on the website when we pull it up. This shows the "EFFECT" of the malware infection.
- SMART is an ‘Inside-Out’ scan where we examine the source code for the “CAUSE” of the problem.
Together, the two types of scans provide a holistic approach to keeping the customer safe.
There are 2 plans that include the SMART scanner. The FIX plan and the PREVENT plan both include the SMART scan tool to remove malware automatically.
SMART works with any technology, as long as they give us the FTP access we need. It probably works best with sites that are built using PHP (WordPress, Joomla, etc.)
- As far as the customer is concerned, “Yes there is”, and it is driven by the limits set on the plan that they are on.
- Per GB by Plan –
- FIND – 0
- FIX – 2GB
- PREVENT – 2GB
There are 2 concerns at play here:
i. Can the customer guide us to the correct place?
Will there be plan abuse where the customer signs up for one site and then has us scan their entire list of 15 sites?
ii. To address concern (i) above, we have provided two settings:
FTP credentials; and
Doc Root/Website root directory
Together, these are sufficient for the customer to lead us right to the folder that contains just the files for the website under contract.
To address concern (ii)
There is no way to absolutely prevent this sort of abuse at the moment.
Our size limits should give us some sort of relief from this kind of abuse should it occur.
One of the options for synchronising files between us and the customer involves us placing a PHP file on his/her site. This is an option that the customer has. Encouraging the customer to enable this option gives us a better chance of fighting plan abuse.
Going forward, if we find that this sort of plan abuse is rampant, we will look at designing a solution for it. At the moment, we prefer to focus on code that achieves better scans, rather than on preventing plan abuse.
Yes. From the details screen for SMART, as well as from the dashboard view.
Will SMART scan create logs / audit trails on documents it has worked on? (THIS IS A MUST-HAVE!!)
If we have a good malware signature in our database, then we fix it as soon as we find it.
Sometimes, we do not have a signature, and the source code cannot be cleaned automatically. In these cases, we point to the issue, but removal requires manual intervention – perhaps by Expert Services, or by the customer themselves.
Yes
i. Yes. The FTP may not work (due to bad URL or credentials) which would prevent us from starting. Even if it starts, it might only be able to do a part of a site on the first day because there are so many files that it:
either could not download them all; or
used up its quota on how much time it spends on a site. These numbers vary, and the important thing is that it will resume the next day, or the next period
ii. The host may terminate SiteLock's connection because it has strict limits on how much bandwidth a customer can consume.
iii. There may be a server exception on the customer’s end when it tries to download or upload the source files.
Whatever the cause of the error, SiteLock will display it in the detail screen for SMART and the user should have a good idea of what to do next. IIn the case of server errors, he/she may call support and create tickets, which might require some investigation to resolve.
It depends on the hosting setup. If the FTP consistently fails, then we might need a discussion with the host.
When a customer buys SMART, they are expected to look at the scan results in the SMART detail screen periodically – there is no action required of us as an Expert Service or sales organisation.
For SMART, this FTP info is held in our secure database. This is a responsibility that we take very seriously.
SiteLock keeps backups of a downloaded website for up to 7 days. Once it has reached that time frame, the files are discarded.
There can be multiple problems with FTP downloads:
- We are unable to connect because of credential issues (wrong username or password, incorrect URL).
- We time out when we try to download the files.
- Something on the customer’s server is wrong and the server has an error.
Yes, we alert the customer if the FTP server is unable to connect, or any other specific errors.
However, SMART scan will not alert the customer if there is a time-out issue when trying to scan all of the files.
No, we will not.
For the first time that we scan a site, we will take some time to download the files from the site. This may take a while and might have a small effect on the site, especially for larger sites. As time goes by, we will be downloading fewer files, because we will pull down only changed and new files to our server. This should reduce the impact we have on the server. Besides, all the actual scanning happens on our servers, so the customer’s site will not be affected.
This is configurable in the settings section. Customers can choose daily, weekly etc.
This depends on the size of the site – how many files are there etc. Each file is scanned very rapidly.
The scan happens on our site, so the total wait time that the user will experience when he/she initiates a scan is: Time to download + time to scan + time to upload.
Yes
Currently, we do not scan the contents of the customer's database.
Yes.
We scan website apps, which are not server side. The scan identifies known framework of codes, such as Joomla, Drupal or WordPress and checks whether the core files in the framework differ from the files on the server.
No, SMART does not check blacklists. Customers are advised to submit their sites to Google Search Console.
Penetration testing is not a part of the SMART product.
When a customer logs in to the dashboard and navigates to the detail section for SMART, he/she will see a report that tells him/her the things that we found, and the things that we fixed.
Some things that we find may not be fixable through code, or it might be dangerous to try and fix them through code. In this case, the customer will need to clean that section of his/her code manually (Expert Services team).
There are many kinds of new malware found every day. There may be a short period of 24 to 48 hours time during which SMART is not aware of these new attacks. However, our Experts Services team is always aware of the latest attacks and can therefore fix the sites manually.
The urgency to restore the site will be driven by the customer’s needs and the nature of the site. The fastest way to get a site cleaned and restored may still be to use the EMERGENCY scan.
SMART looks for known malware within the code base. New hacking scripts and malicious codes are created each day. Another reason that SMART might not remove malware on a site is because of the risk involved. For example, a site heavily infected with malware embedded in the coding may break the site. If the scanner finds that removing the code would affect the functionality of the site, it will leave it there and just warn the customer of its findings. This is where SiteLock’s Expert Services team's cleaning services, for a fee, would be the best alternative to fixing the site.
SMART is intended to automatically detect and remove malware within a website. Malware is identified via a signature-based scan. We check source files against a growing database of millions of signatures.
Although SMART removes the vast majority of malware from websites, SMART does not provide a guaranteed fix. Depending on the type of infection on the client’s site, SMART may not be able to correct an issue. SMART will not remove any new or unknown hacks that we do not know of. SMART serves as a great first option to resolving issues because it is cost-effective and in most cases it can resolve all issues.
SiteLock Trust Seal Installation
First, we need to determine where you are installing your shield. Are you trying it on a page stored on your local computer or on a live web site?
If you are using a local computer for development, then you need to add http: before the several instances of ‘//shield.sitelock.com’ in the code so that it looks like http://shield.sitelock.com. The original code should work on any live websites and any major browsers, but you need to make the adjustment above to display it on your computer.
To show the SiteLock badge on your site, please log in to your dashboard – available from your Premier Partner Central. At the bottom of the dashboard is the badge section. Choose a badge format, save your preference, and then copy and paste the code into your site wherever you want the badge to display.
In most CMS tools, such as WordPress, Joomla, Drupal etc., you can simply place the code for the SiteLock Trust Seal in the footer code of the website.
