SCAM ALERT: How HostGator Attempted To Extort >$200 Out of Me for SiteLock

This will be a longer article explaining a common SCAM that was reported numerous times for multiple hosting providers. Even if you are not hosted with HostGator you still might want to read about it, for the future safety of your wallet. The short version of the story is at the bottom of the page.

I have been a loyal customer of HostGator since at least 2005. Even after they were bought out by EIG back in 2014, even after their support and customer service started going downhill rapidly, I still decided to stick with them. At the time of writing this I have 3 separate accounts with them (2 shared + 1 VPS) and I pay around $875 / year for their services.

The HostGator + SiteLock SCAM

It all happened yesterday, 23/02/2016. At 17:37 I get an email from HostGator informing me that my account has been suspended because it was distributing malware. I should immediately take measures into resolving this issue.

hostgator-sitelock-scam-fraud-2016-1
Our Abuse department has received a report regarding malware being hosted on an account under your control. We have disabled site access for your account to prevent further complaints, and have provided a list of the reported content. Note that the below content is not a comprehensive list of malicious content on this account. We strongly recommend that you address the entire account to avoid further issues.

In order to remove the restrictions we’ve placed, you must resolve the security issue and remove what malicious content was listed. If you do not believe you can do so on your own, you may use a reputable third-party security service, such as SiteLock, who can be reached directly at 877-563-2849. Please note that repeated reports of malicious content on your account within 60 days of an initial notice will lead to further action being taken, including permanent suspension after failing to professionally clean the account.

Once you have taken steps to secure your account of the reported content, please reply back to this ticket to request review.

HostGator’s letter says: “We have provided a list of the reported content”. There is no list and no reported content. OK.

I try to open by website and sure enough I get the following “suspended” page, which obviously contains ADS added by HostGator. I get the same view for all the other 10 domains on this account.

hostgator-sitelock-scam-fraud-2016-2

The abuse report came from a German service Clean-MX.de that conveniently SELLS WEBSITE CLEANUP SERVICES and is an obvious automated abuse letter. It contains ZERO information, but IS advertising its services. A new level in SPAM marketing.

Unfortunately for me, HostGator gladly jumped on board and had its own interest to play in this game.

What is SiteLock and how/why HostGator advertises it?

SiteLock calls themselves “The Global Leader in Website Security”. HostGator has partnered with them back in 2010. Today HostGator advertises SiteLock in all possible locations. They even stopped doing things that a hosting provider should be doing in favor of selling SiteLock subscriptions.

hostgator-sitelock-scam-fraud-2016-5hostgator-sitelock-scam-fraud-2016-4

Here’s their official “My Site Got Hacked!” support page and what to do. Notice any helpful instructions other than “pay SiteLock”?

When looking at the suggested Emergency 911 Clean-up Service by SiteLock there was a $200 price tag for this service. You pay this fee if you didn’t have SiteLock enabled before the infection. Once infected – pay up the $200. Now that my account is back online I am unable to access that offer from SiteLock, so I can’t provide a screen-shot, sorry.

Additional Privacy Concern

Take a look at the original email they sent informing me of the account suspension.

hostgator-sitelock-scam-fraud-2016-7

How cool is that? They even CC a third-party service into a confidential support ticket created for the customer. Want it or not, but account suspensions are immediately forwarded to their partner, an open referral lead. SiteLock lands a customer? HostGator gets a good cut. An infuriating level of wrong.

HostGator’s Support Reaction and Inactivity

If you have read the full letter from above you will notice that HostGator did not provide a review for the situation. They simply forwarded the abuse report from a third-party entity, suspended my account, pasted an AD for SiteLock and sent the letter. There is no trace of any account-specific information, ZERO proof that my account was compromised in any way.

I quickly go and open HostGator Live Chat Support. Waiting time: 9 minutes, nice! During this time I inspect my account via FTP: folders, files, timestamps. Zero suspicious files. Zero files were modified in the last ~6 weeks. No trace of any malware.

1. Live Chat

The Live Chat opens up, a support rep called Jeffrey drops in. After about 30 minutes of slow talking, I finally get the following: “The Live Chat support people can’t do much, we have no access to information about such issues. I advise that you follow the instructions from the ticket”. Thank you Jeffrey, bye.

HostGator Live Chat no longer has the option to automatically send you support chat transcripts. Perfect, leave no traces.

2. Twitter

“Our security team does review these before action is taken.”

3. The Support Ticket

The initial ticket was opened on February 23, 2016 at 09:37 AM.

The next message from HostGator was 8 hours later, on February 23, 2016 at 05:28 PM. Here it is:

hostgator-sitelock-scam-fraud-2016-6
I do apologize for the inconvenience as security department review each ticket in the order received or re-opened. Upon reviewing the issue the ticket was escalated to my department. I have had our administrative staff proceed with removing the restriction. I do apologize for the inconvenience as the account was not properly confirmed to be compromised. Please do note that in the cases of third party reports, we take those reports, review the report, then the account and once confirmed to be indeed compromised the restriction is placed though human error can occur.

Steven H. is kind enough to immediately offer 3 months of free hosting (~$20 value), after HostGator tried to “persuade” (read: extort) $200 out of a loyal customer. If at least 2 out of 10 fall for this – PROFIT.

The Damage

Below I want to show you the Google Analytics stats for yesterday for 3 of the 10 domains suspended by HostGator.

Every year 2 of these domains see huge traffic spikes specifically on 23/02 due to an annual event. Yesterday I missed half of that traffic because of HostGator.

hostgator-sitelock-scam-fraud-2016-3

Other Reports and Reviews for the SiteLock Scam

When searching for other info on this matter I have found hundreds and hundreds of pages with awfully negative reviews for SiteLock and their services. Be it HostGator or other major hosting providers, a lot of consumers are furious.

In Conclusion (The Short Version)

  • HostGator is my hosting provider that I’ve been a loyal customer of for ~10 years.
  • Someone sends HostGator a bogus malware report for my account and 25 days later they simply suspend my account. Not once during these 25 days have they informed me of anything.
  • Their support pages all suggest the same thing: sign-up for their partner’s services, SiteLock, which would cost me at least the $200 one-time cleanup fee, and then monthly payments, up to another $600 / year.
  • Instead of providing ANY helpful information, HostGator’s Live Chat Support and Twitter support both suggest the same thing again: to sign-up for SiteLock and pay up. At this point there is still no confirmed malware.
  • After 6 hours of waiting I finally send my final message to HostGator, threatening to cancel my hosting packages and taking my business elsewhere.
  • Finally 2 hours later a HostGator support rep confirms that THERE WAS NO MALWARE to begin with, that it was just an honest “human error”. To buy my silence they automatically give me 3 months of free hosting.

What to do and how to protect yourself?

First order of business would be to open the website of your hosting provider and look for any mentions of SiteLock. If they promote this SCANDALOUS service anywhere then you should consider your options. Be on the lookout for attempts to extort money from you for bogus services and for protection that they are supposed to provide anyway.

I am not going to recommend hosting alternatives or post hosting reviews for other companies, as this is not the point of this article.

Don’t fully trust anyone with your website, not even your hosting provider. If they ever ask you for more money for service X or service Y, research it a little before opening your wallet.

 

Update #1 (26/02/2016)

There have been some updates and messages from a HostGator Customer Service Supervisor. I am posting the important part of the message below, I leave it at your discretion to decide what you think of it. I took the liberty to highlight the parts that I think are more important.

My name is [..] and I’m our customer service supervisor here at HostGator.com. I’ve since had a chance to review the situation as well as your blog post and would be glad to continue our discussion on the matter.

Having said that, I feel that what this situation boils down to is whether or not you believe our statement that this experience stemmed from human error. In that regard, I would point out that we do not actually share 3rd party reports directly with our customers, which I believe is a strong indication that the agent handling this ticket was not following company policy. Similarly, we found that our agent did not follow policy in regards to actually evaluating the 3rd party report before issuing a temporary suspension which of course is fairly obvious after reviewing the content of the original e-mail, so we offer our apologies if our Twitter response seemed to indicate that this was not an exception to our usual process of reviewing each of these reports.

The agent handling the initial report is actually one of our newer admins assisting with security issues and we’ve made certain that this oversight was immediately brought to their supervisor’s attention for appropriate action. In our opinion its not appropriate to make proof of disciplinary action available to the public or even privately with a customer, so again we’re really just at a point of whether or not you trust our communications with you. To that point, I see you’ve been with us for nearly 7 years so I would hope we’ve shown to be trustworthy throughout your time with us but if this error on behalf of one of our newer agents has ruined that amazing run, that is certainly disappointing.

In our last correspondence my employee Steven did offer 3 months of service for the mistake but after review, I don’t see any disclaimers stating that the credit would only be available if you kept your experiences a secret, but instead see that the credit was added due to the mistake.

We do offer our apologies once more for our agent’s error and if you’d like to discuss the matter further via e-mail or phone, please let me know and I’ll be glad to arrange a callback with you.

I have no complaints about their last messages in the support ticket, their customer service supervisors clearly know how to formulate an apology while keeping the situation in check. However it is easier to lose trust than to gain it, so personally I can’t trust them anymore.

Update #2 (20/05/2016)

For the last 2 months I have been getting daily emails and comments describing the same situation. In some cases people get charged up to $500 one-fee, in other cases they are persuaded to pay $99 / month, etc.

The high amount of comments for this post is just the tip of the iceberg. Nothing has changed since publishing this: SiteLock continues to grow thanks to “strategic partnerships” with hosting providers like HostGator.

Update #3 (02/01/2017)

In the last 6 months I have probably gotten about 50 emails of people complaining about the same type of behavior from HostGator (and a couple of other hosting providers). The strategy is still the same: suspend whole accounts and ask for money. In very few cases these people were able to find actual malware on their website.

On Christmas 2016 (25th December) HostGator sent out a mass newsletter to customers informing them that the partnership with SiteLock has advanced to a new stage, so they will now perform FREE basic scans. You don’t have to opt-in, it is forced on everyone. To opt-out you have to CALL THEM or get them on live chat. I think this is done just to be able to explain how and why SiteLock is harassing customers with their constant (often false) malware alerts.

Here’s the full message, the last line is the best:

Dear Dumitru,

We’ve recently collaborated with our longtime security partner, SiteLock, to help you — our valued customer — add even more protection to your web presence! Website security is something we take very seriously at HostGator. For that reason, as part of your hosting package we’ll be including a basic malware scan for your domains that don’t currently have SiteLock, free of charge.

This scan will identify known malware and acts as a simple “alarm system” by sending you an email alert as soon as something malicious has been detected, giving you time to react prior to being blacklisted by search engines.

To provide more information on this scan, and to address any concerns you may have about its legitimacy, we’ve created this article, which offers additional details. For other ways to secure your website, please feel free to reach out to our trusted security advisors at xxx-xxx-xxxx today.

Best Wishes,
The HostGator Team

*HostGator does not guarantee SiteLock scan results.

It is important to remember that both HostGator and SiteLock are owned by the same corporation (EIG), so don’t expect their upselling scheme to stop anytime soon.

Update #4 (03/01/2017)

After numerous emails asking me for alternative hosting providers with a good record, I decided to provide here a small list of WordPress hosting providers that are better (to my knowledge).
Disclaimer: affiliate links below.

Web Hosting Alternatives to HostGator

  • InMotion Hosting – this is our current hosting provider. Surprisingly good value for the money, with even better customer support. They surely bring back memories of when HostGator was good. During the past year I have migrated multiple customer websites to InMotionHosting and everything has been smooth so far. Shared (called: Business) hosting plans start at $6.99 / month with big ongoing discounts.
  • WP Engine. Shared hosting plans start at $29 / month.

Official WordPress.org Recommended Hosting Providers

On the WordPress.org Web Hosting Page (https://wordpress.org/hosting/) the foundation recommends 4 hosting providers and 1 of them is owned by the same EIG.

I have NO experience with these 4, but I have to mention them here.

  • BlueHost (EIG owned). Shared hosting plans start at $7.99 / month.
  • DreamHost (EIG owned – corrected). Shared hosting plans start at $9.95 / month.
  • Flywheel. Hosting plans start at $15 / month with major limitations.
  • SiteGround. Shared hosting plans start at €7.95 / month.

Author: Dumitru Brinzan

Founder and WordPress developer at HermesThemes.
With over 7 years of experience in the hospitality industry, it is my strong belief that WordPress brings unprecedented opportunities for independent hotels, B&Bs and inns.
Over a thousand of amazing properties worldwide use our Hotel WordPress Themes on their websites.

 
  • FoCoBiking

    Host Gator has really gone down the drain in my opinion. For me, they started so well then something changed, and I’m not sure what. I remember reading something about a change of ownership and downsizing. Their wait times for support skyrocketed and I always seemed to have issues with load times on WP installations. Currently I use Veerotech. They’ve been nothing short of perfect in my book. May want to give them a try.

    • Yes, HG has been excellent until ~2013. I loved their live chat support that solved all my problems in just a couple of minutes. But now their live chat is a time-sink: you wait, then they listen, then you wait some more, then they tell you “they are working on it”. And then you give up…

  • chrismccoy

    i would move all your sites to a better wordpress host like siteground, i moved off of HG years ago, was glad I did, they also overload their servers with as many customers as possible

    • Yes Chris, I’m in the process of doing that for all of my sites, though it will take a while.

    • anita veritay

      stop! siteground is doing it to me right now! as I write my site is locked but there is no malware on there.

  • If you’re paying approx. $20 for three months of hosting, you’re pretty much getting the level of service that you’re paying for.

    A shitty move on Hostgator’s part, yes, but if you care about your website, get better hosting.

    • $80 for a shared hosting account is not too much or too little, it is close to what all the other guys are offering. And the issue here is not about the cost of the plan.

    • anthonyrossbach

      Cost is nothing, NodeHost is $1.20 to start and they review everything one at a time and do not partner with services like SiteLock, they also host few sites per server for performance reasons. There are many options that are cheaper and better, but only the big (and over filled) services are known.

  • ifeelgod

    I have a number of domains and walked thru virtually the same process. They finally lifted the suspension but it cost me. I’m out in the near future along with EVERY affiliate sale I have made

  • Amey

    Hostgator is worstgator. I signed up for 3 years of hosting at hostgator the first 3 months were great then my website started getting a lot of downtime around 30 minutes a day and that too daily.i called their support and they said to contact sales ? That was funny but still i made an attempt to contact sales. The sales person instead of helping me he said to purchase a VPS plan !!!! I laughed a lot and then disconnected the call and shifted the host. My 2 yrs got wasted at such a crap company.

  • I don’t understand why you are still with those guys… I would say, move already :)

    • I’m working on it, moving them one by one :)

      • If you need a hand, moving sites is one of the things I do on an almost daily basis :)

  • ceasehope

    EIG

  • Stefan Sebechlebsky

    IMHO, a hosting provider should never dare first to disable your site and then contact you to resolve the issue. However, first they should ask you to resolve it – give you a few days, and only then perhaps disable the site access if you do not act.

    • Yes Stefan, that’s what I thought too. In this case I was considered guilty until proven innocent, instead of the other way around.
      And considering that they have already waited ~25 days since the initial abuse report, another 24-48 hours shouldn’t have caused a lot more damage, even IF there was something bad in my account.

      • Stefan Sebechlebsky

        Hard to say “guilty” in this case but even if there ware a real intentional fault of yours they should first ask you to rectify and politely warn you, never just disable the service which you are fairly paying for and you might heavily depend on.

    • Janet

      That is not the case sometimes. Having malicious content on a server that is shared by many others can disrupt services for others which is why they suspend your account to prevent downtime for other users. and honestly have time you guys wouldn’t pay the money to get the malicious content removed.

      • Stefan Sebechlebsky

        The websites on a shared server are isolated virtual web servers with files owned by different system users and many more security features. This technology has been built with security in first place. A malicious content on one site has no way to propagate to the other ones. Unless causing some heavy server load I can’t see a reason to have to disable the website just suspected compromised.

  • Roxanne

    I use Hostgator and received a phone call yesterday from SiteLock. They said they found 2 instances of malware on my site. I asked where, & removed it myself while still on the phone. They then replied they would send me a follow up report via email within a few hours. No email was sent. Thanks for sharing this info!

  • webmasterintexas

    I used HG for a long time, and then suddenly, (around 2014) their support dropped off the map. I have now gone on to LiquidWeb, support in under a minute, and fast internet speed. Glad I left Host Gator after reading this.

    • David Gang

      Hi! We’re thinking of another hosting provider. Bluehost sucks with their aggressive marketing of Sitelock and SiteDoctor because they would not let our fifteen sites activated if we don’t purchase them. Is LiquidWeb a good option?

  • Dan Lambert

    Hostgator and Sitelock did the same thing to me and are trying to do it again. They suspended my site for no reason. Site Lock keeps calling. I see a class action law suit here.

    • Hey Dan,
      It is surprising that this is going on for such a long time and in such an aggressive way.
      I was reading a SiteLock financial report from November 2015 and they were boasting with a 1046% increase (yes, 10x) in revenue in just one year, thanks to “strategic partnership” with hosting providers. Coincidence?

    • judyb

      I moved 9 sites FROM Hostgator to Bluehost for all these reasons. Same sh*t happening there – getting calls and emails from Sitelock – there is not-dangerous supposedly-malware stuff being added randomly, and I’m becoming convinced they put it there. Moving to LiquidWeb, getting my money back from Bluehost!

      • Sister Wolf

        ME TOO! And get this: Bluehost persuaded me to get Sitelock security for $500, telling me it would protect my site from everything….Now Sitelock contacted me to tell me it has discovered 3 pieces of Malware and wants $300 to remove them OR my host will shut me down. What wasa the $500 for, I asked. That’s just for scanning” some p[rick called Sean tells me.These fuckers are crooks, We need to all file complaints with the BBB at the very least.

        • judyb

          Wow! I feel lucky that they called me even though I hadn’t paid $500!

      • anthonyrossbach

        Bluehost and Hostgator are the same host, even the same data centres. They are owned by EIG.

        • Heidi Caswell

          Sitelock is also owned by EIG

  • Cerial Ventures

    This is a serious issue concerning fraudulent and deceptive trade practices. Anyone interested in joining a class action can email me at cerialventures@gmail(dot)ocm

  • Sergey

    Same situation in past two days, same text of abuse, but for me they insert random page from my site like it was infected.
    In live chat and tickets support try to sold me sitelock service))

    • Sergey

      And a big news for me is all guys in hostgator live chat is a sitelock emloyee. Need to run from them asap…

  • Sol Tad

    This question is to the site admin. Could you please tell me the reason why my comment was deleted?

    • Your comment was not deleted, it had to go through anti-spam moderation.

  • Sol Tad

    I am another Hostgator Sitelock Malware scam victim that all of my sites has just taken down without any prior notice. When I did some research, I found this site and another two very important sites I would like to share with you to see all the hosting companies owned by EIG that the company who owned Hostgator to help you stay away from all hosting companies owned by this scam company to avoid experiencing the same problem.

    http://www.webhostingsecretrevealed.net/blog/site-updates-news/the-who-what-when-of-endurance-international-group-eig/

    And also, there is a site launched to join all victims of Hostgator for a class action lawsuit.

    http://boycotthostgatorwebhostingsuit.blogspot.com/2015/10/hostgator-web-hosting-boycott-suit.html?showComment=1459012978288&m=1#c5201990492339371805

    Let’s Stop Talking And Do Something About It!

    I believe, the first step is helping each other with information on how easily transfer sites or if there is any hosting out there wiling to help with this task.

  • Vijoy

    I am in the same boat now – on HostGator; received few emails, then few calls from SiteLock and finally getting “infected”. Hard to figure out what the infection is (not bad links – they must be getting smart).

    I am pissed off and am willing to move away from HostGator leaving behind the money that I paid for a 3 year contract. Any options to where I should move to?

    • I have been researching options for a few days, the non-EIG hosting companies. In the end the choice fell on Inmotion Hosting – no regrets so far. Quick and friendly support from humans, not from bots.

  • Eileen Dooley

    Just happened to me. Everything from Hostgator goes to my inbox but this ‘warning’ went to junk – which makes me wonder if it is treated as junk was it part of a big batch going to many people. Waited for an hour – twice, for support from Hostgator. Neither operative could do anything and told me to reply to the email. My whole account is down, not just the effected site. Can’t believe Hostgator would be so dishonest as to create a conflict of interest with Sitelock

  • Jerome Larochelle

    I am going through the exact same story right now….3-4 weeks after SITELOCK called me randomly. That’s very convenient hey!

  • Tammy

    Thank you so much for this article. This happened to me as well. I actually paid Hostgator a 15.00 fee to install a backup on my accounts! Since then I have used Word Fence and Anti-Malware plugins on my sites and I run them periodically. I will be looking for a new hosting company now. I just don’t appreciate the fact that they tried to manipulate me. It would be different if they had just made an offer.

  • stephen

    Hi Guys, thanks for sharing. It still continues. They tried to scam me yesterday. My SEO guy told me that the frame on my site was loading slower, so I called up hostgator to check for any site compromise and they redirected me to sitelock(I didnt know it was sitelock , there was no mention of it), until 20 minutes into the conversation with the sales rep CJ, who was trying to hard sell me a subscription for 800$. I called BS and asked to speak with his supervisor, after putting me on hold for 20 minutes the manager (Travis) finally showed up and told me that this was not hostgator and instead it was a company called Sitelock. Im truly puzzled as to what to do, there is no guarantee that they wouldnt single out my website to attack it and force me into buying their subscription, Im thinking on moving my hosting else after 5 years with hostgator. Any suggestions?

  • Sunrise Everyday

    Just poking around and I am so glad I did! Getting back into the internet business and have been reviewing hosting providers. I had heard HostGator had gone downhill after being sold but I was considering them for short term. Not anymore. I will continue my research for a hosting provider not on the EIG list. But the way it sounds, since the acquisition rate is high, I would need to check any owner changes about every three months. For anyone that has had problems in the past, HostGator headquarters is in Houston, TX and if you are in the US (and even if not) file a complaint with your own Attorney General since they are doing business in your state. SiteLock headquarters is in St John, Fl. If you are not in the US, file a complaint with Texas Atty Gen and FL atty gen. If enough complaints start hitting the fan, states may start to ban them doing business. Or skip right over and go to the US Dept of Justice my guess would be the AntiTrust division. There are only a few posts here. How many people have been burned by this scam? Scary thought.

  • Lisa

    WOW! Thought I was imagining things….. with Hostgator for years…. Feb ’16 they take down my sites and put up there ads……and strongly recommend sitelock. In the last week 3 times shut my sites down and put up their adds. When I asked for mailing address of legal department I got
    “I will not be able to continue this chat due to legal actions you can now contact legal@hostgator.com for further information” yeah my sites are still showing their ads :( and they locked me out of my cpanel … but my payment went through today

  • maria

    Hi!
    I was reading blogs before I could purchase HostGator. They would “Highly Recommend” Sitelock upon purchase. So I looked into it and read if it is indeed recommended.

    Bottomline to this, do i have to purchase it in advance?

    I felt so bad for your experience.

    I was thinking of looking for another company instead. are you still using HostGator now?

    • maria

      *do i have to purchase sitelock in advance?

    • Hi Maria,
      I have moved all my important websites to a different host.

    • anthonyrossbach

      Don’t get SiteLock, you are paying for a service that is almost never needed, and is mostly used as a scam.

  • @hermesthemes:disqus

    I was a HostGator customer since 2008 and got burned by the SiteLock up-sell in 2014. I was on the cheap shared-host for years (DIY WordPress site). I get about 30 genuine human hits a month (bots and crawlers removed from my stats). And, 30 human visitors was all I need! I can be busy with 1 client for 6-12 months. My website is a brochure and resume.

    I was hacked 3 times on HostGator with SiteLock turned ON! I wrote about the last hack in a LinkedIN post. I include screen shots on how I discovered the hack and easily can see the brute-force attacks (with SiteLock’s entry level service turned on). https://www.linkedin.com/pulse/show-fix-hacked-website-shauna-mcgee-kinney

    Discovering the hack and my customer service stories parallel your story with customer service.

    When I finally hired an independent coder to move my site to a new web server — he groaned. The hack was up at the HostGator shared server level, above a level I could access. The coder was shocked that HostGator was pushing me to increase my SiteLock subscription when they were the only people who could/should clean their server.

    And, what I didn’t put in my article is that HostGator completely botched the cancellation of my web hosting. Not in my LinkedIN article – my HostGator tickets were closed within minutes of opening the cancel hosting ticket. The help desk sent me a message that I needed to fill out a form – I took a screen shot and PDF of the automated receipt of the form. HostGator couldn’t find my form even with my screen shots!

    Now get this. My story is not over. My domain still gets scanned by SiteLock 5 months after I moved to a new web host and SiteLock was cancelled! I have blocked the SiteLock scans using my security software. I spoke with a SiteLock account manager in Arizona (yesterday) and he said SiteLock could not turn off the scans. The scans are managed by the affiliate (HostGator).

    Hah! Ugh. And, then he offered me the $95 USD per month VIP subscription. Ooof.

    • Shauna thank you for your input.

      Just for fun, check this out:

      “PHOENIX, Nov. 17, 2015 /PRNewswire/ — SiteLock today announced it ranked No. 85 on Deloitte’s Technology Fast 500™, a ranking of the 500 fastest growing technology, media, telecommunications, life sciences and energy tech companies in North America. SiteLock grew 1046 percent during this period.”

      The full press release can be seen here: http://www.prnewswire.com/news-releases/sitelock-ranked-number-85-fastest-growing-company-in-north-america-on-deloittes-2015-technology-fast-500-300179440.html

      Of course it doesn’t describe their extortion practices…

      • Wow. Yep. Corporate startup. Good spin from the SiteLock PR firm.

        SiteLock has a lot of big affiliates including GoDaddy. (Did you ever see GoDaddy’s domain search scam?) I don’t think they have enough control over the customer service on their product. And, to discourage people from buying directly from SiteLock (driving the traffic and customer service to the affiliates) – subscriptions are 300% more expensive directly from SiteLock.

        And, that doesn’t include that it is faux-ware until you buy the Enterprise Subscription.

  • Jennifer

    I got an email from Hostgator about malware this morning, with the very unhelpful info to call SiteLock. Not knowing anything about them, I called and they told me it will cost $300 PER SITE to clean my files. Guess their rates have gone up. I fixed the problem myself for free but am now looking into how to most efficiently move all of the sites off of Hostgator to another company that won’t try to rip me off.

    • anthonyrossbach

      One at a time is the best way, that way you can make sure each site is working fully before going to the next. It’s time consuming I know :(. NodeHost is a good option, they don’t have automatic systems for things like this and check all reports by hand. :) Good luck.

  • Here it is, just got several mails for my all domains hosted in hostgator subject name “SiteLock Alert”. Previously they forced me to subscribe the SiteLock yearly basis. Now they are sending mail telling that there are malicious software in my websites. I have checked Google Search Console security section, there were nothing. Also checked with this http://www.google.com/safebrowsing/diagnostic?site=www.example.com also NO-NO.

    I think they are mainly targeting the customer with long subscriptions like 2 years – 3 years hosting plan. Mine 2 years. This is the call, need to think for better hosting next year, any suggestion for WordPress website hosting?

  • pageii

    Some of you asking on alternatives to EIG-afflicted providers. I’m happy to share some of my considerations for shortlisting your candidates and I hope that could be helpful to you. I shall not mention names as that may cloud judgements in your own selection process. Do note that HG is still good for some scenarios and you can find them right at the end of my post.

    For a start, you might wish to consider host providers who have their data centres located near your cities. Ceteris paribus, this may improve latency issues. Proximity also possibly lessen the extend of geographical networking-related uncertainties and it helps if you could do dial up to their local offices for help.

    Next, look for providers that has decent online FAQs articles on common issues (Many HG’s articles are ok but then again, weren’t they made pre-EIG?).

    If you run a business site predicated on reliability, shortlist those that are upfront about specific features and limitations. For example, you may see storage limitations (e.g. nth GB) and domain limitations per account (e.g. 1 site per account) especially on shared hosting environments. This is actually a good thing as it shows that they care about load. It’s a zero-sum game and there are always caveats to an wildcard everything-unlimited package. For the same price, would you rather put your site on an “unlimited” shared host loaded with 1000+ junk sites or another that carefully balances load but maintains breezy page loads of up to an upfront disclosed nth number of visitors/ bandwidth?

    That brings us to the next point – value. Low price is not necessarily good value. HG offers unlimited storage and bandwidth even as they had priced their popular shared hosting packages aggressively. Enter post-signup and you may begin to get hit by one constraint or another.

    For example, there is an “Inode Limit”. It is basically the number of files you are allowed to keep. Your website files adds up and so do your emails. Do you know that each email or email attachments count as +1? So if a single email contains 9 attachments, you would have +10 count. Is there a limiting mechanism that automatically shuts down auto backup features? Is there a threshold that triggers a total lockdown on your account? Are you able to predict or control the inflood of emails or file uploads?

    On a related note, you could conduct a simple “reputation test” based on reverse IP checks. If your result shows “too many sites” :
    – on the same IP (overloaded),
    – containing spammy content (IP blacklisted : your email server gets blocked),
    – marked blacklisted/malicious /hacked (poor host security / monitoring)
    then you might end up with bad company too. Company policy.

    Next, we look at tech support – another important contributor to value. If you have to wait for half an hour to get connected to a courteous but unknowledgeable online chat assistant, would you rather work with another that may not provide online chats yet able to solve your problems in a responsive and professional manner?

    For example, if you had deployed any cPanel/WHMs on your VPS/dedicated servers, you would have known that cPanel helpdesk does not have an online chat service. Instead, support requests are initiated through tickets. I may have some queer usage scenarios and settings that I could not resolve but their support team had reliably addressed them efficiently. In one instance, I even received a post-followup email on an already resolved issue updating me of how a new cPanel enhancement could address the same issue. Note that I had not used any examples of alternate host providers as every providers would score differently to different users. It depend on their fit with your usage scenarios.

    Seems like we’d covered quite a bit but we are not even close to the topic of Hostgator-Sitelock.

    Other important considerations such as host security and uptime track record may be easily forgotten amidst during the occasional “Flash sales” yet more deeply felt when things go south. And if you are new to web hosting, be assured that things do go south more often and costlier than any would have liked. It takes time to get re-oriented for something not touched for months. It takes even more energy to identify root causes that could have been avoided if a better host was used.

    Lastly, be wary of those that says upgrading to VPS or Dedicated Servers solves your shared hosting woos. It is a fallacy that more power and control means less problem. For example if:
    -you have a poorly scripted website, VPS/Dedicated is not going to help you in your SEO.
    -your site runs “slow”, upgrading to a significantly more expensive yet “basic” VPS might not make it run any faster.
    -you do not enjoy implementing, maintaining and tweaking OS and auxiliary software settings proactively to get the best out of your servers, upgrading does not make it run more reliably or keep malware further away.
    -you want to avoid a more expensive shared hosting packages from another better provider by going VPS, upgrading does not save because you’ll likely need a new slew of subscription-based support softwares to make your life easier.

    Comparing the benefits of a basic yet underpowered VPS against another highly focused shared-host of same pricing, the stacks are not evenly-matched. VPS/Dedicated are used for many reasons but going “faster” than shared hosts is not one among them. If someone can confidently advise you that even without studying through your usage scenario, technical settings and codes in totality, then you are probably being sold.

    All said, you should still find good reasons to use HG (especially shared hosting). For example, if you:
    -are tolerant to account suspensions without prior notices,
    -are patient with long wait time to get connected with help desk,
    -want to expose your test web apps/sites to an environment not configured with anti-malware measures so that you can study potential damages,
    -would gladly pay your host providers to retrieve logs/error files for you.
    -want to see how many months any billing or tech support departments could put their customers’ tickets “on hold” without even an acknowledgements, or
    -want to recommend a host to your competitors
    then, go for HG.

  • jmore

    LITERALLY going through this issue with them right now on 26 domains! Lost all of them but 5. I had no idea as I have been with them for years as well and was sold on a hosting service that included malware protection. Dumitru, you are exactly right that you should trust NO ONE with your sites and always make sure you are in control of your protection methods. You bring the condom for lack of a better way of putting it !!!!!!!!!!! And make sure there are no holes.

    • It boggles my mind how this practice of HG and SiteLock goes unpunished for so long.

    • swimmerinaz

      I’m going through this with IPage, Hostgator, and Fatcow on more than 300 domains. This is pure bullshit. There is no malware on my sites – they keep flagging a plugin that I use that has been checked over and over again and is fine. Then, I start getting all the Sitelock calls. If it wasn’t pure hell to move so many domains to another hosting company, I’d do it, but for now I’m stuck.

  • RSB1

    I’ve been having the same issue with HostGator & SiteLock. This is definitely a scam and not just a coincidence. My gf is an attorney and recommended a class-action law firm to reach out to. I’ve submitted all of this information and a link to this website to them. Will keep you all posted on any developments.

    • Afrodiva

      I’m interested. I left HostGator because I suspected a scam.

    • Cristina Bailey

      I’m interested

  • Catz

    I had the worst experience with Sitelock, can’t go into details, but it started with Hostgator. SL kept telling me they found malware. I ended up disputing the charge and had to cancel that credit card to avoid their sneaky attempts to keep charging me. Get this, though: Even after I left HG for a different provider I STILL got emails from Sitelokck claiming they found malware on my site. They even sent “screenshots” of the reports. I demanded that they tell me HOW they had access to my site. No answer. HostGator support once let it slip that those emails of supposed scans were marketing ploys and “I could request to be taken off the list.” I won’t even go into the actual “service” Sitelock gave me when I was with them. It’s all bogus. I ditched HG and Sitelock and recommend everyone avoid them. (I was happy with HG until then, and expressed how disappointed I was to have to leave.) Oh, and I am convinced that SL is attacking my sites. I have good security in place now, but they continue to attack. Just–don’t let them into your world in any way, please.

  • MacroscopicSolutions

    I switched to HostGator 1 day ago and already received this email from Sitelock with warning pages on my siblings. Changed my password, pissed at hostgator, now what do I do?

    • MacroscopicSolutions

      I also know this is a scam because hostgator asked for my passwords, but my site is still being hosted with Arvixe because I never changed the name servers. I have proof that hostgator is doing what you wrote about.

  • David Gang

    We are experiencing the same thing with Bluehost. Bluehost deactivated ALL 15 sites because of the ‘presence of a malware’. The three options we have according to Bluehost are:

    1) If you are familiar with code, identifying code, and altering code,
    you can do it yourself. Unfortunately, when you do it on your own, it
    means going through every single file on your account, 1 by 1, and
    removing the injected code. You will want to be very careful as there
    is good code mixed with the injection and removing any code incorrectly
    can permanently ruin that file.

    2) Purchase Sitelock Prevent which will clean the entire account in
    2-12 hours and protect the entire account for a year. It has never been
    hacked

    3) Purchase Site Doctor which will also clean the account, but only
    carries a 30 day warranty. It generally takes about 2-5 days to
    complete Site Doctor as it is a very detailed and manual process. They
    will email you with a report of how to keep things secure and explaining
    some issues removed when the account is clean and active

    Initially, Bluehost provided us the malware txt and our developer cleaned up all infected files as identified by Bluehost. Bluehost activated the sites but after a few days, they sent an email telling us that there is malware in our sites and all our sites are deactivated again.

    And now they changed their TOS to say that they no longer provide the list of infected files. We do not know what to do anymore.

    • Yes, it is curious how hosting providers decide not to do their job anymore, such as protection and real interest for how their customers are doing.
      They limit their responsibilities while funneling all customers into SiteLock’s pocket.

      • In some cases (not just mine) that I’ve been reading about now around the web, there’s zero malware involved and zero compromise. Which makes it a complete scam. They’re not fixing it because there’s nothing there to fix. (Or people have been suspicious that the hosting company is actually adding suspicious stuff… which who could prove it one way or another?) Which makes it appear like complete fraud extortion scamming. What with the urgency and stuff. Typical fraud con job earmarks. If it looks like a duck…

  • I had no idea about this until it happened to me with Powweb. They reported a certain file as running spam scripts. I examined the file, it was unchanged for over 10 years… it’s been sitting on their server unchanged for 12 years. No scripts, nothing but an archaic web page. Refused to admit this. Was referring me to Sitelock. I immediately sensed some kind of scam, particularly because I’d recently responded to an upsell, something small and not very expensive… but I guess the fact that I bought this upsell marked me as a a good target for something else or trying to extort more money from me. Like I’m ignorant of what can or can’t happen, like I don’t know how to look at the code of a simple 12 year old archaic web page with no exploitable scripts, and know that nobody’s sending 200 spam emails an hour from this archaic web page. Needless to say, after 15 years with Powweb, no more. Not worth it.

  • John

    I have been with hostgator since 10 years, almost very good experience, but after EIGI groups acquired host gator the hosting becomes Nightmare… this group owns Bluehost, HostGator, iPage, Domain.com..

    Story started after my shared hosting site infected with malware despite my code is clean and update… I contacted hostgator and they redirect me to “Sitelock” who introduce themselves as hostgator security partner.. I told them i have issue, they told me “Don’t worry, you are in the correct way”,, They quickly suggested their plans,, I told them this is not my mistake, they told ” you have to pay”..

    Because I am in trouble, I saw sitelock plans in hosgtaror website which comes in different prices, the best plan was 16 USD/month, but when try subscribe using hostgator website it leads for error page.. Sitelock in chat session told me that pricing starting 169 USD per month one year contract.. after long discussion they give me discount at 49 USD one year contract.. They send me contract and they were very fast to sign and finish contract..

    They told me that they will fix issue in hours.. but never happens after 3 days and issue still running, they are not replying, when you open ticket no reference received to your email… A crazy dashboard showing that scanning is running but never find solution.. after contacting them again by chat they said “sorry” we will fix in hours.. but till now nothing happens..

    Now i have decided to leave Hostgator and go to other company… Site-lock is Rude, searching for money and never solve any issues….Hostgator from the best to the worst.. you will never have solution with sitelock.. keep away from any other company dealing with them.. REALLY GET CRAZY

    Update: just now informed me that i have 500+ malware and need expert and extra charge and they will contact me shortly for quotation… they are really big thieves…

  • After thinking about this & reading more wild stories of what
    certainly sounds like extortion, it also fits the definition of
    racketeering:

    “Racketeering, often associated with organized crime,
    is the act of offering of a dishonest service (a “racket”) to solve a
    problem that wouldn’t otherwise exist without the enterprise offering
    the service.”
    Read more: Racketeering Definition | Investopedia

    And it has all the earmarks of a fraud con scam scheme:
    Pressuring you to make a quick decision
    Wanting money up front
    Pushing poorly understood or lesser known products
    Playing on fear or insecurity
    Manufacturing of a problem to solve that doesn’t actually exist or didn’t exist before
    Threatening worse outcomes if you don’t act now
    Lack of logic or dodging & misdirection when legitimate questions are asked
    Targeting of people who have already paid money for something else related or similar (or fallen for another scam)

    (Sorry my first attempt at posting this comment contained a link.)

  • Hi Dumitru

    Thanks for doing such a comprehensive review. I am the latest victim of this #Ransomware #UpsellScam.

    They keep closing my 15 sites down saying they using too much CPU and they cannot help me. I have made no dramatic changes to my websites has changed in the last two weeks.

    All they want do is sell me $35 investigation fee to tell me whats wrong and then the infamous sitelock #Scam.

    I have tweeted this to my 61 000 followers on twitter and will keep them updated.

    Here is the twitter feed to keep you updated https://twitter.com/HGSupport/status/752860665140940801
    My twitter @WarrenHorak

    Here is the #RansomeNote from@Hostgator

    We suggest contacting a professional security service to scan and clean the account. We are partnered with SiteLock, and they provide a special offer for HostGator customers. I have included some details for this below. You can reach them directly at 877-563-2849.

    • Hi Warren,
      As you might have noticed from the comments to this article, you are not the only one… There’s really not much you can do except change your provider.

      • Yes I see that’s why I searched for this issue and found your page.
        There are two things we can do…
        Firstly move to another host. I am moving to namecheap. Who are you with now?

        Secondly we can publish and bring it peoples attention so others will never use @Hostgator and save themselves so much trouble.

      • Which i have done – now with Namecheap much better service by far

  • Austin Yoder

    I am suffering from this same terrible scam and have spent more than 5 hours on the phone with HostGator in the last week. HostGator literally hung up the phone on me when I wouldn’t accept the fact that they are holding me hostage and trying to up-sell me SiteLock’s service for the small price of $99 / month on a 12 month contract.

    I have multiple tickets from HostGator in the past who have scanned and cleaned Malware quickly and for free, as late as 2013. They have clearly stopped offering this service in order to make money as an affiliate for SiteLock. I would not be surprised if HostGator and SiteLock are working together to infect and report domains so that they can push an expensive service onto unsuspecting consumers.

    I have been with HostGator for more than 7 years and their customer service used to be the reason I loved them. Everything has gone sharply downhill and now they are holding their loyal customers hostage.

    Even after deleting MalWare files from my hosting account through C Panel HostGator won’t un-suspend my pages. This is highway robbery at its worst, and anyone out there thinking of using HostGator or SiteLock should RUN AWAY.

    • Chris Mollo

      They are both owned by the same company, EIG.

  • Johnny Cash

    I agree with everything said so far, hostgator has really gone downhill, their support is terrible and suspending a website without notifying a customer is just terrible, many people depend on their website to make a living.
    Unfortunately its all EIG, they are famous for buying hosting companies and either selling them in pieces or running them to the ground, I would recommend looking at this wiki page, any hosting provider/service owned by EIG is on there, I recommend avoiding any of them:
    https://en.wikipedia.org/wiki/Endurance_International_Group

  • Janez Medja

    Helo, seam problem to me!

    Bout hawe can wee repare ouer web page whit out payoing (wich software) Thankyou!

  • Giuseppe Gippy Petruzzellis

    same situation with me, Im looking for change hosting

  • Rich Greenidge

    Bluehost is doing the same with this malware crap. I haven’t touched my site in 6 months, and only update dated typo when needed.

  • Dotster and Hostgator hosts many of my clients domains and I think Weebly site builder triggers these SiteLock scam scare tactic emails. Shame on them taking 50% commission on the shakedown payments.

  • Heidi Caswell

    Hmmm. They are now doing it a little differently. Leaving phone messages to call you about how your site is hacked and sitelock will help you fix it. Nothing turned off or shut down thankfully, nor any proof that there really is an issue. Better.
    Calling sitelock they are not telling you anything about the problem, just offering their services, I see you are updating the site but will warn you the issue will come back unless you use a service such as ours.
    Oh you also have another site with host gator, is it important to you? If it is you should protect it too.
    Now I know that there are several places offering security services for wordpress sites. They provide a valid service. If you are making money from a wordpress site it probably will be to your benefit to have some kind of security in place. There are other companies besides sitelock which provide similar services.

    • Random Geek

      So glad I came across your comment, since you described my current situation with SiteLock exactly. They’ve been calling and emailing me a couple times a week for a little over a month now, and yet my website is still online. They tried pulling this same stunt a couple months back but got bored and left me alone for a bit, but it seems like they now have the ability to use an automated call bot so they’re back at it. Last time it was always a person leaving the voicemails, but now 2/3 of the calls are from a text-to-speech bot.

      What’s funny is that my host (iPower, though I’m looking into switching soon due to the SiteLock BS and price increases) is actually pretty on top of things when it comes to checking for malware. My site has legitimately been hacked in the past and they shut everything down until I cleaned the detected files off of my server (which I did manually) and then everything was back up and running the next day. Here I am being called constantly for over a month and my site doesn’t go down for even a second. Hmmmm….

    • Got the same call but everything WAS shut down. Working on it now. Second time and it’s not like I am leaving php or SQL back doors everywhere.

  • Phillip

    I just received my 2nd suspension & warning email promoting sitelock. Penned back an aggravated yet intelligent & respectful email. It’s ridiculous how they suspend-then-send an email, from the leader in hosting. They should know better.

  • alxgrt

    I have loved HostGator, but just like you it seems they are using their SiteLock connection to generate more income from customers. I have had nothing but rave reviews for HostGator until the last year or so and the same thing is happening to me.

  • Dave

    is there another cheap hosting company with cpanel (but no sitelock scammers) ?

  • Dave

    I get emails and voicemails both claiming that my ‘parked’ sites have malware. How ridiculous is that. And they lie and say that hostgator has given sitelock permission to contact me. Who gave hostgator permission to give my contact info to these sitelock scammers?

    • Yes Dave, that is ridiculous indeed. Their “managers” are working like crazy for the commissions, doing all sorts of stuff.

      • Dave

        Hostgator has a new scam now too, they make backups of your websites and hide them in obscure folders, then tell you that you’re running out of disk space and they won’t be able to backup your site anymore. Even if you delete your site they still claim you are over their artificial limit because of all the backups they made which they stored within your account. So they basically want to pay more to backup their backups and presumably their backups of the backed up backups.

        • Damaris Duna

          A2 Hosting and it is also non EIG owned (trust me that is a good thing, google them)

  • Ivan Persic

    I have the same problem, they don’t wont to help.

  • Gina

    I’ve had this happen too! Could’ve written it all word for word. The best part is, I actually have TWO Hostgator accounts. They’re just picking on one of them at this time.

  • anita veritay

    I moved my site to SiteGround because Site Lock was hounding me and now SiteGround has locked my site and wants me to use their “cleaner”. There really needs to be a law against this extortion.

