Computers & Electronics

Recommend Website protection options

  • Last Updated:
  • Apr 7th, 2016 10:29 am
[OP]
Member
Apr 23, 2008
351 posts
32 upvotes
Toronto

Recommend Website protection options

My friend's website was hacked and infected by malicious malware. The hosting company took the site down. The website developer is suggesting the following 2 options:

1. To purchase a Security Socket Layer (SSL) and a dedicated IP address from the hosting company. The cost is around $20 for the certificate and $50 annually for the dedicated IP address.

2. The Sitelock service which constitutes a commitment to continually clean out the site and to find or trace the source of the hacking activities so that their IP can be blocked. Price $129 for 3 months.
The service comes with a Firewall. It seems to be more like an ongoing monitoring and maintenance plan.

My friend is most concerned about protecting the site against potential hackers attacks and to ensure maximum availability and reliability of the site at a reasonable cost.

Is the "sitelock" reliable? Or trustworthy from the professional point of view? Are there any other options to consider?

Please provide some insights or recommendations on how to deal with that problem.
Thanks
7 replies
Newbie
Apr 23, 2011
6 posts
2 upvotes
toronto
I recommend your friend let technical support to check the website first. There must have bugs. It wastes money before they debug and solve the flaws
Deal Guru
User avatar
Feb 10, 2007
11011 posts
1973 upvotes
Adding SSL will not do anything to the site's security.

You are wasting your money.

Most likely your friend's script was exploited.
[self promotion rule violation, removed twice already][self promotion rule violation, removed twice already]Trolling or Threadcrapping Trolling - woooooooo 3k on a laptop woooooooo 3k on a laptop woooooooo 3k on a laptop woooooooo 3k on a laptop
Deal Expert
Aug 22, 2006
23375 posts
8995 upvotes
For one, your friend should have SSL already considering that it's free:
https://www.startssl.com/
There's also a new one I just discovered that I haven't tested yet:
https://letsencrypt.org/

For two, as many issues that there are with something like Cloudflare, that should be your next option since it's also free.
But the 2 are mutually exclusive unless you pay a bunch of money to Cloudflare.

That said, SSL won't help if your friend is actually getting hacked.
You can SSL my MySQL injections all day long and it wouldn't do anything.
[OP]
Member
Apr 23, 2008
351 posts
32 upvotes
Toronto
smehmood wrote:
Mar 18th, 2016 10:45 pm
My friend's website was hacked and infected by malicious malware. The hosting company took the site down. The website developer is suggesting the following 2 options:

1. To purchase a Security Socket Layer (SSL) and a dedicated IP address from the hosting company. The cost is around $20 for the certificate and $50 annually for the dedicated IP address.

2. The Sitelock service which constitutes a commitment to continually clean out the site and to find or trace the source of the hacking activities so that their IP can be blocked. Price $129 for 3 months.
The service comes with a Firewall. It seems to be more like an ongoing monitoring and maintenance plan.

My friend is most concerned about protecting the site against potential hackers attacks and to ensure maximum availability and reliability of the site at a reasonable cost.

Is the "sitelock" reliable? Or trustworthy from the professional point of view? Are there any other options to consider?

Please provide some insights or recommendations on how to deal with that problem.
Thanks
UPDATE: Here is what the company is offering:
Package Options:

Secure VIP-Infinity scanner/Enterprise firewall
1 year- $149.00/mo
6 month- $179.00/mo

Secure Site-Infinity scanner/Premium firewall
1 year- $99.00/mo
6 month- $129.00/mo

Secure Speed- Premium level
1 year- $79.00/mo


Secure Starter-Premium scanner and professional firewall
1 year- $49.00/mo


Scanning options:
All services are add on a 12 month term

Scanning options: Al la carte


We have different levels of services to cover all of the security needs of websites so our services cover Find,Fix,Prevent and Comply. We have scanners that scan for malware and vulnerabilities and the scanners Premium level or higher also include SMART which is an automatic malware removal tool. The malware removal tool is 98% effective in removing malware automatically from sites. The only time it can not remove the malware from the site is if removing the malware would change the functionality to the site. So in that situation the SMART would not remove the malware because we do not want to cause any further damage to the site. We also do have engineers here in the event that SMART can not remove malware, this is a level of service that we can also offer. The engineer services come with 100% guarantees. We also have firewalls to help protect the site and prevent hacking and malicious bots from accessing the site. Additionally we do provide PCI compliance for people who with storefronts that take payment directly on their site. I have included some PDF's that go into more detail about the specifics of the services so if you have any additional questions regarding anything involved with the services let me know.



