Beware of the Malware 100% SCAM from HostGator & SiteLock

31 replies [Last post]
dumitru's picture
Offline
Joined:
10/07/2013

OK, so I decided to share this amazingly frustrating and infuriating experience that I'm going through right now with HostGator, a hosting provider. Some of you might be their customers. It is a longer read, but what happens is actually frightening.

So here's the deal. I've been a HostGator customer for ~10 years. Currently I have 2 accounts with them, for one I pay $110 / year, for another I pay $648 / year, that is $760 total per year for hosting (yes).

Today at 5:17 PM (my time) I get a long email from them informing me that my cheaper account has been suspended for distributing malware. As a developer that's always an alarming thing to happen, as I immediately assume that all my credentials have been compromised across all platforms.

I check my domains associated with this account and, sure thing, all 10 domains (with ~7,000 daily visitors combined) show a parked page (with ads earning money for HostGator).

So I immediately jump back to the email to read what happened, what files were compromised and how to proceed. And that's when Thor's hammer hits me.

Now that 5 hours have passed since my domains are suspended (and their support is even slower than Ben Carson), I was able to put together the timeline of what happened:

1. On 29th of January 2016 (more than 3 weeks ago) a German website that sells "website security services" sends a made-up abuse letter to the Abuse department of HostGator, informing them in a very spammy-worded letter and with bad grammar, that their automated scanner revealed that my domain name "PERHAPS" contains some malware, even though they are not sure. And this third-party German company thinks that HostGator SHOULD NOT disable my account but MAYBE should inform me that MAYBE my domain has some issues. And that I should hire this third-party German service to make an audit of my website. 
The letter contains zero information about the alleged malware, about the location, about the file, type of malware, etc. 100% SPAM/SCAM letter.

2. On 23th of February 2016 (today), HostGator suspends my account and simply forwards me the letter from the German company, and adds the following statement at the top of the email:

In order to remove the restrictions we'™ve placed, you must resolve the security issue and remove what malicious content was listed. If you do not believe you can do so on your own, you may use a reputable third-party security service, such as SiteLock, who can be reached directly at 877-563-2849. Please note that repeated reports of malicious content on your account within 60 days of an initial notice will lead to further action being taken, including permanent suspension after failing to professionally clean the account.

Once you have taken steps to secure your account of the reported content, please reply back to this ticket to request review.

This "reputable" third-party security service that they are referring to, SiteLock, is a partner of HostGator and they have been aggressively pushing it on a lot of pages and in multiple support pages. This service costs an extra ~$2-3 / month and basically does what any hosting provider should do by default for their customers - protect their websites from unauthorized access.

HOWEVER, if your website has already been reported as compromised (which mine has), then SiteLock does a clean-up job for a $200 one-time fee.

In the email latter HostGator provided ZERO information about the issue: they can't say what has been compromised, they can't say where the malware is located, they can't say absolutely anything. You know why? Because there is no malware

Google Webmaster Tools does not report any issues, and usually they are the first ones to catch any mischievous actions.

3. I immediately contacted HostGator live chat, and after about 20 minutes of talking to the support rep I was told that the support rep cannot do a thing, that he has zero access and knowledge of the issue, and that I should do as told - hire SiteLock.
Then I took the issue to Twitter, where HostGator immediately responded about 5-6 times, and in every single tweet all they could say is along these lines: "We don't know what happened, but you should pay SiteLock the $200 and then they will do the job for us".
They also repeatedly told me to scan my website, which I did of course, and there's absolutely nothing there. No recently modified files, nothing. 

4. While doing the Twitter thing I also asked some questions and updated the alleged malware support ticket that they created. It has been 5 hours and nothing happened yet.

In conclusion: 

HostGator pushes the services of their partner SiteLock by hijacking and blackmailing their customers into paying the $200 clean-up fee and by signing up with SiteLock for the monthly payments. They do this by creating fictional abuse malware reports or by using them in their own interests. 

And if they don't create the abuse reports themselves, they simply suspend any account that gets even fictional and spammy abuse reports. They don't investigate, they don't review, they simply suspend and try to sell a third-party service. And the funny thing is that in their letter to me informing about malware, they also CC'ed it to the email address of SiteLock. So what they also did was share confidential information about their customer with a third-party service, without me wanting that, asking for that or anything else.

The same issue has been reported in the last couple of months here and here.

I'm telling you all of this so that you know to never trust even your hosting companies, whoever they are. Because in an attempt to grab some easy money, they can hijack your websites for made-up reasons and "suggest" using partner services. 

Tomorrow I will file whatever complaints that I can with the US and European consumer protection agencies, as this is simply appalling.

Thank you for listening ^_^

__________________

https://www.hermesthemes.com/ - WordPress Themes for Independent Hotels, Inns and B&Bs

 

Offline
Joined:
03/17/2018

Same problem here. Now how can we remove malware automatically in my CPANEL or WP? any software needed?

JimBoone's picture
Offline
Joined:
12/18/2014

drsergz wrote:

Same problem here. Now how can we remove malware automatically in my CPANEL or WP? any software needed?

