Beware of malware scams – SiteLock, HostGator, Bluehost, and the tale of the angry web girl

Sitelock is STILL on my s*** list. Please read the UPDATE to this evolving story at the bottom of the post.

A beloved client forwarded this to me this morning.  It’s an email she received from the “security” firm SiteLock, a (former) partner company of popular website hosts HostGator.com and Bluehost.com.

Hell hath no fury like an angry webmaster who hasn’t yet had her coffee.

Notice the wording:  One or more of the domains you own has malware on it.
Fairly clear, right?  One of her sites is infected with malware…it says so right in black and white.  Bad news, but I’ve never been one to hit the panic button before it’s time.

I calmly went to HostGator’s tech support “Live Chat” to ask them about this.  I pasted the email into the box so the technical support rep could see what I’m contacting them about.  I asked: Is this legitimate? What happens next?

Over the course of the conversation, I learn from the tech dude that SiteLock is their partner company. And I learn, in fact, there’s no evidence of malware. The site MIGHT be infected, he says, but no one really knows for sure.  In order to truly find out, my client would need to purchase an expensive malware prevention package from SiteLock, so they can peek inside and see if there’s malware there.  If there is, they’ll charge another fee to get rid of it. Those fees, combined, crept into four figures.

I take a deep breath and count to ten:  So…the email is a sales pitch, designed to frighten my client into purchasing a product?  And the email makes a statement that’s patently untrue?  I point it out to him again: One or more of the domains you own has malware on it.  Why would they say such a thing if it weren’t true?

Hemming and hawing ensue.

I’ll spare you the gory details of my response, which nearly set the curtains ablaze. I want you to think I’m much more patient and kind than I happened to be this morning.

My little dog came to sit next to me and put his head on my knee. You okay? You smell mad. Maybe a walk?

Why am I bothering to tell you this?

Well…aside from being angry about a concerted effort to drum up business by sending good people into a panic about their website?  Good people who might not be terribly techie, or who may be busy…..gosh I don’t know….building their business?  So instead of helping depressed people, doing reiki healing, selling their art, finishing their book, booking new coaching clients, they have to spend their money and life energy dealing with service provider scams—from the very people they are already paying every month to keep their website running.  Infuriating.

In short:  Anyone whose website is hosted with the company HostGator.com, or with Bluehost.com, or with ANY of the hosting companies under the conglomerate parent company EIG, is likely to receive one of these emails soon, if you haven’t already.  I wanted you all to know what this particular game was, so you can watch for it.

To all my clients: Please feel free to drop me an email or a PM if you receive one of these emails. I can be of help deciphering the scare-mongering.

Edited to add: See the comments below the post for some helpful/scary comments made by others. In August 2018, Endurance Group’s CEO and CFO were fined several million dollars for fraud by the SEC related to company subscriber numbers.

Hosting is a personal decision, but for what it’s worth, I have shifted all of my sites to the hosting companies at the top of my Resources page. I’m trying to make a list of the companies that get great customer reviews, give good value, and don’t have anything to do with all of this filth. If you know of others that fit this description, hit “Contact” in the top menu and let me know so I can get them listed.

If you’d like to avoid giving your hard-earned money to scammers like these, here is a recent list of hosting companies owned by EIG, the parent company of Hostgator, Arvixe, Bluehost, and dozens of others, and here is a list of hosting companies owned by Sitelock’s new masters at ABRY Partners . I would only suggest you avoid those if you don’t want to find yourself in the same boat again.

UPDATE AND SUGGESTIONS:

This mess continues to evolve. Sitelock was acquired earlier this year by a private equity firm called ABRY Partners. That was in April, and as we’ve all seen, the blackmail tactics have continued unabated. I have no proof that Sitelock has access to private data from its former EIG sister companies, but my first instinct is to stay as far away as possible from any of them.

Here are some things you may want to try, if you are A) currently paying for website services from a company connected to the above (including sadly ConstantContact.com), and B) aren’t currently locked out of your site:

  1. Consider moving. Seriously, do you want to give your money to people like this? See the top of my Resources page for some hosting ideas. Most of them offer to move your website and email for free if they can, making it SUPER easy to escape. You can also save money by taking advantage of signup pricing.
  2. Immediately change all of your passwords with that company. Go into your account with the company (some, like hosting, may have TWO logins) and change your passwords to something very complicated and VERY different from anything you’ve used elsewhere on the web.
  3. If you use WordPress, immediately have your tech person change your database password for the website. This involves changing it in a couple of places, so it’s best to have a tech-savvy person do this.
  4. Change your password to any website admin areas (like WordPress).
  5. Change your email password as well. Again, make it different from your hosting password(s) and different from anything else you’re using on the web. It’s worth the hassle to avoid being held hostage by scammers and forced to pay them hundreds or thousands to get your site/email/store back.

Take a deep breath. We’ll all get through this together.

96 replies
  1. Avatar
    Bruno says:

    They are SCAMMERS. My website got DEACTIVATED on bluehost because they said it had a malware… So I logged in to the live chat and the customer support asked if they could call me – I said YES, thinking they would help me.

    Well, it was actually someone from SITELOCK on the phone, asking me whether I make money with that website, because they could fix it… but there’s a price! After I insisting many times that it’s just a personal blog which I don’t monetize, they said it would be $720 a YEAR to fix the site and keep it safe.

    I said no way and they kept lowering their price all the way to about $300. Still, I said no.

    I then talked to another representative on bluehost’s live chat and the told me it was just 3 infected files. I just had to open the file manager, delete the files and everything was solved.

    AND SITELOCK WAS TRYING TO CHARGE ME $700 A YEAR TO DO THAT.

    Then I asked bluehost to CANCEL my sitelock subscription (you get one for free when you join bluehost) and I never wanna hear about them again.

    Scammers.

    Reply
    • Avatar
      Margaret Rode says:

      So sorry that happened to you too. I don’t give my money to unethical companies anymore. There are too many that are trying to do the right thing; I’ll support them instead. Sitelock is owned by Unitedweb, which also owns EIG, which owns Bluehost and Hostgator. So it’s all just an incredibly unethical money-making scheme. Glad you are free and good luck with your blog!

      Reply
    • Avatar
      Billy Bob Covnan says:

      same thing happened to me at Hostgator. deactivated my site due to malware and gave me a number to call. Was sitelock and they wanted $200 for “emergency cleaning”… turns out I only had to delete one file.

