How is SiteLock billed? - Jamcracker

spongehousesSecurity

Nov 3, 2013 (3 years and 7 months ago)

74 views



















Category

Website Security Related


Overview

SiteLock is a comprehensive website security solution for online businesses. Delivered through a Software
-
as
-
a
-
Service
(SaaS) model, SiteLock subscribers can proactively protect their website
while increasing sales by over 10% through
earning trust. The SiteLock Trust Seal provides customer confidence and has been proven to substantially increase sales
and conversions, with 70% of web visitors looking for a verifiable 3
rd
-
party certification b
efore providing personal data.




Total Website Security



Deep 360
-
degree Scanning



Reputation Management preventing Blacklisting



Easy
-
to
-
Use Dashboards with Real
-
time Reporting



Increase Sales with the SiteLock Trust Seal



3
rd

Party Business Verification



Expe
rt Website Security Services


Help your customers protect their websites from Internet threats, and provide peace
-
of
-
mind with SiteLock.
Visit the
SiteLock website

to find out more information.


Company Description

Since starting in 2008, SiteLock has been committed to making the web safer for online businesses. This mission has
resulted in helping over 500,000 small businesses worldwide and over 2 million web pages scanned per day for threats
and vulnerabilities.

SiteLock was founded on the principle that website security should not be expensive for small
enterprises and that these customers are entitled to an excellent customer experience during a time of need.

Utilizing award
-
winning, patented 360
-
Degree websit
e scanning technology, SiteLock provides the ultimate protection
while still being light enough to not affect a network’s server or performance.

Not only does SiteLock offer inexpensive security solutions for online businesses, but also delivers on
-
demand
services
through our experienced team of professional security engineers.
Our highly
-
trained engineers thoroughly scan and
analyze websites to identify malware, backdoors, and other vulnerabilities and resolve customer issues. This is quickly
done to rest
ore a customer’s online business, securing the business’s data and reputation.

Even if the website has not been compromised, all businesses need to ensure that their website is safe and secure.
SiteLock offers the following additional services:



Malware re
moval



Spam black
-
list removal



Database security hardening



Network security hardening



Blog and CMS security hardening



Shopping cart security hardening



Secure Web Design



On
-
going Maintenance

Secured. Trusted. Verified.


Product Overview
-

What is SiteLock?


SiteLock helps protect more than just your website; it can protect your business. Your online reputation and the security
of your website are critical elements to your business. There have never been more threats to your website than now. In
2011, o
ver 9 million websites were victims to hackers. Hackers use malware, SQL Injection, Cross
-
site scripting and more
sophisticated techniques to steal your customer data or redirect your traffic, ruining your business’ reputation.


Protect your investment by
preventing your website being blacklisted by search engines. Over 6000 websites are
blacklisted each day


resulting in loss in revenue, customers and credibility. Blacklisting is a direct result of website
being reported as being unsafe for visitors by
means of spam or malware. Daily security scanning identifies
vulnerabilities and protects your site against these and other threats.


Blacklist monitoring tools are plentiful within the market. Blacklist monitoring is critical, but insufficient to ensu
re a
website’s reputation and security. This is a reactive measure, after the damage is done. A proactive approach identifies
possible weak spots and open ports hackers could leverage to cause havoc. The most common, according to a report by
Verizon’s s
ecurity team and the US Secret Service** are code injection attacks like cross
-
site scripting and SQL
injections. SiteLock will alert you if your site is vulnerable to these issues, as well as if your site gets blacklisted for

any
reason by search engines

or spam monitoring tools.


SiteLock enables small businesses to proactively protect their investment and reputation through:

Proactive scanning


Searches your site and network for common weak spots hackers exploit to inject malicious code
into your site


Blacklist monitoring


Monitors search engine and spam blacklists to make sure your customers are seeing your site and
receiving your messages


SiteLock’s security offers these features:



Daily 360
-
degree scanning for

o

SQL Injections

o

Cross
-
Site Scripting (X
SS)

o

Applications

o

Viruses

o

Malware blacklisting

o

Spam blacklisting



On
-
Demand Expert Services to help you fix any security issue on your site



Alerts & Email Notifications

Geared to provide holistic network and application security, drive
-
by
-
downloads, and cust
omer data protection (SQL &
XSS)by performing forward
-

and backward
-
looking scans.








Dashboard Reports


In addition to all of this, SiteLock also provides our Trust Seal for sites that are secure. The SiteLock Trust Seal provide
s
customer confidence a
nd has been proven to substantially increase your sales and conversions, with 70% of web visitors
looking for a verifiable 3
rd
-
party certification before providing personal data***.