Premium level scanning includes daily malware scans using both crawling technique and FTP (SMART) to scan and remove malware, daily vulnerability scans for both XSS and SQLi hacks, daily spam and network scan. Scans up to 500 original URL's daily.
~Premium: $14.99 monthly or $149.99 annually


Enterprise level scanning includes daily malware scans using both crawling technique and FTP (SMART) to scan and remove malware, daily vulnerability scans for both XSS and SQLi hacks, daily spam and network scan. Scans up to 2500 original URL's daily.
~Enterprise: $29 monthly or $299 annually


Infinity level scanning includes daily malware scans using both crawling technique and FTP (SMART) to scan and remove malware however with infinity the SMART tool scans hourly, daily vulnerability scans for both XSS and SQLi hacks, daily spam and network scan. This level of services also Includes unlimited cleans and fixes by the engineers in your Expert Service department. Any issues involving security on the site that require manual work will be covered by this plan as well as the engineers being able to successfully communicate with Google in the event of any blacklisting or issues that need to be resolved. Scans up to 2500 original URL's daily.
~Infinity:$99.99 monthly $999.99 annually

Firewall options:
All of our firewall options add you to our CDN, Provide traffic stats, cache dynamic and static content and block bad bots from accessing the site.

Professional level firewall is designed to block out automated bots from accessing the site using a captcha method. This level of firewall is not designed to specifically block out specific hacks or hackers. $39.99 month or $399.00 annually

Both Premium and Enterprise level firewalls protect against OWASP Top Ten hacks as well as XSS and SQLi hacks specifically. Both of these firewalls are also compatible with SSL's
Premium level firewall
~Premium:$59 monthly $599.99 annually

The Enterprise level firewall is the only one that protects against backdoor files. In the event that a hacker creates a backdoor file this firewall will still protect you against its access.
~Enterprise:$79.99 monthly $799.99 annually

PCI:$14.99 Monthly $149 annually

True Code Basic and Professional: $1,000-$2,000
True Code Premium and SMB: $3,000-$4,000

Question: Need to know what is the best option at a reasonable cost to protect the site against potential hacker attacks and to ensure maximum availability and reliability of the site?
Deal Addict
Jun 8, 2005
2799 posts
339 upvotes
Toronto
smehmood wrote:
Mar 18th, 2016 10:45 pm
My friend's website was hacked and infected by malicious malware. The hosting company took the site down. The website developer is suggesting the following 2 options:

1. To purchase a Security Socket Layer (SSL) and a dedicated IP address from the hosting company. The cost is around $20 for the certificate and $50 annually for the dedicated IP address.

2. The Sitelock service which constitutes a commitment to continually clean out the site and to find or trace the source of the hacking activities so that their IP can be blocked. Price $129 for 3 months.
The service comes with a Firewall. It seems to be more like an ongoing monitoring and maintenance plan.

My friend is most concerned about protecting the site against potential hackers attacks and to ensure maximum availability and reliability of the site at a reasonable cost.

Is the "sitelock" reliable? Or trustworthy from the professional point of view? Are there any other options to consider?

Please provide some insights or recommendations on how to deal with that problem.
Thanks
smehmood wrote:
Apr 5th, 2016 4:57 pm

Question: Need to know what is the best option at a reasonable cost to protect the site against potential hacker attacks and to ensure maximum availability and reliability of the site?
Best option is to get a new web developer. If they're suggesting paying for a service rather than addressing infrastructure/app code problems, then they don't know what they're doing and you'll end up wasting your money and not fixing the problem. You may be paying $1000's for a very secure biometric controlled firewall on top of a room that has an unlocked and open back door.

Really, without knowing details of the infrastructure, app code and how the website was compromised, it is impossible to recommend a solution.
Deal Expert
Aug 22, 2006
23375 posts
8995 upvotes
�� wrote:
Apr 6th, 2016 12:12 pm
Best option is to get a new web developer. If they're suggesting paying for a service rather than addressing infrastructure/app code problems, then they don't know what they're doing and you'll end up wasting your money and not fixing the problem. You may be paying $1000's for a very secure biometric controlled firewall on top of a room that has an unlocked and open back door.
Pretty much this.
There's not going to be any elegant way to fix this and it's going to probably cost FAR more than doing a proper rebuild.
Deal Fanatic
User avatar
Jan 11, 2004
9190 posts
581 upvotes
Toronto
goto another web host,
"When operating the viewfinder diopter control with your eye to the viewfinder, care should be taken not to put your finger in your eye accidentally."

Top