Beware of malware scams – SiteLock, HostGator, and the tale of the angry web girl

Hell hath no fury like an angry webmaster who hasn’t yet had her coffee.

A beloved client forwarded this to me this morning.  It’s an email she received from the “security” firm SiteLock, a partner company of the popular website hosts HostGator.com and Bluehost.com.

Notice the wording:  One or more of the domains you own has malware on it.
Fairly clear, right?  One of her sites is infected with malware…it says so right in black and white.  Bad news, but I’ve never been one to hit the panic button before it’s time.

I calmly go to HostGator’s tech support “Live Chat” to ask them about this.  I paste the email into the box so the technical support rep can see what I’m contacting them about.  I ask: Is this legitimate? What happens next?

Over the course of the conversation, I learn from the tech dude that SiteLock is their partner company. And I learn, in fact, there’s no evidence of malware. The site MIGHT be infected, he says, but no one really knows for sure.  In order to truly find out, my client would need to purchase an expensive malware prevention package from SiteLock, so they can peek inside and see if there’s malware there.  If there is, they’ll charge another fee to get rid of it.

I take a deep breath and count to ten:  So…the email is a sales pitch, designed to frighten my client into purchasing a product?  And the email makes a statement that’s patently untrue?  I point it out to him again: One or more of the domains you own has malware on it.  Why would they say such a thing if it weren’t true?

Hemming and hawing ensue.

I’ll spare you the gory details of my response, which nearly set the curtains ablaze. I want you to think I’m much more patient and kind than I happened to be this morning.

My little dog came to sit next to me and put his head on my knee. You okay? You smell mad. Maybe a walk?

Why am I bothering to tell you this?

Well…aside from being angry about a concerted effort to drum up business by sending good people into a panic about their website?  Good people who might not be terribly techie, or who may be busy…..gosh I don’t know….building their business?  So instead of helping depressed people, doing reiki healing, selling their art, finishing their book, booking new coaching clients, they have to spend their life energy dealing with service provider scams—from the very people they are already paying every month to keep their website running.  Infuriating.

Oops, there I go again. Sorry.

In short:  Anyone whose website is hosted with the company HostGator.com, or with Bluehost.com, its partner company under the conglomerate parent company EIG, is likely to receive one of these emails soon, if you haven’t already.  I wanted you all to know what this particular game was, so you can watch for it.

To all my clients: Please feel free to drop me an email or a PM if you receive one of these emails. I can be of help deciphering the scare-mongering. I promise to be calm, cool and collected again by then.

(Edited to add: See the comments below for some helpful comments made by others. Hosting is a personal decision, but for what it’s worth, I have shifted all of my sites to Siteground, some of the nicest and most customer-focused people I’ve met. This is a recent list of hosting companies owned by EIG, the parent company of Sitelock, Hostgator, and Bluehost—I would only suggest you avoid those if you don’t want to find yourself in the same boat again)

 

Share
19 replies
  1. Bruno
    Bruno says:

    They are SCAMMERS. My website got DEACTIVATED on bluehost because they said it had a malware… So I logged in to the live chat and the customer support asked if they could call me – I said YES, thinking they would help me.

    Well, it was actually someone from SITELOCK on the phone, asking me whether I make money with that website, because they could fix it… but there’s a price! After I insisting many times that it’s just a personal blog which I don’t monetize, they said it would be $720 a YEAR to fix the site and keep it safe.

    I said no way and they kept lowering their price all the way to about $300. Still, I said no.

    I then talked to another representative on bluehost’s live chat and the told me it was just 3 infected files. I just had to open the file manager, delete the files and everything was solved.

    AND SITELOCK WAS TRYING TO CHARGE ME $700 A YEAR TO DO THAT.

    Then I asked bluehost to CANCEL my sitelock subscription (you get one for free when you join bluehost) and I never wanna hear about them again.

    Scammers.

    Reply
    • Margaret Rode
      Margaret Rode says:

      So sorry that happened to you too. I don’t give my money to unethical companies anymore. There are too many that are trying to do the right thing; I’ll support them instead. Sitelock is owned by Unitedweb, which also owns EIG, which owns Bluehost and Hostgator. So it’s all just an incredibly unethical money-making scheme. Glad you are free and good luck with your blog!

      Reply
    • Billy Bob Covnan
      Billy Bob Covnan says:

      same thing happened to me at Hostgator. deactivated my site due to malware and gave me a number to call. Was sitelock and they wanted $200 for “emergency cleaning”… turns out I only had to delete one file.

      Reply
      • Margaret Rode
        Margaret Rode says:

        Doing what I do, I’ve had clients who’ve worked with at least 20 different web hosts. I’m mystified why only Hostgator and Bluehost-hosted clients have ever suffered from malware on their web server itself (WordPress is different and more common). I have my suspicions.

        Reply
  2. Greg
    Greg says:

    This also happened to me. I always thought that Hostgator was a legitimate company. I guess not. I’m going to move all of my hosting away from them.

    Reply
  3. POed
    POed says:

    Just happened to me today. All my sites down. They strong-armed me to pay them $300 per domain per month on a 12 month agreement ($3600!!!). I said, “No to that crap so fast.” Straight up told them they are scamming people and that I was done with “Bluehost”. Then she said she wasn’t Bluehost. I then called Bluehost tech support and got a very helpful tech that ran a malware scan and boom, one file. Cleaned that and my sites were back up again.

    Reply
    • Margaret Rode
      Margaret Rode says:

      Thanks, Darin. It’s good to know that SOMEBODY at Bluehost is willing to help. Somebody has to see that their relationship with the Sitelock scams is hurting their brand…don’t they? Maybe not.