*
(Proposed LicensePal List Price)
;
**2011 Verizon Data Breach Investig
ations Report; ***

IBM


2006 Consumer Security Survey


Don’t let blacklisting happen to you!













SiteLock monitors websites for the following issues and vulnerabilities and alerts you of any issues:




Search Engine/Browser Blacklisting



Spam Black
listing



Application vulnerabilities



SQL Injection vulnerabilities



Cross
-
Site Scripting (XSS) vulnerabilities



Virus Scanning



Network vulnerabilities


SiteLock also verifies a business’s reputation:



Domain ownership



Phone verification



Postal address verifica
tion



SSL certificate validity



Third
-
party trust seal


About SiteLock



Over 500,000 customers currently protected



Customer profile: website owners with 0
-
2500 pages, from blogs to ecommerce storefronts



Key use verticals: Hosting providers, manage service p
roviders, cloud services, shopping cart, and web design



16 Full
-
Time Employees



Some of the current clients include HostGator, iPage, iPower, and Bluehost



Strategic alliances: Stopbadware.org, Bitdefender

F.A.Q.

What is SiteLock and what does it do?

Site
Lock is a service that performs daily scans of a website to identify vulnerabilities and protect against threats like
viruses, cross
-
site scripting, SQL injection and even email blacklisting.

The SiteLock™ Trust Seal provides customer confidence and increases your sales and conversions.

What types of problems does SiteLock scan for?

SiteLock performs a Deep 360 Scan that encompasses:



Reputation monitoring:

ensures the reputation of the website
is intact and communication to visitors and
customers is uninterrupted.



Malware blacklist:

monitors search engine and proprietary malware lists to make sure the site is not blocked by
search engines and browsers.



Spam blacklist:

ensures that e
-
mails reach
customers' inbox (not their Spam folder), SiteLock verifies e
-
mail
addresses, domains, and email servers against lists used by popular email tools to identify spam.



SSL Verification:

ensures users do not see a certificate warning or error when visiting you
r site.



Network security:

validates the security of the network by making sure there is no opportunity for hackers to
access the server.



Drive
-
by
-
downloads:

scans the website to ensure visitors are not being infected with viruses often placed on
websites b
y hackers.



Customer data protection (SQL & XSS):

performs forward
-

and backward
-
looking scans to make sure current
and future visitor/customer data on the site is secure.



Application security:

verifies that any 3rd
-
party applications installed on your webs
ite are secure and up
-
to
-
date.



Business Verification:

certifies the validity of the business and provides a certification badge to display to
website visitors to let them know the business or website is legitimate.



Domain ownership:

ensures that the domain

owner is in control of the website domain.



Postal Address:

verifies that the site owner can receive and respond to postal mail, such as customer payments
or inquiries.



Phone Verification:

ensures that there is a phone number where customers can report iss
ues or request
additional products or services.

How is SiteLock billed?

SiteLock is a subscription service billed for in advance and available in one
-
year terms.

How does SiteLock notify customers when it finds an issue?

SiteLock will inform the site owner

by email, and with an alert in the SiteLock Dashboard. The report will provide
complete information about the issue that is found along with help to remove it.

What happens if SiteLock finds a vulnerability? Will the SiteLock seal tell visitors that a web
site has failed?

Site visitors will not be alerted to any problem. The SiteLock seal will simply continue to display the date of the last good

scan of the website site. If the site owner fails to rectify the problem, within a few days SiteLock will remove
the seal
from the site and replace it with a single pixel transparent image. At no point will SiteLock display any indication to
visitors that a website has failed a scan.

Does SiteLock work with any hosting company, server and software?

Yes.

Will SiteLock

impact website performance?

No. SiteLock scans won't impact the performance of a website. The SiteLock seal has no impact on load times.

How do I install the SiteLock seal?

Users simply include the JavaScript snippet that SiteLock provides in the footer a
rea of their site or template.

Where do my customers manage their SiteLock service?

They can manage SiteLock either through the white
-
label DomainAdmin.com interface that OpenSRS provides, or you
can build the SiteLock dashboard interface into your own con
trol panel.

Can a SiteLock service subscription be upgraded?

Yes. Customers can upgrade from SiteLock Basic to SiteLock Premium or SiteLock SMB Enterprise, or from SiteLock
Premium to SiteLock SMB Enterprise. Downgrades are not possible. When a subscriptio
n is upgraded, the expiry date for
the subscription is reset to one year from when the order is submitted.