  • Freddie Jones

    This JUST happened to me. I got the email at about 2AM and it did reference a specific site and a specific file. I however had no clue that ALL of my sites were down. I thought they had only suspended the infected site. I got on with Hostgator chat about 9AM. waited for 9 minutes. The first tech – gave the company line…malware blah blah blah we recommend sitelock. I refused to accept that, used some slightly harsh language, but kept it clean and professional. I requested to speak with a manager. While on hold for about 15 minutes. I deleted the infected plugin that was mentioned in the email. When the tech came back, he said “ok freddie, so it does look like the reported content is gone now. We have removed the restriction at this time.” I never spoke with a manager, and it all totaled took about 35-45 minutes to resolve. The key is not to panic and not to pay for something you can fix yourself. I do think I’m going to start host shopping though. I’ve been a customer too long to be treated like this.

  • L

    I think they have found a new way to scam with site lock. I have a super basic hostgator website, low traffic, all of a sudden my domain got hacked. Instead of my homepage it said “505”. I contacted hostgater and was long story short required to pay the $200 one time fee or sign on for almost $80/month for 6 months. I did not do it and got my site put back right and today it’s gone again… My website doesn’t generate me that much income! Serious it feels like website blackmail…

  • Developer India

    HG is not the only one! I was scammed in the exact same manner by my host (wouldnt want to reveal it here).. who sold me the sitelock plan. I’ve got multiple websites on this host and all were pulled down. Support pushed me to Sitelock helpdesk who sold me the lowest level plan. Then, it happened again and then sitelock said that that plan didnt cover this bug!! So buy a 200$ package per domain!!
    The only way out of this is to unsubscribe from the SL plan and never give them access. Needless to say I lost a whole year of payment I made to them. I’m still with the host though.
    SITELOCK is an EXTORTIONIST – SCAM corporation.

    And now I get emails from random names #$%$@sitelock.com saying they have important stuff to discuss. Just ignore it!

    • Why would you stay with your host after they sold you off to SiteLock?

  • Jorge Moises

    I have the exact problem i ask many times for help and site keep getting hack even html sites, HostGator dont care about me leaveng to other provider.

  • swimmerinaz

    This isn’t new. They have been doing this to me for a couple of years. They systematically scan my sites (over 300 of them!) on my IPage and Fatcow accounts. They then notify me that I have malware, which I don’t. Sitelock contacts me and my accounts are taken down. I have done everything I can to get Sitelock to stop calling me and to stop scanning my sites to no avail. Let’s sue the bastards. They have cost me an inordinate amount of time and money.

  • ModeFX Gaming

    Hostgator Is Scam. Get Hostinger/Main-hosting

  • Prajwal Adhikari

    I got similar problem and since i had very few HTML files and all my files were backed up on my PC, I simply deleted all them from cpanel’s file manager. Keeping empty folders on my hosting account, I requested them to review my account and uplift the restrictions. I waited for reply and got one telling as below

    Hello,

    Thank you for the update. Please provide the 3rd party cleaning report showing that your account was professionally cleaned so that we may proceed with removing the current restrictions.

    If you have any further questions or concerns to please contact us.

    Best Regards,

    Derrick L.
    Linux Administration Supervisor
    Level ll Security Administrator

    How could I get 3rd Party cleaning report? I tried with SiteLock, and they offered me monthly service for $80 if i had less than 10 files on my server. I even told them I am okey to pay $80 for one month, but sitelock sales person said, i have to aggree for atleast 6 months contract.

    Still I am laughing on myself and feeling Idotic for using BlueHost as my additional hosting a/c.

  • melscoop

    This is interesting. I don’t even have a site hosted with Hostgator and the Sitelock “security professional” cold calling team decided to randomly call me to tell me I have a security issue for my domain, the hilarious part is that they didn’t have the domain name… they wanted me to tell them the name of my domain… LOL

  • Michael Canton

    I has been client of HostGator for 13 years, I never had problem with hacking before they offer Sitelock, now like kind a year event, I receive emails with offers, even calls, and when I said that I don’t need that right now, surprise! my sites get hack with days later!!

    Today finally have enough after has been cleaning code all day, I found about inmotion hosting and I tihnk Im gonna move all my sites with them, glad to find this site and release that, Im not crazy!

  • newsrants

    I googled a sentence in an email sent to me from “Sitelock” saying my site has malware, but with absolutely no info. I use Bluehost. I am surprised Bluehost allows these scammers access to their customers.

    I was leery of the email as it gave no specific info. I will now contact Bluehost and ask them to remove my accounts from Sitelock’s hands.

  • On 12/29, I got a SiteLock Alert. I don’t have customer accounts on my site, nor do I have a functioning store, so I assumed I was OK.

    This past Saturday, someone emailed me asking what had happened to my website. The last time I edited it was on 12/22, to add a date.

    I logged in through HostGator, and sure enough, my public_html folder had been completely wiped, leaving behind only the hackers’ index.php. I emailed HostGator and so far they’re telling me the only backup they have of my site is from 12/31 and has nothing in the public_html folder — so sometime between 12/22 and 12/29, my site either was hacked or was targeted, triggering the email, and by 12/31, the whole thing had been deleted (but not the php, thank the thank — I have my whole database!).

    It rings of a classic con, although I’m still trying to work through it with customer service.

  • Shepherdess

    Had an identical experience with HostGator today. I immediately and strongly suspected that the hacking report was bogus. The site they reported as hacked hadn’t been used by me in a couple of years, so I took the whole thing down rather than hassle with them or pay SiteLock a nickle. I’ll soon be looking for another provider. I’ve got other sites I do care about, and I’m not willing to have them held hostage by HostGator.

  • Shepherdess

    Update: I was wrong. HostGator disabled ALL my sites. I’ve copied public_html folders to my hard drive and will be seeking a new ISP. For the record, I’ve been a HostGator customer for at least a decade. This really is extortion.

  • I am a website designer who was on Hostgator since 2002 with no problems. The tech support was awesome and knowledgeable and brought my clients to Hostgator. Something definitely changed because tech support people went from genius to useless bot level intelligence with no ability to actually do anything. After they pissed me off by suspending my page randomly the same way and trying to force me to buy scamlock, I googled and found out the Hostgator service was bought by EIG… nuff said. I left and took my 66 client websites with me. I enjoyed the article until you recommended EIG webhosts. I know you are trying to get referral money but come on man! List Dreamhost instead thats who I moved all myself and clients too. The sheer mention of sitelock is a warning sign. For those who didn’t get the memo… stay clear of Godaddy, EIG Hosts, and Site Lock.

    • Thank you for your comment.
      I provided a list of the 4 hosting providers that are officially recommended on the official WordPress.org website (and I mention that they are owned by EIG).
      If someone for some reason decides to go with them, knowing everything that was mentioned here, then, well, that’s their choice…

      And you said that you moved your clients to DreamHost? They are in the list above and they are owned by EIG… So not sure who exactly you are against… ?

      • Thanks for your response. I was just smh when I saw your links to EIG at the end lol. You should tell people you are getting referral pay. Dreamhost is not owned by EIG… you scared me for a moment. Thanks for writing this article, I enjoyed it and you deserved to get paid. All the best.

        • Looks like the acquisition of Dreamhost by EIG was an April Fools day joke.
          I have corrected their description at the end of the article.

  • Steven Schneiderman

    They plagued me with malware emails for over a year. I could not find any problems with code. Chrome showed them as being blacklisted and I had to click through to see my sites. I told them to wipe everything and create a fresh CPanel for me. I loaded up a handful of domains with no no files stored. Almost immediately SiteLock send me malware warnings. I just got off the phone with a SiteLock rep who told me my index files were infected. I laughed and told them that’s a good trick considering I don’t have any index files or web pages under these domains yet. They are so full of shit.

  • Dean Uwais

    As a UK user, this has happened to me in the last year or so , one by one all my sites have come down and I got the same response from customer support to follow instructions and get sitelock. They can get F*****. I ‘ll go elswhere.

  • Sahdow

    Thanks for the write up. I have noticed a drastic uptick in HostGator not only suspending accounts but also quarantining “Malicious Files” like WP-Config – yes they have been quarantining uninfected core files on WordPress sites!

    I have also had about 50% of my client’s using HostGator getting their sites infected with the same malware – which I am convinced is occurring due to lax security protocols at HG because some of the sites were HTML with no scripts.

    I have also been receiving calls for clients (no idea where they got my number) in which a SiteLock sales person tries to tell me I don’t know what the hell I’m doing and the site can’t possibly be cleaned of malicious files without their service – and they get so aggressive I have to just hang up.

    On a more recent one, I cleaned a client’s site and asked them to unsuspend it and they refused without having the billing login for that account (which my client is having difficulty obtaining from them because their email has since changed). I explain that there is no possible way for me to compromise the client’s security or identity by simply asking them to unsuspend the account and run a fresh scan – they still refuse, so as I have done for my own sites and with dozens of other client’s recently I’m migrating another site away from HostGatror.

  • I’ve gone through a similar thing: I received the “Free Basic Scan” email on March 30, and then on April 23, they took all my sites down due to malware/phishing. In the 12 years I’ve had dozens of sites online, both personal and for clients, I’ve never had a security breach, and then within a month of my “Free SiteLock Scan” I get “hacked”?

