We have long noticed companies that are offering to fix hacked website appear to lack an understanding of what that actually entails them doing for clients. What they often fail to understand or simply don’t care about is that simply removing the hack is not enough. You have to determine how the website was hacked and make sure that has been fixed or it is likely to be hacked again. We strongly believe that doing otherwise is highly unethical, as it exposes the website and it’s visitors to the potential of infection or data exposure. It also seems to us to be a rip-off as your paying someone for cleaning up an issue that could quickly return. We are often hired to clean up websites that someone attempted to clean up before but were not properly secured after they were hacked
Determining how a website was hacked and properly securing is much harder than just removing the hack. It requires a general understanding of the technology underlying websites, a knowledge of the software that is being used on a website, how hackers operate, prior experience, among other things. There are some situations where we could easily remove the hack from a website but we know that we don’t have relevant expertise to properly secure the website, in those cases we provide the potential client with the information on what needs to be done to secure the website for free.
What we haven’t dealt with before is a company that offers to clean up hacked websites contact us and admit that they were unable to determine how a website was hacked and wanted us to do it for them. Then last week we were contacted by a representative from TVCNet, which also advertises their service at hackrepair.com. They told us that they were good at removing the hack code, but a website they cleaned was being reinfected and they couldn’t determine what was allowing the website to be reinfected. The infection that they describe was one that should have been very easy to determine the source of if they had even very modest experience dealing with cleaning up after hacks. It certainly should not have been a problem for someone that is charging clients 350 dollars to clean up a hacked website (they apparently charge extra to upgrade software, even though that is often essential for securing a website).
With a company operating in what we consider an unethical manner, it is not a surprise that they are also lying about their service. They claim that “We will work direct with Google staff, and ensure your web site is unblocked by Google”. The truth is getting unblocked by Google is a completely automated process that doesn’t involve working directly with Google staff.
Unfortunately, there does not seem to be anything that we can do to stop this type of practice. If other companies contact us we can certainly highlight there unethical practices as well, but that won’t stop them or others from continuing these unethical practices. What we can do and have done for some time is to get accurate information out there on cleaning up after hacks so that those companies have a better chance of properly cleaning websites. From our analytics data it’s clear that many companies that might be dealing with those hacks have been accessing that information. Others also provide this type of information, but unfortunately we often find the information being put is inaccurate. We also have created a tool to detect popular backdoor scripts, which should help to prevent some hacked website from being reinfected as it would of in this situation. We also provide information on how to properly secure websites, which we run advertising to promote, so that websites don’t get hacked to begin with and then have to deal with these companies.