Sign
-
Up Process


Once a client has paid for the service or signed up for the free trial:



A welcome email is sent out
-

The email contains instruct
ions for installing the SiteLock certificate on their
website



Phone verification is attempted within 1 hour

o

This is an automated call that informs the customer of the 4 digit pin for their account

o

The customer must log in to their dashboard and enter

the code for verification to be completed

o

If a client does not answer, they can request another call in their dashboard



A scan of the clients website will take place within 24 hours

o

Scans run late at night so typically by midnight, their site will h
ave been scanned

o

If vulnerabilities are found, the client will be notified via email and message alert within their dashboard

When the scan has been completed, the client can add the SiteLock seal to their website

Initial Set
-
Up

I just registered my webs
ite and my network scan shows "No information available". Why is this?

We are currently in the process of scanning your website, servers, and other hardware for vulnerabilities. This initial
scan can take up to 24 hours. Please check back throughout the da
y. If you are still seeing this message after 24 hours,
please contact support.

I just registered my website and have not gotten an e
-
mail to verify my domain ownership.

If, after 30 minutes, you have not received this e
-
mail, check the 'Current status' bo
x to make sure it is displaying your
correct e
-
mail address. If necessary, edit the address by clicking on the pencil icon. If it is correct, click re
-
send to have
the message re
-
sent. If the second attempt is still unsuccessful, check your spam filter to
make sure the e
-
mail has not
been flagged as spam, since we'll be a new sender. If it has, make sure to add support@SiteLock.com to your contacts to
ensure future communications are received. If none of these solutions works, please contact support to furt
her research
the issue.



I just registered my website and have not been called to verify my phone information.

The phone verification can take up to one hour to be sent, depending on volume. If it has been more than an hour and
you have not been contacted
, verify that your number is correct in the 'Current Status' box, and then click the re
-
send
link to have the system contact you again. If you've already done this without success, you can contact support to
perform a manual verification.

I Just signed up
and my reports are only showing that 26 of my 200 page website we scanned, why?

There are two possible explanations. First, check the limits of the package you have purchased. Certain limits apply to
our packages. The Basic plan only covers 25 pages of th
e website; to fully protect your site, please upgrade to the
Premium plan which scans up to 500 pages.


If that is not the reason, it may be that our "spider" cannot find all of the pages on your site. In many cases, this can
occur if there are portions of

your site not linked in some way to your home page. Since our spider works primarily by
"crawling" from link to link on your site, unlinked pages are sometimes missed. To help us get a more comprehensive
scan, you can place a "sitemap" file on your site,
which will tell our spider where to look. For details on how to create
this file, please visit
http://www.sitemaps.org

How long does the postal verification take? What should I look for in the mail?

The p
ostal verification can take up to 7
-
10 business days, based on the postal service's delivery. The letter you get will be
rather nondescript, so please keep an eye out for it so you are sure to open it on arrival. Once you have it, the code is
enclosed on t
he letter.

I just signed up. How do I start showing the SiteLock certification shield on my website?

We will make the shield available as soon as all scanning is complete with no issues. Once that happens, you can copy
and paste the shield code from the 'C
ertificate' tab in the 'Current Status' box. You will know that your steps are
complete based on the Green/Yellow/Red indicators on each tab in the 'Current Status' box. Your overall status is also
shown at the top of the dashboard.

I recently signed up f
or SiteLock and noticed that we are getting some empty submissions from some of the forms on our
web site (Contact us, etc.).

SiteLock probes your site to determine if fields and forms on your site are vulnerable to attempts by hackers looking to
exploit t
hese forms to gain access to your data. (Though we use similar techniques as hackers to test your pages, you do
not need to worry; our process is safe). This will result in attempts to submit forms on your website with encoded data.


If you wish to stop re
ceiving these e
-
mail's or entries, you may want to do some validation on the fields within your form
to ensure that data is being submitted in the correct formats before triggering e
-
mail's or database inputs. Since we
insert data that would not likely be
valid for any fields on your site, these validation measures should stop you from
getting these empty e
-
mail's or entries. It's also good coding and security practice to make sure your site's visitors are
providing the correct data in the expected formats.




Issues and Remediation

The malware scan came back with results for my site. What does this mean? How can I fix it?

The malware scan will notify you of any pages or links on your site that have been listed as purveyors of malware
(viruses, spyware, iden
tity theft scams, etc.). If you are on these lists, many browsers and search engines will 'black
-
list'
your site, meaning Internet users will not be able to see it in search results and it will be flagged if they navigate to you
r
site. To get your site cle
aned up and off of these lists, remove offending links and clean your website to make sure there
are no viruses or spyware present.