    And the live chat person I spoke with – through HostGator’s own Live Chat links that resulted in actually talking with SiteLock instead – wanted to offer their services to the tune of around $2k/year for all the domains I have through them.

    Ridiculously “coincidental” I’m afraid… Time to move my sites that I’ve had with them for so long.

  • Cristina Bailey

    I’m experiencing this HELL right now. I am cancelling my $2,200 server effective asap. This is such a scam.

  • Cristina Bailey

    I’m going through this hell right now. Which host should I transfer to?

  • WhatIsThisWorldComingTo

    Verio Hosting just pulled the Sitelock crap with 5 sites I hosted there. I pulled all 5 and closed my account. This is a legal matter – Sitelock is a criminal enterprise, and the hosting companies may be liable as well. Contact your local Attorney General. The authorities don’t know about this because they don’t understand the internet. Explain it to them. This is fraud, period.

  • sam johnson

    Nov 2016 I hired SiteLock (via BlueHost web hosting company) for 6 months at $99/month to protect my high school memorabilia web site.It was a 6 month commitment and paid with my AMEX card.
    Each month Sitelock billed and AMEX paid. After 7 payments/months I called AND emailed numerous times to cancel my account. No response from Sitelock except one rep who emailed me to ” call back at regular business hours (M-F)”. Well, after 4 calls (over 2 weeks) to billing (always got VOICE MAIL and no call backs), I finally called main # and argued my way into finally talking to billing (main # also got billing voice mail and I insisted they try again).
    BILLING REFUSED TO CANCEL, putting me on hold 3 times (total of over 31 minutes!!!!), and stating (1) I hadn’t fulfilled my contract (I had), and, that (2) I needed to call back exactly at the billing anniversary DAY because that’s what I had agreed to in order to cancel at the required 30 day window. !!!!!! MY CURRENT CALL WAS NOT GOOD ENOUGH TO CANCEL in the future even though I had paid 7 months (they said 5) already. AMEX verified the 7 payments.
    And so I asked AMEX to stop all bills from the SiteLock people as I have proof from AMEX that I paid as required. SiteLock treated me VERY badly… and looking for on-line reviews (including youtube) verifies that I’m not the only one.
    It seems that the only good reviews are from co-marketers of their product.NEVER AGAIN!!!
    Review about: Sitelock Website Security.
    I didn’t like: Fraud with contract, Poor service.

    • Hi Sam,
      That’s the same story that I hear from everyone who have actually signed up with them: they lock you into a contract that doesn’t make sense: minimum amount of months, impossible to cancel, etc.

  • Piere

    same $hit they pulling on me, Is it possible to transfer my hosting & accounts to somewhere else while account is disabled?

    • As long as you have access to cPanel and the FTP – you can move easily.

      • Piere

        Just in case I want, NOT them, to clean out my sites, what do you suggest? Your help is greatly appreciated.

        • The purpose of the article is not to recommend or advertise clean-up services, it is to expose the unethical practices of the above-mentioned companies.

          • Piere

            I am leaving them no question about it. Thanks for your help & encouragment.

          • Piere

            last time I am bothering you, So all I have to do is start a new account with some other company and just change the DNS (redirect) them to the new one?

          • No, that’s not all it takes to move an existing website to a different hosting provider.
            Changing the nameservers on your domain will simply point the domain to a new address – the website itself (files) won’t be moved automagically because of that.

  • Mary Elsworth

    We are professional and experienced hackers We provide hacking services. You may be Searching for a professional hacker, You may want to hire a hacker for any personal, political, company or any others special reason. If you seriously want to hire hacker, want to hack your target website, you are in ads right Or service includes 1. Database exploitation, Penetration and Sniffing 2. School Upgrades 3. Facebook, Email, Cooperate email hack 4. Computer data recovery 5. SQL injection 6. Increase Credit Scores, Phishing and many more We have the maximum experience to tackle the impossible. You want your job done immediately Our contact: aaronswartzcyberservices@gmail.com and we will surely reply you ASAP.

  • Mango-Man

    I have two accounts on hostgator, one for my personal websites and one for official websites.

    Right after i opted for a 3 year renew, i am contentiously getting malware. Its get created automatically.
    I did everything
    changed passwords,
    deleted and recreataed all the websites etc etc.

    But it keep on coming. They blocks my account and insist for sitelock and keep resisting. Moved all my imp sites to another host and now just playing tom & jerry with them as i have to spend 3 years with them ;)

    SO PEOPLE, NEVER EVER GO FOR HOSTGATOR.

    • Frank Mar

      This is what has been happening to me…. I keep getting malware and created automatically. changed passwords and everything and malware keeps showing up on domains I even stopped paying for, hostgator be BSing .
      changing my stuff now.

  • I just received a similar email from sitelock entitled “A Message from HostGator: SiteLock Alert! Malware Detected On Your Website” – for a domain parked at Sedo !!!! The domain has never been hosted on hostgator nor has it ever been registered via hostgator. But the admin email is the same as some other domains that are hosted at hostgator – I can see no other way that sitelock associated this domain with hostgator.

    • Yes, they are getting more aggressive and are casting a wider net.

      I assume that there’s simply a good bonus per-sale for the people that fish email addresses of potential victims. They cast a wider net, add more email addresses to their mailing lists and hope to cash in on the bonuses for the leads. The Wells Fargo scandal of 2016 quickly comes to mind.

  • Aaron Overfield

    Was a HostGator customer about two years ago but switched to DreamHost because of HG’s consistently declining performance. Have been very happy with DreamHost.

    For the last two months, I have been receiving daily phone calls and voicemails (sometimes twice a day) from the same guy at SiteLock. He says that my site “which is hosted with HostGator” (it’s not) has “raised some security concerns” after their daily scans and to please call him back.

    I use an VOIP app for the contact information for this website so he doesn’t have my actual phone number, otherwise I would’ve blocked his calls a long time ago. But I keep letting him call…daily…and keep letting him leave voicemails…daily…because it’s funny to watch him try again and again and again.

    There are no security issues with my site and if there were any I’d be able to identify and fix them myself.

    They must want my $200 real real bad.

    • Yeah, they are probably just using public records at random to get emails and phone numbers.
      People get malware alerts for parked domains, so that should say enough about the level of their service :)

  • Buck S

    In the past month or so, I’ve gotten a dozen calls from Sitelock to every phone number I have ever given to Hostgator along with emails showing supposed “infections”. Today I’ve gotten multiple emails claiming that they must reach me and have not been able to (since I don’t return their calls). One email includes a screen capture showing supposed results of a Sitelock scan of my site claiming there is “VistorAttack” SEOSPAM on my site. My own scans of my site using VirusTotal show nothing at all. So far my site is still up.

    I’ve been a Hostgator hosting customer since 2004 but I will leave Hostgator as soon as I can figure out where to move. I managed to survive the EIG buyout which was/is a nightmare but this is the final straw. There need to be consequences for this type of corporate malfeasance.

  • K

    HostGator has done the same thing to me. Site lock started calling and harassing me a week ago and I received a “final notice” yesterday from them. When I try to call in to Hostgator, their phone operating system literally redirects the call to Sitelock so there’s no way to talk to someone at Hostgator on the phone regarding the issue. We’re just forced into a fear-mongering sales pitch by Sitelock instead. Thankfully I found your post among dozens if not hundreds of other complaints after a simple google search for Sitelock. Anyway, I managed to migrate my site to a different host before they could suspend my site (and of course, the new hosting company I switched to didn’t see any malware). I’ll probably lose out on the year long hosting I prepaid with Hostgator but it’s worth it not to have my site down because of this ridiculous scam.

    I work in in the corporate world, particularly in IT and can confidently say – a manager, director or some EXECUTIVE AT HOSTGATOR MUST BE RECEIVING $$ KICKBACKS FROM SITELOCK for this scam. Really, if someone digs, someone higher up is sure to be getting wined and dined by Sitelock, getting cash bonuses and gifts. No company in their right mind would partner with a brand with such a bad reputation online to lie and force customers into signing up for a 3rd party service unless they are getting a significant cut of that cake or someone internally is secretly getting a piece of that cake.

    • Both HostGator and SiteLock are owned by the same parent company, so “deep digging” is not required :)

  • ashley schildknecht

    I just received the same email. I think it might be better for me to leave HostGator for a new domain host and while I only pay close to 300 a year to HostGator not to be considered a large account. 300 to me is a large sum of money.

    I will be contacting account reps about closing my hosting and transferring my domain names

  • Rabie Najia

    I haven’t received any email from Hostgator, however, my site went down twice in a span of two weeks. The issue is the Disk Inodes have reached the max limit. I’m using VPS. So then after the Live support from hostgator dug deeper from a Level 3 senior agent, he immediately told me that they ‘assume’ there is a malware that is regenerating files once they are deleted. All the live support did was never confirm there is actually a malware and immediately refered me to Sitelock. I had my doubts about it until I read all this. So now my dilemma is to actually know if I really do have a malware or not, and which service can be recommended? I still receive alerts on Disk Inodes reaching upper limit.