Looks like Dumitru's original post was a couple of years ago, you may want to send him a PM. Some years back when I had on going issues with others accessing my website and being told it was a problem of my design for which they would sell me additional services, I moved my site to another host, it seemed to be a lack of security on the part of the host, not been a problem with the current host.

__________________

Jim & Maxine

 

Te
Offline
Joined:
03/15/2018

I'm so sorry this happened to you! And you needn't thank us for the listening ears. I'm sure your well documented account will help many people; it's good you got to get it off your chest in such an extensive and thorough manner. It must have been a very challenging experience. Congrats on finding the appropriate platform to help share fresh details and help the rest of us!

Te
Offline
Joined:
03/15/2018

whoops! double post!

dumitru's picture
Offline
Joined:
10/07/2013

OK, so a higher-up from their customer service got in touch and pretty much blamed everything on a new employee, a member of their security team. And to back-up the claim they brought to my attention that there were multiple mistakes from their behalf, so it is obviously human error and not company policy.

I wonder how much business will they lose after all this?
The article has been read ~1,200 times in these last 2 days...

dumitru's picture
Offline
Joined:
10/07/2013

Oh, and here's something I found, which in retrospect is too funny to pass:

PHOENIX, Nov. 17, 2015 /PRNewswire/ -- SiteLock today announced it ranked No. 85 on Deloitte's Technology Fast 500™, a ranking of the 500 fastest growing technology, media, telecommunications, life sciences and energy tech companies in North America. SiteLock grew 1046 percent during this period.

"We are honored to be recognized among this year's Deloitte Technology Fast 500," said Neill Feather, President of SiteLock. "This recognition is a testament to the success of SiteLock's excellent products, customer service, and support that are unrivaled in the security space. We look forward to continuing the growth that has been integral to our success as we help more customers seamlessly integrate security into their sites."

Feather credits wider understanding of the importance of web application security among website owners and extraordinary relationships with strategic partners in the service provider space for the company's 1046 percent revenue growth.

I wonder how they did that? Oh wait...

Offline
Joined:
06/19/2013

Unbelievable!  Though I'm sorry this happened to you - I'm glad that somebody with your knowledge and expertise has called them out on this scam.  I'm sure the vast majority of people just thank their lucky stars that there is a safety net who will take their money and blindly pay the slimy thugs.

This story needs to go viral!

Offline
Joined:
05/22/2008

I just shared the link with a group 3000 web developers! That might get some reactions going Smiling

Offline
Joined:
05/22/2008

This has been the general consensus from those who read by post:

"Hostgator is one of the worst hosting companies on Earth. My Wordpress clients who host there are always subject to throttling, suspensions for 'resource abuse' and other rubbish. Typical of 'cheap' hosting companies shoving 1000's of sites onto underpowered servers."

dumitru's picture
Offline
Joined:
10/07/2013

Yes, that's the general consensus. Though for me, as an old customer, everything worked quite well. The occasional down-time, the occasional email problem, but never scams in broad daylight. 

I guess they have a team of people that manually pick "victims" for this scam, and someone screwed the pooch and picked the wrong customer to target. I bet they usually contact customers with outdated websites, non-developers, etc. and hope for some easy money.

Just Googling "SiteLock review" you will get hundreds and thousands of pages of angry people. Most people say that after the initial contact SiteLock was trying to charge them in the range of $1,800 for the clean-up, but a generous manager always offered a discount, down to ~$800-$1,200.

What actually got me so angry is not the scam attempt, but the fact that I had to lose almost 2 full days of work, including an evening not spend with my wife and son. I don't want to go to bed at 01:30 AM because I'm worrying about HostGator's scams Sad

And then they try to buy me out with 3 months of service... THEIR service. 

JimBoone's picture
Offline
Joined:
12/18/2014

Any suggestions of a desirable hosting company?  I'm not with Hostgator, but looking to change from my present folks.

dumitru's picture
Offline
Joined:
10/07/2013

I intentionally avoid this topic, as this was not the point of me writing about the situation. I don't want people to start thinking: "I bet this guy works for a competitor".

But honestly, I don't even know a good hosting company that would fit my requirements. When there are 2 photographers in the family, that limited disk space that most providers offer is frightening.

And considering that the owners of HostGator own another ~150+ hosting companies, it is like a minefield out there. 

Offline
Joined:
06/19/2013

And of course there's no way of knowing which ones.  So, we all may be sitting ducks 

dumitru's picture
Offline
Joined:
10/07/2013

Actually there are some websites and blogs that have updated lists of hosting providers owned by EIG, some of the popular ones:
Arvixe, BlueHost, FatCow, Homestead, HostGator, HostMonster, iPage, NameZero, NetFirms, Site5, TypePad and many more.

Morticia's picture
Offline
Joined:
05/22/2008

Well, looks like I dodged a bullet by getting a new hosting company!

__________________

Never judge a person's story by the chapter you walked in on.