      Reply
      • Avatar
        Margaret Rode says:

        Doing what I do, I’ve had clients who’ve worked with at least 20 different web hosts. I’m mystified why only Hostgator and Bluehost-hosted clients have ever suffered from malware on their web server itself (WordPress is different and more common). I have my suspicions.

        Reply
        • Avatar
          Alex says:

          Both are actually owned by EIG, that could have something to do with it. Although they do own many others hosts too.

          Anyway, I landed here because I got a similar email and was curious. The email I got did not specify domain or infected files. I am guessing it’s a Bluehost domain as the email address they used is only on Bluehost account. A few more domains left to transfer away from them and I am done with them. Bad experiences with different issues.

          Reply
    • Avatar
      Elizabeth K Burton says:

      Likewise. Email contained list of offending files. Files were removed. Contacted Bluehost via chat for reactivation. Got Sitelock salesperson instead telling me once a site was hacked (it wasn’t) hackers will continue to get through w/o a firewall. I asked “So, what, exactly, are we paying you to do?” Offered to transfer me to Bluehost, signed out of chat instead.

      Opened new chat, rinse and repeat. Finally got to Bluehost and was sent list of additional alleged malware files. Cleared out same. Contacted to request reactivation. Site declared clean and reactivated. Next day, new letter announcing deactivation for malware.

      Bluehost just lost a customer, and I had better see a whole bunch of refunds in short order.

      Reply
      • Avatar
        Margaret Rode says:

        Elizabeth, this is such a typical pattern. I’m so sorry you’re a victim of this too. The work you’re doing is so much more important than having to hassle with two-bit scam artists.

        Reply
    • Avatar
      Xuscheld says:

      This is EXACTLY what happened to me too. Thanks, I was actually considering if should pay to clean my… 5 sites!

      Reply
  2. Avatar
    Greg says:

    This also happened to me. I always thought that Hostgator was a legitimate company. I guess not. I’m going to move all of my hosting away from them.

    Reply
  3. Avatar
    POed says:

    Just happened to me today. All my sites down. They strong-armed me to pay them $300 per domain per month on a 12 month agreement ($3600!!!). I said, “No to that crap so fast.” Straight up told them they are scamming people and that I was done with “Bluehost”. Then she said she wasn’t Bluehost. I then called Bluehost tech support and got a very helpful tech that ran a malware scan and boom, one file. Cleaned that and my sites were back up again.

    Reply
    • Avatar
      Margaret Rode says:

      Thanks, Darin. It’s good to know that SOMEBODY at Bluehost is willing to help. Somebody has to see that their relationship with the Sitelock scams is hurting their brand…don’t they? Maybe not.

      Reply
  4. Avatar
    Fred says:

    I got an email from SiteLock informing me that my website had been infected with malware. Indeed, that was the reason that my website was down. I contacted HostGator, my hosting company, which connected me to SiteLock. SiteLock informed me that they could remove the malware if I agreed to one of their protection plans ($60, $89, $110, or $150 per month, all to be paid one year in advance). I felt like my website was being held for ransom unless I paid these exorbitant fees. Fortunately, I did not agree to any of their plans. I will be moving my hosting to a different company that has no affiliation with SiteLock.

    Reply
  5. Avatar
    Melissa says:

    Bluehost has shut down our site, citing malware. I just got off the phone with them (February 28, 2018) and SiteLock quoted some ridiculous prices for an “engineer” to manually remove the malware. At first it was $300 down and $100 a month and then later it become just $30 a month for the cleaning and the service. I keep reading about instances in which Bluehost’s relationship with SiteLock is allowing them to scam their customers. I am reading that sites are being shut down and then after the “engineer” cleans what has been a total database attack, a report is sent back to the customer citing that the malware has been removed but they never show their work. This site belongs to a non-profit agency and really even $30 a month is a stretch for these folks. I also don’t trust SiteLock — I mean, really, from $300 down and $100 a month to just $30 a month …. that doesn’t sound logical.

    When I told them we could not afford this and we would just have to shut the site down and rebuild with another hosting service, they said that the malware would follow the domain no matter where I took it. I am not sure that is accurate. When I told them this was not accurate they hung up on me.

    Also, I get a weekly report from SiteLock that says the site is malware free. Their explanation from that is that “the basic free service we have only picks up about 70 percent of the threats.”

    I run a number of other websites with Bluehost and have done so for the past 10 years. I hope this isn’t a sign of things to come. I have already migrated one site over to Wix for fear this will happen to one of my other sites and when I get time I will migrate the others as well.

    PS –today (5-16-2018) when I spoke to someone at Bluehost tech – they said SiteLock had listed our issue as Phishing – not Malware. These are sales people at SiteLock and they don’t care about the Bluehost customer or brand – you need to get rid of them. Oh, and by the way, today the price was $503!

    Reply
    • Avatar
      Margaret Rode says:

      Melissa, I’m so sorry that’s happening. It just makes me so angry (as you might have guessed from my post…) I live in fear that whatever GOOD host I work with will eventually sell to this horrible company and turn into Bluehost or Hostgator. I appreciate people sharing different experiences here. And no, malware doesn’t “follow your domain name” if you rebuild the site from scratch somewhere else. I can’t believe they told you that – unless maybe they thought you were just going to copy the files over.

      Reply
  6. Avatar
    Janie says:

    Been going through this for about two weeks now. I just got a call from Sitelock upset because they could not access my website with their SMART tool. I told them that I had added a firewall through another company. They got mad real quick saying the other company wasn’t as good as they were. When I refused to purchase any of their plans no matter if it was $10, $20, or $300, they hung up on me.

    Reply
    • Avatar
      Rodrigo says:

      If you dont mind me asking, what Firewall service did you get?

      I was recently contacted about one of my sites having “malware”, deleted it off of Hostgator and moving it to Siteground. They keep losing more of my business each day.

      Reply
  7. Avatar
    Tim says:

    I use Hostgator for all my sites. Not to long after I agreed to use the free SiteLock option, all of the sudden all my sites started having problems. Now one is blocked by google. I refused to pay SiteLock, told them I would just delete the sites as they make no money. They kept lowering the price, I still refused. So now most of my sites are deleted and I still get a notice that there is a virus. Virus on what, there are no files in the directories. I will be moving my hosting to another company. Who and what are others using after this problem with SiteLock.

    Reply
    • Avatar
      Margaret Rode says:

      Tim, this is so typical of this situation. So frustrating. I’m hoping people will respond and share the hosting companies they use because I’d like to have several I can recommend to my clients, but so many of them seem to be controlled by EIG (who owns Sitelock) For my own sites, I use Siteground: https://websitesforgood.com/resources-we-like/

      Reply
      • Avatar
        Rodrigo says:

        I am slowly moving all my sites to siteground it seems, the support has gone way down at Hostgator, I cant see how non tech people could work with them.

        I had most my domains with them, but moved them away to a registar that is way cheaper and provides free WHOIS privacy.

        Opened a siteground hosting and already moved a couple of sites. Another reason why to move is the free SSL that siteground provides, this is a must now a days and lots of hosting providers have it, except hostgator of course

        Reply
      • Avatar
        Susanna J Gross says:

        I’m appreciative of your informative post. I ran into SiteLock today commenting on a friend’s blog. Their security check wouldn’t ever finish. Fortunately my site is hosted with a provider you guys have not mentioned. I have a virtual machine at CloudSigma, costs me $10/month and they have excellent service from the point of view of a system administrator. It’s not a hosting provider, it is up to you to configure the machine from the ground up. I run my own email and web server there, and use it for a little cloud backup on the side.

        Reply
    • Avatar
      Margaret Rode says:

      Thanks, David. I’m still happy with them–they got me out of a tech pickle yesterday in less than 3 minutes. I’m hoping they stay the way they are for a long time to come.

      Reply
  8. Avatar
    stephanie says:

    I just got an email and site lock when I called wants $850 to clean my site.. it does redirect you to another site so they say this is illegal and I have to pay or my site will be pulled down.. I have a computer guy coming to fix my site today and told me to not pay site lock and they are are a scam and blue host and Hostgator and to move my site hosting.

    Reply
  9. Avatar
    jeroen says:

    this is such a bogus company, when you want to quit they charge you with 6 Months fee…. 6 months ,, for what ? i my case this was over $3000 to stop using a useless service . feel very scammed , funny part is that they call you are polite and show complete ignorance , offer no solution besides assuring you that they will not continue charging you after the contract expires ( like they should try !!) and then thank you for being a loyal customer ….. like talking to drone STAY AWAY

    Reply
  10. Avatar
    Cathy says:

    I tried to log in to my wp admin but there was a message saying that my site had been suspended and that I needed to contact Hostgator. I did that and was told that I had phishing on my site. They asked me if I had received a ticket which I hadn’t. I noticed another site I have had big red warnings. They told me there was another ticket for that which I found in my customer portal where they have given the file that is infected. I found the tone of what was written on the ticket very threatening, as if I had done something I shouldn’t have. They transferred me to Sitelock which I thought was a bit suspicious. I was told that they could clean my sites and look after the security for £60 per site per month!!! I don’t know how to clean this up as I am not techy but once I figure it out I will be moving away from Hostgator. I have been paying Hostgator for years and this is how they treat me. Something should be done about this surely! Thanks so much for highlighting this issue!

    Reply
    • Avatar
      Margaret Rode says:

      Thanks, Cathy, and I’m so sorry this is happening to you. I host websites for clients all over the place using many hosts, and the Bluehost/Hostgator cartel is the ONLY place where these malware things happen at such an alarming rate (in fact I can’t remember if it’s EVER happened on my other hosts) I can do the math there easily. And the fact that they basically lock you out of your site so you can’t make changes or get external help…What a shame. Good luck to you.

      Reply
    • Avatar
      Margaret Rode says:

      P.S. Are you able to get into your control panel with HG at all? Or is it just WordPress you can’t get into? I am working on some recommendations for inexpensive ways to regain control of our sites, but if they have you completely locked out, they have all the cards so to speak… 🙁

      Reply
  11. Avatar
    Hellen says:

    I just received an email from Sitelock saying my site has malware. I am hosted through Bluehost. I found your site because I didn’t want to just respond to the Sitelock email without investigating it’s validity? What would you do? I don’t want to have to deal with Sitelock at all. Should I contact Bluehost to tell me if files are affected & fix this or should I just move to a different hosting provider? What would you do?

    Reply
    • Avatar
      Margaret Rode says:

      Hi Hellen, so sorry this is happening. It looks like your site was hacked quite badly. My first step, if I were in your shoes, would be to contact Bluehost’s tech support via their Chat and tell them you don’t want to sign up for Sitelock but you DO want to know whether they can fix it or restore your site from a safe backup copy. You don’t mention whether it’s just your website you’re locked out of, or your entire hosting account (which can also happen). In either case, that’s where I’d start. I’d familiarize myself with https://sucuri.net and their services — you may need them, as it seems your site is in fact in a very bad way.

      Reply
  12. Avatar
    Alanamous says:

    I am very much expecting HostGator (HG) to be up to their games via SiteLock (SL) to try to squeeze people out of more money.

    In 2014 HG was initially asked to become compatible with Let’sEncrypt and they gave an vague answer along the lines of they are looking into it. The rest of the free world has moved forward towards site security and meanwhile HG has been squeezing it’s customers to pay $10 per certificate per site to install FREE certificates. SG specifically turned off the ability in CPanel for it’s customers to be able to install and manage their own SSL certificates once it was fully integrated. They continued to disallow this necessary management tool and instead forced people to pay for the “service”.

    Finally, Google Chrome has declared that on July 1st, tomorrow, it will mark all sites without https encription “NOT SECURE”. There have already been effects to rankings for sites not secured with SSL certificates, so HG was essentially making people put their money up if they wanted to be seen on the internet. Two nights ago I contacted SG via phone. I noticed some new folders in my CPanel associated with SSL and was hoping that somehow HG was FINALLY doing the right thing and allowing users to be able to manage/install SSL certificates themselves. I was told that HG was FINALLY adding free SSL for all in July and I should watch my inbox for more information.

    Lo and behold, the next morning I had an email from HG which vaguely announced Free SSL for all and said to watch for upcoming details. The email pointed to a blog post which indicated how important it was for this security feature to be in place prior to July 1st, and yet here we are on the eve of July 1st and STILL HG hasn’t sent any further information on how users are supposed to employ their free SSL certificates and get them operational.

    Thankfully, I was able to piece together that the certificates were already in place, they just had to be authenticated. I installed Really Simple SSL on all of my sites and as soon as I activated the plugin I was good to go. (Sorry for such a long winded comment, and I haven’t quite gotten to the part about SiteLock (SL) yet. I’m almost there! I wanted to share information I thought is helpful in case anyone else comes along.)

    This morning I received an email from my old pals at SL informing me of a potential security risk. Hours after I received the email from SL I received an email from HG stating that they were collaborating with their longtime security partner SL and will be including a basic malware scan, free of charge, as part of my hosting package. Lucky me!

    The way I figure things, they have lost revenue from squeezing people into purchasing installation of SSL certificates so now they have decided to offer “FREE” security scans, which consequently runs once a day per domain. There is a way to opt out by calling, but I think I might let this run a little while first to see if I consistently get emails every single day or not out of curiosity, first.

    Unfortunately, I was duped in the past into signing up when I was a newbie to the world of website design. (Not that I’ve come much further!) I simply thought that it was a prudent thing to do and I was suckered for a few years at about $10.95 a year. I thought I had signed up through GoDaddy, another shameful company I finally moved away from. Currently I need to set a reminder in my calender so that I can switch to DomainNameShop before my HG plan auto renews and after I get my full paid subscription worth. I’m not letting them keep any of my money. It’s just ridiculous that organized crime is legal in the United States, and it’s very common too.

    Reply
  13. Avatar
    Mary Rad says:

    Dot5 Hosting is doing the same thing. They are “partnered” with Sitelock. My site has been hacked multiple times since the “partnered” with Sitelock, never was before. Seem like a strange coincidence, doesn’t it? Can anyone recommend a web host who’s actually reputable?

    Reply
  14. Avatar
    Maureen says:

    Do you know anything about WebstrikeSolutions/EasyCgi ? I’m continuously getting calls from SiteLock about malware on my site hosted there. How would I identify the malware myself? Looks like they hijacked my home page. Thank you

    Reply
  15. Avatar
    swdailey says:

    I am afraid that sitelock is in cahoots with dotster as well. My web site is a passive one.One cannot loginto our web site. It just displays information. It had been infected by malware before but I manually cleaned up the code myself. I removed the offending subdirectories and edited the code. Sitelock found no problems for months but now the same code has returned and the same directories that I had deleted have returned. I don’t see how this would be possible unless someone has a password to my site at the hosting company Dotster. Am I missing something?

    Reply
  16. Avatar
    Jas Rob says:

    I have hosting with Netfirms.com and they use Sitelock. Ever since Netfirms started using them my wordpress sites have been hacked. I got a malware email for a url that I own. The huge problem with that is there is no folder on my server for the url.

    Reply
  17. Avatar
    Jennifer Ford says:

    I’m an attorney. This happened to me. If anyone would like to discuss, I’m STRONGLY considering legal action. This just happened, and my sites are still down. This is extortion, unfair business practices. If anyone would like to discuss, let me know.

    Reply
        • Avatar
          JD Thomas says:

          Hey Jennifer!

          I’m Jerri Thomas, Founcer & CEO of The Learners Lab Foundation. We had already planned to pursue our Domain Registrar status when a few years back when we discovered our [now former] ISP/Hosting vendor, Verio, had been purchased by EIG.All kinds of crap began to quickly hit the fan, inf act in one week i had more than 3400 spam/spoof emails hit my spam/junk folder.

          We moved to iPower only to learn some time later after another incident that they are also an EIG. I ran and set up several ISPs back in the old days and was able to .dig around to discover that EIG et al are Chinese owned. That splainz it Lucy!

          All our main sites are down as of 9/29/2019:
          Primary domain and email: thelearnerslabfoundation.org (live with 120+ emails accounts)
          clearedcandidatesdb.org (in dev, not live)
          earlybirdregistration.net (live)
          infoxchng.org (was in dev and not live)
          thefellowshipacademyatthelearnerslabfoundation.org (dev/beta)

          I’ve already reached out thru your website.

          Reply
    • Avatar
      Kelly Quilter says:

      I’m currently trying to get a refund after only having the service for a month and being hacked repeatedly while having it. And ideas on what to say to get it back??
      They told me that they are the security company for my new Host A2, which is not true, they use Securi but haven’t advised me that I would even need that.
      My developer doesn’t trust them and we are suspicious that all of the hacking came about once they came on the scene!
      Advice appreciated!

      Reply
      • Avatar
        Jennifer Ford says:

        Literally everything they say is a lie. They are either all owned by the same parent company, or colluding to create a non-existent need. I do know Bluehost ownes more then 50% of Sitelock, but I’m fairly certain they are owned by same parent. They were vindictive to me, an attorney, so clearly they have no fear of anyone fighting back. They actually rerouted my website to an escort service when my computer guy showed them there was no malware, and refused to pay for the to clean the nonexistent malware, or purchase Sitelock. They allowed him to put my site back up. However, by morning it was re-routed to an escort service.

        Reply
  18. Avatar
    Roger says:

    Horror stories. Here’s one to add to the list. SiteLock kept calling me to sign up for their extra service. I’d already paid Bluehost for the complete package that was supposed to protect the site. They even offered a Spanish speaking tech to talk to our tech here. I’m in Puebla, Mexico. Our website is a non-profit, we don’t have customers or any motive to make money. The guy offers me a “special” to protect the site.

    Today during the staff meeting he called again and said he had bad news. Google had found malware on the site and his Spaish speaking tech was available to talk to my folks here, tell them how to find the malware on the “dashboard” and eliminate it. I smelled a rat and ended the conversation.

    Later, I went to Bluehost and signed in. I was looking for the dashboard to see what he was talking about. Asked for help with security and ended up talking to someone from Sitelock. After asking the same question half a dozen times, where on the Bluehost dashboard is this information, I ended up giving them my phone number and the same salesman who scammed me before called back. Turns out, the dashboard he was talking about was the SiteLock dashboard. They walked me through the steps to find the information and there it was.

    The salesman then told me that because the site was not infected, he could not offer me the special rate but that he would wave the $300 fee to remove the malware and charge me $50 a month. Of course, that’s more than we can afford.

    He said he checked the site and what the malware does is reroute you to some other service that asks for your personal information. We can get into the sub-pages, like resources, by following that link as it appears in a Google search. Only the main page is where the reroute the link. This only happens on tablets and smartphones. It did not happen on my tablet or phone but I asked friends to attempt it and they were indeed rerouted. Now, this happened after I refused their offer.

    The salesman said that Google would warn people away from the site, even when they went there directly, i.e. not through a Google search. What Google has to do with policing the entire Internet that way he couldn’t say. He threatened me that Bluehost would shut down the site if I didn’t subscribe to his service. I said so be it. I asked why, after 5 years hosting the site at two different places, this is the first time this had happened. He never gave a straight answer.

    After reading this article, I called back and got the same guy I talked to before, told him I was onto him and to fix it or Bluehost would lose a customer. Long story talking nonsense and making excuses but after I hung up my adult children in California and my neighbor could enter the site.

    It looks like a duck, quacks like a duck, has feathers like a duck. I think it’s a duck. I’m going to take your advice and move the site to the hosting service you recommend but need to know what steps to take other than just to cancel the service with Bluehost first and then take steps to host it elsewhere.

    If the malware is still there, how do I remove it?

    What steps do you recommend to secure the site? We did have problems with a virus getting into WordPress. Does Siteground or other service offer adequate security?

    Thanks so much,
    Wouded-by-a-duck Roger

    Reply
  19. Avatar
    Julio says:

    I received a call from sitelock saying that three of my websites were infected with malware, but they didn’t have the logs and that I should contact the “engineers ” to fix that problem or they would have to lock my account? WT? Avoid this hostgator for god’s sake. Amazon has lightsail (https://aws.amazon.com/lightsail/) ,it’s your own server, no shared hosting anymore, no annoying dirty sales tricks.

    Reply
    • Avatar
      Margaret Rode says:

      ReadyHosting is another one of the same family of companies that owns Sitelock (Endurance Intl Group). So sorry to hear this, Laurie 🙁

      Reply
  20. Avatar
    Ross says:

    Same thing happened to me today.

    Got a VALID message from BLUEHOST (not Sitelock) a few months back, informing me that one of my contact forms was unprotected (no CAPTCHA) and was being abused by spammers, so they deactivated my site. I went and checked, and sure enough (whoops!) I forgot to put the captcha in there. Fixed and reactivated through the automated link. No more problems! (And this is how a webhost SHOULD act, notifying you of problems and automatically reactivating on your own recognizance when you confirm you fix it.)

    Thought everything was fine until today. Received an email at 12:19 AM saying the site was deactivated. Received voicemails and emails from Sitelock at 5pm asking me to call them to fix the problem. SSH and FTP logins disabled, so I had to log in via their website/cPanel tonight, but didn’t see anything obvious – so I clicked on the “live chat support” link on Bluehost’s website to ask them to wipe the account (I have plenty of old backups I can restore to prior to “malware detection”).

    The chat link on Bluehost’s website connected me up to a SITELOCK Employee, who, when asked if he could just wipe my account, claimed that he could, but the malware would “just filter back through” through “a backdoor file”, even if the account was completely wiped. He claimed that default installations on Bluehost were vulnerable (implication – must pay to “protect”). I didn’t let him get that far into the spiel and re-asked him to wipe the account. Only THEN did he finally connect me to the true Bluehost Tech Support. They didn’t want to wipe and instead wanted me to delete the “infected” files. So I did that, and they reactivated my account in a matter of minutes. I finished wiping everything myself, and now I’m restoring from a backup and will be up and running within the half-hour, but tomorrow I’ll be actively looking to transfer away from this horror-story-waiting-to-happen, and will NEVER recommend Bluehost to anyone else in the future, ever again.

    Full screengrabs of my chat log with the Bluehost “live chat support” on the following link:
    https://imgur.com/a/RBPnvGT

    Reply
  21. Avatar
    Bianca R says:

    After 8 years of having no issues with my site, on Oct 4th I spoke to a sitelock specialist who said they would ramp up my current service I had already paid $150 for with an upgraded version for $450 to help “remove” the malware and do continuous scans. Then surprisingly a week later, I had yet another issue where they claimed they had to do a “manual scan” to fix the malware but that they could upgrade me to their highest level of service with unlimited manual scans for another $220. I checked my credit card bill and they had overcharged another $65 “by accident”..Right!! They are just thieves. Another week later, my websites were all frozen by their partner hosting company and Sitelock claimed my other website had malware. I found it suspicious and went to another company who said they saw nothing on my other site but that Sitelock is known for scamming. I wish I knew it before I dished out $670 which they have you sign saying you forfeit any previously paid sums as they know that eventually people will find out and they don’t want to give refunds. How convenient.They scare you by saying your site is being attacked and work with 2nd rate web hosting companies that shut down your site and direct you Sitelock as the only way to get it up and running. They are horrible!!! Stay away!

    Reply
  22. Avatar
    Jennifer Ford says:

    As I said above, I’m an attorney, and they had zero qualms about doing this to me. They have been, and will continue to, get away with this. These people are really fraudulent, and could literally wreck people’s lives, reputations, and businesses. The legalese is “Fraud in the Inducement”, “Unfair business practices”, “Conversion”. They are also vindictive. They took down my site, and my IT guy messaged them, in India. When my IT guy refused to pay them to scrub my non-existent, malware, they decided to punish me. He showed Bluehost the proof there was no malware in my site. I don’t really know how he is 100% sure, because I can’t really understand him when he starts speaking in professional IT lingo. However, suffice to say, he had emperical data, proof, that my site was void of malware. When he showed this to Bluehost, they allowed my site to go back up. This was late in the evening. By the next morning, one of my clients called to tell me my website was re-routed to an escort service website. They were punishing me for not paying their exhorbinant fees to scrub imaginary malware, and refusing to purchase their mafia- style protection racket, Sitelock.

    Reply
  23. Avatar
    Buyuk says:

    Hello,
    Same things happened to me . Aftet 10 min email from SITELOCK ,SCAM CAMPANY HOSTMONSTER.COM DEACTIVATEF MY HOSTING ACCOUNT..I WILL FIGHT THEM IN COURT..

    Reply
  24. Avatar
    Dami says:

    SITEGROUND is doing this to me as we speak!! I’ve only been with them one week, and they taken down my site 3 times.
    It’s currentky down, I paid Comodo two days ago to fix it and it seems useless. But they claim I have no malware which strengthened my suspicion about Siteground. They keep referring me to their clean up partners Sucuri. So Siteground is not owned by Eig, but I suspect they’ve brought on a new strategy? Their customer service is horrible, which suffered from what I read before I signed up…
    so now I’m just like “oh gosh which company do I go to now??”

    Reply
    • Avatar
      Margaret Rode says:

      Oh, Dami, that’s not good. I’ve never had this experience with them…and while they do recommend Sucuri for advanced scanning, almost everybody does (including me, when a site has been compromised or might be) because Sucuri is really top-notch. Wishing you luck with InMotion and your website. It has such great energy 🙂

      Reply
  25. Avatar
    ‘Dami says:

    Also, thanks to your resource page, I’ve decided to try InMotion and I’m hoping for the best.
    Hopefully after my exodus from the current host I’ll be able to tell how efficient these guys will be. Their customer service seems genuinely willing to help so far though, and the little price increase difference may just be well worth it.

    Reply
  26. Avatar
    Carrie says:

    I’m currently helping manage the website of a tiny nonprofit in DC and the Exec Director just forwarded me an email from SiteLock with a DIFFERENT site’s address saying it has malware. We don’t use SiteLock nor are we hosted by Bluehost, but we do use JustHost – do you know if they are connected some way? Now I’m a little paranoid they may try to do something to our site (but again it was not the correct site they emailed him about). I’m new to maintaining a WordPress site on JustHost and I just want to be sure I have it all correctly backed up ASAP just in case!

    Reply
  27. Avatar
    Robin says:

    Thank you for posting this. I picked up a voicemail message tonight that said, “Hi, this is Byron with Sitelock Web Security trying to get ahold of Robin. Robin, it looks like there is some sort of malware, or some sort of issue with some of your domains. We were reached out to by your host, iPage, I don’t think they’re putting the websites up for suspension, um, off Google Browser, um, it’s gonna be the [lists my domain name, plus 2 domains I haven’t owned in a long while]. Um, so please give me a call back so we can try to address this issue as soon as possible. Obviously this is a time-sensitive matter. My direct number is [gives phone number.] We’ll talk about getting these cleaned and how we can be proactive and make sure it doesn’t happen again.”

    It just sounded phishy, what with the wrong domain names and the “suspension off Google Browser,” so I called my host, iPage. I selected the tech support option for security and was routed to Sitelock. I explained to the representative that I’d received a strange call and that I was trying to confirm whether the call really came from Sitelock. The representative confirmed that Byron is a real Sitelock employee. She then said that my site could be taken down because I have no security on my website (untrue). I asked what specific issue was causing the problem, and she couldn’t tell me. She said that I’d need to talk with iPage to find out exactly what caused them to “report” me to Sitelock. So, I spoke with iPage tech support and, surprise surprise, they had no indication of malware on my site. Sounds like it’s time to move away from an unethical host that’s doing business with an unethical partner.

    Reply
    • Avatar
      Robin says:

      Follow-up: Two days later, I had another voicemail from “Byron” at Sitelock claiming that my domains were up for suspension due to malware. Again, I confirmed with my host that this was a lie. I followed up by filing complaints with the Better Business Bureau of Phoenix (where Sitelock is located) and the Federal Trade Commission. The BBB contacted Sitelock that day, and I received a phone call from a different Sitelock representative the next morning in response to that complaint. She claimed that the company never does things like that, and she did apologize and say that the sales rep should not have used that language. While that gave me no real reason to believe they’ll decide to behave ethically in the future, I’d recommend that anyone else who encounters this kind of scam marketing file a complaint with the BBB so at least it’s on the record.

      Reply
  28. Avatar
    Ron says:

    Doing business with any EIG-owned company is simply a bad idea, and for a plethora of reasons that go beyond SiteLock. Run, don’t walk, from EIG.

    Reply
  29. Avatar
    James Lick says:

    It appears they’ve resorted to outright lies now. I got an email from SiteLock about a defunct website of mine which currently contains a grand total of one web page with a mailto link in it and literally nothing else. Checked if someone uploaded other content without my knowledge: nope. Hidden files/directories: nope. Modifications to the HTML for the dinky page with the mailto link: nope. Looks like it’s time to dump Hostgator though. Shame. Been using them since January 11, 2007, so just shy of 12 years.

    Reply
  30. Avatar
    James says:

    I just received this email from SiteLock. I’ve been with Hostgator for 12+ years but I’ve over the last few years the service has been lacking. I ended up putting up a new site on GreenGeeks and luckily don’t have any issues with SL or sleezy services related to SL. However earlier today I received an email from SL – Email Copied directly …

    Dear James Johnston,

    As part of your hosting package with HostGator, you have been provided with a SiteLock website scanner that proactively checks for malicious threats and vulnerabilities. During a recent scan of xxxxxx.net (removed for this comment), malware was detected on your website.

    Don’t worry – we are here to help. Please contact us at phone number US(removed for this comment) , phone number (removed for this comment) International or email (removed for this comment). We are available 24/7 to answer your questions.

    As a security precaution, we recommend you always upgrade outdated software, like your web applications or plugins, to the latest versions when available. If you would like more information on malware, please visit our blog by clicking (removed for this comment).

    Thank you,
    The SiteLock Team

    The interesting part is that this site isn’t hosted by HG in months but its listed in the cpanel and they shouldn’t be scanning that site. I believe the site was hosted only for a few weeks but I moved that site when they refused to allow me to add a free SSL. They wanted to charge me for me to add my own or for them to add it. I will eventually move the rest of the sites.

    Is it possible for me to request by chat or email for them to remove this service from account? If so, has anyone seen any retaliation for requesting them to stop this? Or do I need to leave the service going and get the sites ready for migration and just move them off their hosting services?

    Reply
  31. Avatar
    Jeremy says:

    Same issue as other users.

    Here is how it goes – Hostgator takes down your site(s) without notice in middle of night and and sends you an email that says you have malware (meanwhile users get blank screen on suspended URLs). Then they all but force you to pay for SiteLock service which they have a paid affiliate relationship with.

    Malware scanning/warnings should be table stakes and core to the hostgator offering. Read around and you’ll find they make hundreds of dollars extra annual dollars each time they trick someone with this.

    I hope they realize the short-term reward is impacting their long term business. Not to mention there will probably be some class action at some point.

    Reply
  32. Avatar
    Thomas Hauck says:

    For many years I had a VPS level 3 on Hostgator where I ran approximately 10 sites.
    Then in July of last year there was a 3 hour outage for the whole server.
    That was the last draw.
    My advice is to invest in yourself to learn Cloud Computing and get your content off of HostGator.
    I am using 1) vultr, 2) Digital Ocean, and 3) AWS.
    At Hostgator you are paying for their support, not for their hardware.

    Reply
  33. Avatar
    ANTHONY Morinelli says:

    Major collusion. I have several currnet sites with Ipage I also had a few sites that are now closed. Ipage closed my current sites because of “malware.” They sent me to Sitelock. Sitelock wants $100 to clear the sites. I refused and demanded to be returned to Ipage. Upon my continued insistence a supervisor finally showed me how to open the files to find the malware. The malware was on the closed sites. I then had him show me how to clear the malware. He said that they would rescan. Two days later. I’m on the phone again. The case history does not show that the rescan was requested. They try to bounce you back to Sitelock. There is certainly something irregular here. This practice is like mafia patronage. You want to have a malware free site ? Pay our boys!

    Reply
  34. Avatar
    Brooks says:

    WOW! I am on the phone with Bluehost right now accusing them of their fraud and I just Googled this to see if anyone picked up on it. The Malware issue is coming from an inside job with Bluehost and their ‘third-party’ scammers. I know because I ran login reports. This keep happening to me, so I deactivated login and yet the same problem happened again. YES, LEAVE BLUEHOST. But I am definitely going to make some noise first.

    Reply
  35. Avatar
    Howard C says:

    Hi, my site flightlevel390.com is with hostgator and somehow it’s currently being forwarded to a weird chat site without us doing anything. I updated and deleted all files added after January 2019 (since that’s the last time anyone logged in or worked on the site) but it still is hacked. I wonder if this is a setup as I’m reading your threads? When I go to chat support it’s Siteground sounding very excited to sell me services.

    What do I do?

    Reply
    • Avatar
      Margaret Rode says:

      Howard, your site looks great to me – if they were forwarding you to someone it was probably SiteLOCK’s chat, not SiteGROUND. Sitelock is ick.

      Reply
  36. Avatar
    John L Mattaboni says:

    Hostgator is a scam. From the moment I moved my sites there, they were warning me “You’d better pay for SiteLock or you could get infected….”. Yeah, well, guess what. Even though my site has NEVER been infected with malware on any host, magically, just as they predicted, my sites were infected. And of course, the only remedy is sending more money to Hostgator ooops I mean SiteLock.

    Here’s how intertwined these two companies are: If you call Hostgator, TWO out of the seven auto-attendant choices automatically route you to Sitelock support. That’s right, HostGator sites get “infected” so often that they have their auto-attendant send you to Sitelock.

    Reply
  37. Avatar
    Lindsay says:

    I’m currently going through this and am realising that I’ve been scammed. What’s the difference in SiteLock versus me calling one of those phony numbers in the pop ups? Not much if you ask me. I think I just screwed myself over and now I’m wondering if I should just abandon my hobby website altogether. I was quoted $600 to fix it after I called Hostgator when I noticed that when I clicked on my website, it was redirecting all over the place. Then I was redirected to their “partner” SiteLock and quoted $600 and almost crapped my pants. They brought it down to $420 or $35/month and I feel sick to my stomach for being taken advantage of.

    Reply
    • Avatar
      Graham Campbell says:

      Would be happy to help you (or anyone) with this. I have been hosting sites for 7 years and run my own hosting company (NOT looking to sell anything – just saying I know what I am doing). grumblenz at gmail

      Reply
  38. Avatar
    Graham Campbell says:

    I got told I had an infected site. So I checked the site folder – they had put a file in the folder!. I called, went through the hoops, asked support who gave them access to my server? “Must have been an external hack”.

    Sorry sonny, I moved that site off this server 3 months ago. Now what’s your excuse?

    I moved all sites off that week.

    Reply
  39. Avatar
    Maurizio Comelli says:

    Hi, just adding another painful story!
    Last December I have set up an account with HostGator where I parked 4 domains. I had no problems until 10 days ago when I have received an e-mail stating that all my websites were taken down due to malware, to contact SiteLock to see what I had to do.
    Of course, the first thing that I did was to call HostGator support and from there have the confirmation that some malware was found in my account. Through CP File Manager I went to check the content, file structures in my websites to discover that in one of them there was some very unfamiliar series of folders. I did delete all that files, it was easy, they were in a CSS folder, and after that I did check all the content to make sure that the remain was ok.
    I did call SiteLock where I spoke with a very pushy person that wanted me to sign up for a Firewall at $ 50.00 per month per domain, plus another $10 for something else per month per domain. After told him that $240.00 per month was a little too expensive for me. I asked him to send me an e-mail. HostGator support once I informed that the malware content was removed, it reinstated the websites. In order to be more effective and since I was not using the infected domain, I just registered a new one and forget about the old one, two days later the new domain was infected and red flagged by Google Chrome! Even with the $3.00 per month filter that SiteLock offered. Then I deleted all the content in all the domains leaving only a minimal index page. And it is still like this until I understand what to do. HostGator sent me an e-mail offering the filter for free to all my domains … I am still thinking about the answer that I have to give them I have changed all my password without the intervention of the support … and I will keep changing them every 15 days a combination of 18 letters and numbers … hoping that it will work. I have only one FTP account with its own password hoping that it will be enough. I am looking around to find a new hosting, a reliable one … I was with BlueHost in the beginning and it was ok. From there I moved to GoDaddy … and it has been ok until last December when they started to be the support for Office 365 … and I just do not want to go to the details, but I decided to leave and I end up with HostGator! Bad choice!!!! Good luck to you all!

    Reply
  40. Avatar
    Ama says:

    Just another victim of this racket.
    Two of my HostGator sites got hit and were blacklisted by google. After contacting support, a guy from SiteLock offered to waive a $300 fee to clean up the malware (wow, thanks?), but prevention would cost me $60/month (wait, what?!). Luckily, my sites were mainly for development, and somewhat disposable. Long story short, I backed up a couple WordPress databases, wiped out all the sites I had on their servers, leaving a couple static pages. Will transfer the domains to a decent provider that cares about their customers. HostGator used to be a good provider, but ever since Endurance International Group acquired them, things have been going down hill. Stay away folks! And good luck!

    Reply
  41. Avatar
    Mike says:

    Thank you so much for this post! I am quite relieved now after going into panic mode after reading my email. It says on my email that 3 of my hosted domain in my server has malware and I have to contact Sitelock so that they can remove those malwares.

    Reply
  42. Avatar
    Binny Marwaha says:

    Another victim! Bluehost asked me to talk to Sitelock for some non-related issue and since then they have been aggressively emailing and calling me. And today, my website is not working and bluehost has shut it down 🙁
    Please recommend an honest company to host my website, which is only a blog (as a hobby).

    Reply
  43. Avatar
    Trina V says:

    Ugh! This is SO frustrating! I have had this happen to me twice with NetFirms. It makes me mad and sad because I host a lot of websites there and refer them to all the clients I help with websites. I don’t want to have to move everyone over, but this is not okay.

    I called to ask them to un-suspend my website so I could update plugins/themes from the WP dashboard, but they said I couldn’t and the best thing to do is use SiteLock. I told them I am not using SiteLock and I will delete the files myself.

