What types of scans does SiteLock offer?
SiteLock™ offers different types of scans to find vulnerabilities and compromises on your website. Get the details about each below:
Malware Scan
Our malware scanner crawls websites and checks for malware signatures, links and JavaScript within the source code. SiteLock maintains a large database of known hacks, threats and signatures that we cross-check the source code with during our daily scans. The malware scan itself does not fix the issues but will warn you as to what we found and on what page. Most malware is found within the first 25 page URLs of a site as the hacker wants it to be found.
You can find more information about your SiteLock account's Malware Scan reports here.
SMART Scan
Related to the Malware Scan is SMART. The Secure Malware Automatic Removal Tool is one of SiteLock's most powerful tools. This is an FTP-based scan that allows us direct access to your website's files. The connection leads us to a specific directory, which in turn lets SiteLock scan all the files associated with the website. SMART will check each website file for known malware scripts, algorithms, backdoor files and malicious coding. When found, SMART will remove them if possible.
Unfortunately, because hackers are nefarious and cunning at time, SMART is not always a guaranteed fix. For issues SMART cannot remediate for you, SiteLock offers its for-a-fee Expert Services (more info).
Spam Scan
No one wants their important emails to go unanswered. This is where we can help. If your IP address is thrown onto a third-party spam list, whether accurately or inadvertently, emails that you send will go straight to the receiver's spam/bulk folder until the issue is corrected. SiteLock scans your IP against several known third-party spam databases to check if they are listed as blocked. If their IP is found, we alert you.
Unfortunately, this is a pretty common experience for anyone on a shared hosting environment. They are all sharing the same IP and when someone starts spamming, that shared IP gets blocked. This affects all users hosting on that same IP address. When we find a customer listed as having a blocked IP, we let them know. That customer is responsible for further action as we do not have the ability to remedy this situation. The majority of the time the customer's hosting company will find this issue and resolve it within 24-48 hours. If they are still receiving the alert after 48 hours, they will need to contact their email service provider for future support and to remedy the situation.
Network Scan
Our SiteLock product does not offer Network Scans because the majority of our customers are on our network, which we protect through our own measures.
Our server customers can contact their administrator for assistance securing their network.
Customers who use SiteLock at a third-party host would also not be able to remediate any issues SiteLock detects.
Application Scans
The application scan is a beast of its own. This is considered an outside-in scan. The application scan will use several resources on your server to complete the 2,800+ vulnerability and penetration tests that we run. This is why this scan is usually only run once a month or quarter. Some partners (EIG) will not even allow SiteLock to run the application scan on their servers. During the scan we check for vulnerabilities, code weakness, security policies and protocols on your server, versions of currently running services (PHP, Apache) etc.
Application Scan vs. XSS & SQLi Scans
Both of these scan types are external or outside-in scans. Of the two scan types, the XSS and SQLi standalone scans are the most accurate; however, they are both beneficial. The XSS and SQLi scans are mostly trying to penetrate input fields using XSS and SQLi scripts. They check for both database- and URL-based attacks. The application scan checks for additional variations of XSS and SQLi vulnerabilities.
Advisory Scan
This is an extension of the application scan as it runs at the same time. This scan will look for issues like external redirects within the website or whether or not the site uses cookies. If issues are found, we will warn you via email if the alert falls into the "high" category.
SQLi Scan
This is an outside-in scan where SiteLock's scanner attempts to penetrate the site using SQL Injection techniques. If SiteLock is able to alter the action of your database, we will warn them of the vulnerability on the site. Our scanners also show them exactly where we are seeing the vulnerability.
XSS Scan
This scan is similar to our SQLi scans. We will try to penetrate the site from the outside-in by using cross-site scripting techniques. If we are able to penetrate the site, we will send you a warning and advise them to check the specific coding in their dashboard, where we are finding the issues. This scan can cause emails to be mass sent out if captcha is not installed on the site.
Depending on your plan, you can perform some of these scans on demand (more info).
What do I do with the results of these scans?
If SiteLock's scans detect vulnerabilities or compromises, it has tools to help you fix them (more info).