Another option is to let us help you. SiteLock offers its Expert Services to help you remediate these issues. Just select t
he
'Help me fix this' option. You'll be taken to a new page to enter some additional information so our team of security
experts can help you.

The e
-
mail scan came back with results for my site. What does this mean? How can I fix it?

The e
-
mail scan will

notify you if your website or servers are sending or referenced in spam e
-
mails. If you are identified
on these lists, many e
-
mail programs will ignore or classify e
-
mails from your site as spam. This means your customers
and users will not get e
-
mail fro
m you in many cases. To get your site off these lists and re
-
open communication with
your customers, you must get off of these e
-
mail 'blacklists'. SiteLock offers its Expert Services to help you remediate
these issues. Just select the 'Help me fix this' o
ption. You'll be taken to a new page to enter some additional information
so our team of security experts can help you.

My SSL scan failed. How can I fix this?

If your business requires SSL encryption of data, you need an up
-
to
-
date certificate to ensure

that your customers' data
is safe. The SSL scan will show as failed if your certificate is out of date. You need to renew your certificate with your SS
L
provider.

How does the Virus Scan work?

Our Virus scanner works by pulling the files from our daily sc
ans and comparing them to an industry
-
leading database of
virus signatures to determine if there is any match between your site and known malicious code. Because this is an
intensive process and we do not want to impact your site's performance, we do this
scan on a rolling basis, downloading
a piece of your site each day. For most sites, we will be able to complete this process within 30 days.

General

How do I see details on the issues reported?

From any point in the dashboard, you can drill to details. If
you see a 'Details' icon, clicking it will show a detailed list of
issues. If you are in a graph, clicking any element of the graph will show a detailed list of issues in that grouping.

Some of the terms are unfamiliar to me. Where can I get more informati
on?

Anywhere on the dashboard, you can hover over a term to get a quick explanation of what we are showing there and
how to use it. If you would like a more detailed explanation, check the glossary or our Learn more page at
http://www.sitelock.com/learn
-
more.php

.

Can I change my notification preferences for the alerts?

Click settings at the top of the page and you can modify your preferences based on criticality and/or type of message.

My shield is no l
onger showing on my site. What happened?

Check the status at the top of the site. It's possible that something has changed and your site is no longer compliant.
Review the areas with yellow or red status and remediate the issues. Your shield will be availa
ble again after our next
scan.

Many areas of my dashboard show as grayed
-
out. Why is this?

This will happen when you are subscribed to one of our basic packages. If any part of the dashboard does not apply to
your site or package, it will appear grayed
-
out
. Upgrade to see the details of any of these areas.

Manage Users

I'd like to share the dashboard with others in my company. How can I do this?

Click the 'Manage Users' link on the left of the page. There you will see an 'Add Users' button. Fill in the info
rmation
presented and the new user will have access to the site.

I need to remove/modify a user.

Click the 'Manage Users' link on the left of the page. Next to each user's ID are the ‘modify’ and ‘remove’ buttons. Click
on the appropriate button to perform

the desired action.

Add a Site

My business contains multiple domains or websites. How can I monitor them all?

Click the 'Add a Site' link on the left of the page. There you can enter the required information to add a new site. The
information will be disp
layed alongside your current site information in the dashboard.

Manage Account

Where can I edit business/billing information

Click on the 'Manage Account' link on the left of the page. There you can choose the edit option to modify any
information necessar
y.

Can I see a billing history?

Click on the 'Manage Account' link on the left of the page. At the bottom of the page, your billing history appears.









Customer log in


Quick Step Setup

This will display the first time the customer logs in to help the
m finalize the set
-
up of their SiteLock account. They may
skip this and choose not to show it any more.


DashBoard



Here you can find information on the status of your SiteLock certification, statistics about your website, and important
messages from S
iteLock.


Current Status



Business Info:

Phone, Address, and Domain verifications and submissions can be performed here. This information, as well as
the company information can be edited.





Security:

View warnings and details from the various securi
ty scans performed.





Certificate:

Change the badge size and color and find the link for adding the badge to your site





Site Statistics


Visitors


This graph shows total traffic to pages on your site where the SiteLock logo is displayed. Use this inf
ormation to
view traffic trends over time. Use the controls above the graph to change the scale and time frame shown in the
graph.


Network Scan

This graph shows summary information about the open vulnerabilities on your network. Click on any bar to see
de
tailed information about the vulnerabilities. Use the controls above the graph to change the scale and time
frame shown in the graph.