  • Righty

    i am actually a ipage customer, of course i get malware and my site has been shut down. Just yesterday i received a call from sitelock, I decided to call a different host to get info first before i contact ipage. I called hostGator. I gave them some simple info, and low and behold, they knew someone from sitelock called me the day before. How the hell do you know they called me? Scam alert for sure

  • Steve DuPlessis

    Dumitru, I just received this same issue(scam) on JustHost. What did you use to check your files to provide the report back to your Host Provider? Did you just download the files and test using a virus/malware package like Panda Security? Let me know as I am interested in providing the same information. I don’t regularly update my site, so I invoked a backup which should eliminate malware. I am now using a backup 30 days older which should resolve the issue, although they are claiming that it might not. Do you feel I am being scammed?

    • Hey Steve,
      I would say that identifying malicious files is the provider’s responsibility, not yours.
      If they can’t point to at least 1 bad file then it is a bogus claim. They can’t claim that you are infected if they can’t show a single infected file or a single vulnerability.
      // Dumitru

  • GenghisKhan

    Hostmonster is guilty of the same thing. They have no data indicating the presence of malware, and provide non to the customer. They instead push you to use SiteLock to scan the account. When using the HostMonster live chat feature, the first person on the chat is a SiteLock representative. Only by demanding to speak with someone at HostMonster themselves do you get in contact with a non-third-party individual.

  • Mohan

    It’s exactly same for me. They are trying to sell Sitelock services. I’ve started a twitter trend #backoffhostgator. This is so ridiculous. Let’s stand up against any hosting service provider who are trying to earn money by either means.

  • Tim

    You all are lucky. HG just totally bonked my database and when called out on it, they restored a 6 month old version and asked for $25 to restore a more updated version (which they then said they couldn’t do anyway).

  • WhichJuan

    I used to work for HostGator as a support agent. SiteLock and HG are definitely in cahoots on the scam. One customer contacted HG after receiving the Your Site is Infected with Malware email, except that he had never been a SiteLock customer before, and he wanted to know how the hell SL got his email address. That’s when I knew HG was providing customer contact info to SiteLock. That’s also when I began to NOT recommend SiteLock due to its unscrupulous business practices, and that’s why I was fired – for not properly representing “our [HG] products”.

    SiteLock is sold to unsuspecting customers upon signup (the check box is automatically ticked forcing you to clear it prior to hitting the confirmation button for the new hosting order), as a separate product owned by a “partner” company. Not only are they both owned by EIG, the head honchos of both companies are supposedly related, cousins or something like that.

    After reading the wiki page of EIG owned companies – I see that ConstantContact is also an EIG company, and they too hook the customers into a product only a few people will actually use, as a free trial, then slap them with an unexpected fee for a service they never used & won’t use.

    The “Customer Service Supervisor” who said in his email to you that the mistake of suspending your account was a done by a “newer” agent is bullshit. They don’t hire Security Admins from the street – they hire all Admins from within. The Admin who suspended your account had likely been there for years, and had been moved up into that position. Having been thrown under the bus myself, for doing exactly what I was told to do, this type of placing the blame elsewhere is not surprising.

    Also, in training, we were told ALL CUSTOMERS ARE LIARS. Period. Every one of you is a liar, according to HostGator. Keep that in mind if you’re still a customer and have to contact support for any reason.

    I believe the ones I communicated with when they said they were harassed by SiteLock and that their sites were never compromised until they cancelled their SiteLock accounts, and the man who had NEVER even been a SiteLock customer. I also believe that SiteLock, with the help of HostGator, actively places code into customers’ files – and many, many agents believe the same thing. We were told NOT TO EVER remove any malicious content, but to put in a “Lead Pass” to SiteLock so the customers can speak to “experts”.

    At first I was upset and felt bad about losing my job, but all this information has made me realize that I was working for a dishonest, unscrupulous, and possibly criminal organization.

    I strongly urge anyone who is hosting or has domains registered with ANY EIG affiliated company, to cut bait and get to another hosting company as quickly as possible.

    • If you are who you say you are – WOW.
      It is amazing value to get insight from an insider…

      Even if you made all of this up – it sounds very, very plausible…

      • WhichJuan

        I assure you I made none of it up. Don’t want to get too specific, because I’m sure I signed something when I was hired that says I can’t tell the truth about what I witnessed while there, though now I can’t find any of my hire-on paperwork. And, despite being told to lie regularly (especially when a customer wanted to talk to management), this is the truth.

        Upselling is what they push for more than honest customer service and support. I can’t tell you how many customers had multiple hosting packages because they were lied to and told they needed all of them – especially dedicated and vps packages. They’re also lied to about migration times – some being told it would only take 3 days, when the migration queue was backed up for months out.

        Also, while I can’t prove it’s a lie and a ploy used for upselling, their mySQL version on the shared packages, except “some” cloud packages (though I was never told which ones) are not compatible with many woocommerce plugins. So, you’ll need a dedicated server which DOES have a modern version of mySQL. They simply couldn’t upgrade mySQL on the shared pkgs because that would require upgrading every single server (duh! Exact same thing you do when you upgrade anything on a bunch of servers.) If they upgraded to a modern version to help their customers, then they couldn’t push those customers onto overpriced bloated machines they didn’t need – making a ton of money in the process.

  • Hello Dumitru, thanks for sharing this info. I’m pretty new with Hostgator (i just got hosted with them on the 7th September 2017) and i was surprised that i already got a Malware alert just 2 days ago (9th October 2017) that “some of my files were detected to have malicious content, but they have been “quarantined now”. So, the email suggested further that “If you would like help in securing your account we recommend SiteLock, a security service and partner of ours.”.

    I followed the link and i just knew by my intuition that these guys were trying to sell me Sitelock…so i googled things up and found your site. Hostgator appear to me like a reputable company but right now, i am beginning to have a rethink before they hold me to ransom cos i bought a 3 year shared plan with them.

    Do you know if i am able to opt out and still get my cash back cos i don’t think i would be willing to go through any sort of drama for the next 36 months.

    Cheers.

    • Hi,
      Looks like they waited for the 30 days money back policy to expire and then started working on you.
      I would say that you are in for a long and nasty ride with them, unless you manage to get out of the contract.
      They will try to squeeze you as much as possible that’s certain.

  • Carmel Sheridan Galway

    I’m currently having the same problem. Hostgator took down my 3 sites over a week ago ‘because of malware’ and insisted I contact Sitelock to repair the situation. When I contacted Sitelock, they immediately launced into a sales pitch and tried to lock me into a 6 month contract. I smelt a rat and luckily, when I started reading up on what I sensed was a scam, I found this page. I have since found out that my sites have no malware and I’m starting the process of moving from Hostgator. Hostgator and Sitelock should be reported for fraud.

  • Payton David

    Same thing has just happened to me, costing me hundreds if not thousands in lost sales. Thank you for sharing how they tried to bribe u to keep your mouth shut. This type of behaviour should be investigated by the FTC no?

    • Well, it’s been almost 2 years since I posted this, absolutely nothing has changed.
      The customers that they lose are probably worth less than they are making from pushing SiteLock.

  • Kitchen Butterfly

    Sigh. Thank you SO much. I use bluehost and only today received this lockdown message after renewing my hosting for a year. I’m distraught and now have to go the customer service route to resolve it. But with long wait times for chat responses, I’m not even sure what to do

  • Sindi

    I had the same thing happen to be on Godaddy. They got me for $431.00. I am moving my sites, getting a charge back on my credit card, canceling the card, and have found an attorney that has gone after Godaddy in the past. I will be using inmotion as well.

  • Frank Mar

    my sites from hostgator in the last 2 or 3 weeks have started to get infected with malware. I started getting an email showing “Our Abuse department has received a report regarding malware being hosted on an account under your control. We have disabled site access for your account to prevent further complaints, and have provided a list of the reported content…” etc…. and it does show the files listed on there, but I personally believe hostgator is infecting the sites. I have decided that over the next few days change all my sites to a VPS that I’ve been paying for quiet some time and will just upgrade the package there. Done with hostgator and their lies.

    • Hi Frank,
      If there’s no list of infected files (just like in my case), then it is most likely a bogus claim.
      Considering that hostgator also charge for third-party SSL’s and the process is abysmal, leaving them is a no-brainer.

  • Pat Garret

    Sitelock and HG gave my site termites

  • Kurt

    Wow, I feel lucky. Only got an email (no site down time) from sitelock pushing their crap, due to some spam entries on my site, which they claimed were an infection/hack. Part of their scare tactics. I fortunately have an excellent programmer that checked it out and removed the spam. I smelled a rat and did a search, which led me here. After many years with hostgator, noticing their decline in recent years and now this, I am done. I will be moving my sites asap! Thanks Dumitru for providing this info. If you have folks needing help trying to escape these extortion fees, feel free to pass my email along, my programmer & I do side work.

  • Anthony P

    How in God’s name is Sitelock still operating? I moved my sites over a year ago from a hosting co that used them. They are FRAUD, pure and simple. My sites were taken offline until I paid a ransom to Sitelock to get them back up. It blows my mind that this is still happening to people.

  • Oyone Lan

    I am dealing with the same issue from HostGator. They suspended all my sites on 3 different occasions, the most recent suspension happening today. Each time I complain they respond with the exact same message that contains a sales pitch for services to fix the problem. It is unbelievable that they are continuing to do this despite so many people complaining about this awful scam. I will be moving my sites and warning others about this scam.

  • Linda Tang

    Hi Dumitru Brinzan, Thank you so much for this blog, i almost fall to this scam! I really thought it was the communist did that malware thing. Very Very bad move from hostgator for doing this with the 3rd party.