      Reply
  4. Fred
    Fred says:

    I got an email from SiteLock informing me that my website had been infected with malware. Indeed, that was the reason that my website was down. I contacted HostGator, my hosting company, which connected me to SiteLock. SiteLock informed me that they could remove the malware if I agreed to one of their protection plans ($60, $89, $110, or $150 per month, all to be paid one year in advance). I felt like my website was being held for ransom unless I paid these exorbitant fees. Fortunately, I did not agree to any of their plans. I will be moving my hosting to a different company that has no affiliation with SiteLock.

    Reply
  5. Melissa
    Melissa says:

    Bluehost has shut down our site, citing malware. I just got off the phone with them (February 28, 2018) and SiteLock quoted some ridiculous prices for an “engineer” to manually remove the malware. At first it was $300 down and $100 a month and then later it become just $30 a month for the cleaning and the service. I keep reading about instances in which Bluehost’s relationship with SiteLock is allowing them to scam their customers. I am reading that sites are being shut down and then after the “engineer” cleans what has been a total database attack, a report is sent back to the customer citing that the malware has been removed but they never show their work. This site belongs to a non-profit agency and really even $30 a month is a stretch for these folks. I also don’t trust SiteLock — I mean, really, from $300 down and $100 a month to just $30 a month …. that doesn’t sound logical.

    When I told them we could not afford this and we would just have to shut the site down and rebuild with another hosting service, they said that the malware would follow the domain no matter where I took it. I am not sure that is accurate. When I told them this was not accurate they hung up on me.

    Also, I get a weekly report from SiteLock that says the site is malware free. Their explanation from that is that “the basic free service we have only picks up about 70 percent of the threats.”

    I run a number of other websites with Bluehost and have done so for the past 10 years. I hope this isn’t a sign of things to come. I have already migrated one site over to Wix for fear this will happen to one of my other sites and when I get time I will migrate the others as well.

    PS –today (5-16-2018) when I spoke to someone at Bluehost tech – they said SiteLock had listed our issue as Phishing – not Malware. These are sales people at SiteLock and they don’t care about the Bluehost customer or brand – you need to get rid of them. Oh, and by the way, today the price was $503!

    Reply
    • Margaret Rode
      Margaret Rode says:

      Melissa, I’m so sorry that’s happening. It just makes me so angry (as you might have guessed from my post…) I live in fear that whatever GOOD host I work with will eventually sell to this horrible company and turn into Bluehost or Hostgator. I appreciate people sharing different experiences here. And no, malware doesn’t “follow your domain name” if you rebuild the site from scratch somewhere else. I can’t believe they told you that – unless maybe they thought you were just going to copy the files over.

      Reply
  6. Janie
    Janie says:

    Been going through this for about two weeks now. I just got a call from Sitelock upset because they could not access my website with their SMART tool. I told them that I had added a firewall through another company. They got mad real quick saying the other company wasn’t as good as they were. When I refused to purchase any of their plans no matter if it was $10, $20, or $300, they hung up on me.

    Reply
    • Rodrigo
      Rodrigo says:

      If you dont mind me asking, what Firewall service did you get?

      I was recently contacted about one of my sites having “malware”, deleted it off of Hostgator and moving it to Siteground. They keep losing more of my business each day.

      Reply
  7. Tim
    Tim says:

    I use Hostgator for all my sites. Not to long after I agreed to use the free SiteLock option, all of the sudden all my sites started having problems. Now one is blocked by google. I refused to pay SiteLock, told them I would just delete the sites as they make no money. They kept lowering the price, I still refused. So now most of my sites are deleted and I still get a notice that there is a virus. Virus on what, there are no files in the directories. I will be moving my hosting to another company. Who and what are others using after this problem with SiteLock.

    Reply
    • Margaret Rode
      Margaret Rode says:

      Tim, this is so typical of this situation. So frustrating. I’m hoping people will respond and share the hosting companies they use because I’d like to have several I can recommend to my clients, but so many of them seem to be controlled by EIG (who owns Sitelock) For my own sites, I use Siteground: https://websitesforgood.com/resources-we-like/

      Reply
      • Rodrigo
        Rodrigo says:

        I am slowly moving all my sites to siteground it seems, the support has gone way down at Hostgator, I cant see how non tech people could work with them.

        I had most my domains with them, but moved them away to a registar that is way cheaper and provides free WHOIS privacy.

        Opened a siteground hosting and already moved a couple of sites. Another reason why to move is the free SSL that siteground provides, this is a must now a days and lots of hosting providers have it, except hostgator of course

        Reply
    • Margaret Rode
      Margaret Rode says:

      Thanks, David. I’m still happy with them–they got me out of a tech pickle yesterday in less than 3 minutes. I’m hoping they stay the way they are for a long time to come.

      Reply
  8. stephanie
    stephanie says:

    I just got an email and site lock when I called wants $850 to clean my site.. it does redirect you to another site so they say this is illegal and I have to pay or my site will be pulled down.. I have a computer guy coming to fix my site today and told me to not pay site lock and they are are a scam and blue host and Hostgator and to move my site hosting.

    Reply
  9. jeroen
    jeroen says:

    this is such a bogus company, when you want to quit they charge you with 6 Months fee…. 6 months ,, for what ? i my case this was over $3000 to stop using a useless service . feel very scammed , funny part is that they call you are polite and show complete ignorance , offer no solution besides assuring you that they will not continue charging you after the contract expires ( like they should try !!) and then thank you for being a loyal customer ….. like talking to drone STAY AWAY

    Reply

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *