Bolt Website Security

Dean

Expert Member
Joined
Aug 19, 2005
Messages
2,651
Bolt Website Security contacted a company with which I am affiliated, to sell their services for the company's 'hacked website/page' which Bolt detected.

There are a few red flags popping up for various reasons, which I won't yet go into.

Do you guys have any experience with them?

Their site: http://boltiswatching.com/
 

Thor

Honorary Master
Joined
Jun 5, 2014
Messages
42,819
Bolt Website Security contacted a company with which I am affiliated, to sell their services for the company's 'hacked website/page' which Bolt detected.

There are a few red flags popping up for various reasons, which I won't yet go into.

Do you guys have any experience with them?

Their site: http://boltiswatching.com/

No https
 

halfmoonforever

Expert Member
Joined
Feb 1, 2016
Messages
1,197
Red flag number 1

lol? you don't have to be on https to be a security company specializing in securing websites? but mkay

In any case, bolt probably found you through a google search and did a quick security check on your wordpress site. Found it to be of an older version and/or running a plugin that might be exploitable, then contacted you.

I've had several companies try that before at my previous job. Manager didn't want to budge in upgrading etc, even though they did showcase a very nice vulnerability.

Get them to send you the security report first, might not be a bad idea to then talk to them. Depends on how your company perceives their online presence (if it's valuable to them or not)
 

WAslayer

Executive Member
Joined
May 13, 2011
Messages
7,198
lol? you don't have to be on https to be a security company specializing in securing websites? but mkay

no, you dont.. but it certainly does help instill some trust for potential customers.. they are probably legit though I would never sign up with them..
 

Dean

Expert Member
Joined
Aug 19, 2005
Messages
2,651
lol? you don't have to be on https to be a security company specializing in securing websites? but mkay
....
Get them to send you the security report first, might not be a bad idea to then talk to them. Depends on how your company perceives their online presence (if it's valuable to them or not)

As WAslayer said, not as much a case of being a 'have to', as it is a matter of, metaphorically, not wanting to use the carpet-cleaning company that has dirty carpets.

Your conclusion leads us to red flag number 2 - their landline doesn't work and mobile number just rings.
I'm all for email communication, but inactive advertised contact details raise more red flags.
 

nkawit

AllWorldIT
Company Rep
Joined
Nov 18, 2011
Messages
328
No registered company information.

No address.

Yea ... few more red flags.

Lets not mention the https:// URL gives a certificate for www.afmin.org
 

WAslayer

Executive Member
Joined
May 13, 2011
Messages
7,198
No registered company information.

No address.

Yea ... few more red flags.

Lets not mention the https:// URL gives a certificate for www.afmin.org

simply means that the websites are on the same shared server and the afmin.org website has a ceritificate which was the first installed certificate on the server..
 

Dean

Expert Member
Joined
Aug 19, 2005
Messages
2,651
Alright folks, thanks for the input. Look like its best to give these guys a miss either way. Cheers
 
Top