 

Offline
Joined:
05/22/2008

You will be interested to know that dozens of web developers posted they had the same problem you did!!! They said ADIOS to HostGator and subsidiaries

 

Offline
Joined:
10/04/2015

amazing free marketing for EVERYONE else! lol

dumitru's picture
Offline
Joined:
10/07/2013

Well, apparently SiteLock and HostGator are actually owned by the same corporation (EIG). This corporation owns about ~150 web hosting services from all over the world. So chances are that some of you are hosted with their other companies, if not HostGator.

And I JUST got the expected email from SiteLock, telling me that my site probably has malware and that I should urgently call them up. So they are late to the party... 

2cat_lady's picture
Offline
Joined:
09/24/2014

I'm with Gillum. I am so web unsavvy. I wouldn't know what to do--probably sit down and have a good cry. I also just delete stuff without opening if it looks scammy. I figure the legit companies I deal with have my number. They can call if they really need to get ahold of me.

dumitru's picture
Offline
Joined:
10/07/2013

In my case this email was as legit as it can get, because they actually suspended my account. They didn't just try to trick me into buying something - they actually hurt me and my websites.

The situation can be compared to something like this: one day the police arrests you in the street and immediately sends you to jail, without a trial. And while you are in prison, they tell you to figure this one out, to try and find out why you got to prison, and buy your way out of it. 

dumitru's picture
Offline
Joined:
10/07/2013

Here's the full account of what happened, feel free to share it: http://www.hermesthemes.com/scam-alert-hostgator-sitelock-malware-extortion/

gillumhouse's picture
Offline
Joined:
05/22/2008

Thank you. I posted the link on the Scams Topic for the UK group.

dumitru's picture
Offline
Joined:
10/07/2013

OK, so they admitted this was a scam.

I do apologize for the inconvenience as security department review each ticket in the order received or re-opened. Upon reviewing the issue the ticket was escalated to my department. I have had our administrative staff proceed with removing the restriction. I do apologize for the inconvenience as the account was not properly confirmed to be compromised. Please do note that in the cases of third party reports, we take those reports, review the report, then the account and once confirmed to be indeed compromised the restriction is placed though human error can occur.

After reviewing the account and found to be not compromised, the restriction has been lifted. Due to the issue that arose I have also extended the shared hosting package on this account by three months. The previous due date was 5/xx/2016 and it is now 8/xx/2016.

These ***********ers think they can buy me with 3 months of hosting.

gillumhouse's picture
Offline
Joined:
05/22/2008

Do I have permission to do a copy/paste of your post on a UK Forum? I would like to warn them also. It is a closed Forum.

dumitru's picture
Offline
Joined:
10/07/2013

Later in the day I will post an in-depth article on the blog, I think it is better to wait until then and link to the article for all the details, screen-shots, etc.

Arks's picture
Offline
Joined:
05/22/2010

How awful. Reminds me of the places that charge you to remove the virus THEY put on your computer. Pure extortion. I can just picture EmptyNest pounding on doors if this happened to her. I've never dealt with anything this bad, but if I did, I think I'd be traveling to the company's headquarters to have a talk with them in person! Of course, they'd call the police then you'd have that expense on top of all the others.

Absolutely ridiculous situation. As a consumer, you know the one weapon you have. Burn them on every review site you can. Tell EVERYBODY!

__________________

All saints can do miracles, but few of them can keep hotel. ~ Mark Twain

 

gillumhouse's picture
Offline
Joined:
05/22/2008

I am so sorry you are going through this. Very scary for those like me who are numbnutz. I have received e-mails in the last couple months from my back-up company telling me to uninstall and then re-install the system. Said my back-up had not been done successfully for a period of time. I deleted the e-mail. I would rather risk going dead than to follow something like that. Since then I got "monthly statements" telling me how many files have been backed up. Assume the uninstall was a scam.

Offline
Joined:
05/22/2008

This is ridiculous!! Shows how we have no control even if we think we do. Almost all of my sites are hosted locally so if anything happens like this I would be there pounding on the door.

personally I have never hear good things about host gator and would not use them. I hope you are changing hosting companies before they do it to your important sites.

dumitru's picture
Offline
Joined:
10/07/2013

Thankfully this account has my non-essential websites, like my personal blog, my wife's blog, etc. If they go offline for a day or two that's no problem.

But I'm thinking about the thousands (if not more) of website owners that get an email like that from their hosting provider (someone who should be on THEIR side) and they trust them by paying this extortion fee. Then they pat themselves on the back by thinking that it could have been worse, and $200 isn't that much to get saved from such a situation.

I wonder which HostGator executive bought a new house or a Lambo from extorted money through this scam...

Offline
Joined:
06/24/2008

Horrible.  I sure wish you the best in getting this resolved quickly. 

For many of us our websites are our business life line, with out it we are dead in the water.  

That is what these deplorable web hosts are hoping for as they think we will quickly do as they say while they hold our sites hostage.  

Innkeep's picture
Offline
Joined:
06/04/2008

I'm really sorry and chagrined to hear about all the trouble you're having. Businesses are becoming very bold at taking advantage of people--- This topic could be filed under "What is This World Coming To "

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.