Malware Scan

This area shows summarized results of our malware scan on your site. If there were issues discovered, pleas
e
click the Details link to see detailed information about any issues and for help with Remediation.


Email
Scan

This area shows summary information about email blacklists that have included your site or network among
known spammers. Hover over any item to see an explanation of the scan.



User App Scan

This area shows the summarized results of our scan of all applications used by your site. If there were issues
discovered, please click the details link to see detailed information about any issues, and
for help with
remediation.


SQL Injections

This area shows the summarized results of our scan for database vulnerabilities on your site. If there were issues
discovered, please click the details link to see detailed information about any issues and for help with
remediation.


XSS Scripting

This area shows the summarized results of our scan for cross
-
site scripting vulnerabilit
ies on your site. If there
were issues discovered, please click the details link to see detailed information about any issues and for help
with remediation.



Messages and Alerts

This area will show the results of scans and any alerts that relate to the security of your website.





Users



Listed are the current u
sers registered to view information on your site. Click the Modify button to change contact or
permissions for any user. To delete a user, click Remove. Owners can change account and billing information and add
sites. Other users may view site data and cha
nge their own user information.


Manage users



Add new user and modify existing

Manage Sites



Listed are the sites SiteLock is monitoring and verifying for you. All sites will be presented through the same dashboard
interface you are used to, in a consol
idated view. Click the expand button next to each site to view individual servers
(hosts) for any site. From there, you can also add or remove hosts.


Status


Add a site





Add host



The term ‘Host’ refers to the various communication and networking ro
les your sever hardware can perform. We verify
your web server by default. You may wish to verify additional severs to improve your networks security. Options are SSL,
Incoming mail sever, outgoing mail sever, DNS sever, web server, FTP server and data bas
e server.


If a client wants to change the site name, they must call in and speak with a support agent


Manage Account



Your site information is below. Click Edit to modify any information. Note that changing information here will impact
your business ve
rification information on certificate


Company Information





Settings



Here you can modify your security questions. These will be used in case you forget your password.





SiteLock Badge


Installing SiteLock Seal

To show the SiteLock badge on your
site, log in to your dashboard
-

available from your web hosting control panel or by
visiting sitelock.com.


On the upper right, you will see a drop down box, and you need to make sure that it shows the site that you want to use
the badge on (if you have
multiple web sites).


You will see a tab called "Certificate" and clicking on this will allow you to choose a badge format and get the HTML code
to put that badge on your page.


Some notes about the HTML code for the badge:



Please make sure that this cod
e is entered into a live web page (the code will not display the badge if you open
the page on your local computer in a web design program).



Make sure that you copy all of the HTML code.




Make sure that the HTML is saved intact.



If you use a content manag
ement system on your web site, you should make sure that you are placing the badge
in HTML format rather than in the WYSIWYG editor because your web page needs to have the full HTML to
display the badge properly.


If you trying it on a page stored on your
local computer then you need to add http: before the several instances of
"//shield.sitelock.com" in the code so that it looks like http://shield.sitelock.com. The raw code should work on any live
web site and any major browser, but not on a page saved on
your computer.


If you are using CM4all to create your website please follow these steps.

1.

Log into your CM4all.

2.

Click on ‘Edit’.

3.

Then click on ‘Settings’. Make sure that the check box ‘Activate footer text’ is enabled.

4.

Click on the ‘Edit Content’, then cli
ck on the Menu bar ‘Edit’ select ‘Edit footer’.

5.

There you paste the HTML code and apply for saving. Then check the preview to verify it. If it is working then
publish the website.


If you are using Weebly to create the website, then please follow the steps

given below:

1. Log into the control panel, along with your account username and password.

2. Click on 'Weebly Drag and Drop Builder' under 'Website'.

3. Click on 'Edit My Site'.

4. Click on 'Elements'.

5. Drag 'Custom HTML' element to body of your websit
e, where you wish to add custom HTML.

6. Click on 'Click to set custom HTML'.

7. Click on 'Edit Custom HTML'.

8. Enter the HTML code.


In order to place the SiteLock shield in your website using joomla, you can follow the steps given below:

1. Login to Joo
mla administrator

2. Go to Extensions tab

3. Select the template you used and edit it

4. Go to Edit HTML tab at the top corner

5. Place the certification code where ever you want to display the badge

You can add the SiteLock code to your WordPress by refer
ring to the steps given below:

1. Login to the WordPress admin.

2. Go to Appearance, click on Widgets.

3. Click on the text widget and Drag it to Primary widget area.

4. Paste the SiteLock shield code to inside the text area.

5. Click on Save.