    I had to go through and remove a ton of dumb hidden files that were nested pretty deeply and then I called back. They had to create a “ticket” that would be resolved in 2-3 hours. Hours later I open a chat window to check on the queue and I am directed to a sales person for SiteLock. I don’t want to talk to SiteLock… I asked to be transferred to Netfirms and then I kept getting more and more sales pitches. I finally ended the chat.

    Then I called back for a third time and was told my ticket is still in the queue and there’s no way to know where it’s at in the queue. It could take up to 48 hours to get the scan done so my site can be back up! I asked to talk to someone who could do the scan while I waited on the phone and was told it doesn’t work like that.

    I got an email at 1:49am that they ran the scan again. This time, they found over 600 infected files! It says they are UNOFFICIAL FOUND and the files don’t actually exist in the file manager. I completely deleted all of the folders/files they are referencing.

    When I first started using Netfirms over a decade ago they were so great. They actually wanted to help and got things done–that’s why I’ve stuck around so long. Obviously it is not the same company anymore. I don’t know how much longer I will stay with them. Thank you for the list of reputable companies. I will definitely be checking them out.

    Reply
  44. Avatar
    Brian Gear says:

    Wow! I thought it was just my problem until I became a bit suspicious and searched about and found this site. Exactly the same as most others – same email and same up sell from a Sitelock rep.

    When I received the initial “phishing scam” email and looked (via File Manager) at my various sites. Two had some files and directories which were unfamiliar so I deleted the sites and rebuilt them. The reply email to Hostgator bounced back saying it could not be connected (no reason given) so I had an online chat. Polite enough and told me the rescan would be done promptly.

    Two days and still all my sites suspended so another chat and finished up with a Sitelock rep who tried to extract $50/month to keep my sites safe. Kept saying “No thanks” politely and eventually got through to a Hostgator rep. She assured me I was on a priority list and everything would be fine shortly.

    Six days from the initial email and still suspended so another chat. The Hostgator rep apologized and said my case had been escalated to top priority and everything would be sorted out within a few hours. Then I discovered your site and the huge amount of comments.

    So, day seven, I had a chat with a rep at Namecheap and within about an hour or so, my sites were all transferred, I switched DNS Nameserver settings and by the following morning presto, all my sites are back up with no signs of malware!

    Next step is to close my Hostgator account and try for a pro-rata refund…don’t really like my chances!

    Thanks to you guys for helping me realize there was more going on than “malware”.

    Reply
  45. Avatar
    DryLandFish says:

    I am dumping GoDaddy now for their malware protection racket. I had to shut down my site rather than put my customers at risk. I would not pay them to continuously sanitize a site I already pay them a premium price to host. Have they no responsibility to keep hackers off their servers? How does malware end up in my files every few days?

    Reply
  46. Avatar
    John says:

    My story may be redundant to many others here, but I’m posting it as much out of frustration as out of a need to alert others:

    I’ve just received a call from SiteLock with about the same sort of pitch as many above have already described. The SiteLock rep alerted me to malware on a site that I maintain mainly for the URL and a future project–so not my main site. I was wary from the outset, but, naturally, I wondered if I was being TOO wary in my suspicion that this could be a shakedown, either by a fraudulent third party or by a fraudulent corporation.

    The SiteLock rep got me to the dashboard, so I could “see” the evidence that someone had posted “porn links” on my stub site. But I was unable to see anything on the site that looked unusual. Only an impressive looking list of daily reports on the site indicated anything abnormal. All the reports for the last week were normal until today, which showed “porn” listed.

    I asked the representative about why I couldn’t look at the evidence he was seeing from the “safety” of the SiteLock environment, and that’s when he directed me to the security packages. As I groaned at the cost and told him that I’m nickeled and dimed enough by other monthly fees for everything from hosting to Adobe software, etc., he began to backtrack on the price, mentioning that *sometimes*, but usually only near the end of the quarter, he’s able to get his clients a discount on the service.

    As he was rambling through his increasingly desperate pitch to get me to sign immediately today (he STRONGLY recommended the $70 per month package over the $50 version), I searched “sitelock scam” on Google and fond this page among others listing some very unhappy experiences at the hands of another unethical corporation. To me they seem like Mafia, and the metaphor that the rep used to describe the problem was, essentially, “there’s smoke coming out of your house, and we’re the fire department”. Do I have to pay the fire department an annual fee before they’ll come put out my fire? This is a f***ing protection racket. The rep told me that SiteLock has the best group of “white hat hackers” in the US working for it…which only made me wonder if the white hats are actually the ones planting malware so they can then be paid to remove it. And while I have no evidence of that, I did find my final interaction with the rep to be even more telling. I said that I needed to do some research on this issue, talk to some people I know about their web hosting and security, and also to read some online reviews of SiteLock’s service. At this, the rep seemed to become more nervous and more solicitous of my professional demeanor and patience, urging me to understand that most bad reviews online are created by their competitors. But he also became quite alarmed when I said I would get back to him next week, warning me that if the virus spreads to my active website, I could have my site suspended. He says he’s going to be calling me within two days because of the urgency of this problem.

    I’ve been hosted by Bluehost for years without any issues, but reading the above story of unscrupulous hedge fund ownership, I’m convinced that it’s time to get away from Bluehost immediately.

    The last time I encountered this sort of pressure was in a car dealership. I didn’t buy the car then and I’m not likely to buy this lemon, either.

    Reply
    • Avatar
      Margaret Rode says:

      John, I swear sometimes I think these aren’t even true Sitelock people, but scammers taking advantage. But either way, it stinks and I’m sorry you have to deal with them 🙁

      Reply
  47. Avatar
    Elle Thomas says:

    Ditto! I owned an animal rescue website for over a decade with Microsoft and Melbourne with no issues whatsoever. When Microsoft Stopped hosting websites I switch to host gator and that’s where all the problems began. About a year after placing my nonprofit animal rescue site with host gator my site was hacked and a Danish porn site took it over. It was mortifying. I am still so incredibly angry because the name of my website is the same as my business. I contacted host gator and they gave me the same song and dance as many of you have stated above the minimum is 200 and plus that I needed SiteLock and on anon anon and I just felt scammed. I felt as though SiteLock was actually responsible and they’re the ones that are hacking our sites in order for us to have to be forced into using them. It just felt slimy.

    So instead of going through everything and renaming my company I chose to get rid of that website and my web address (My identity of over a decade) and it really hurt my business. Almost devastated me. Again, I’m still very angry.

    A week ago I receive an email from SiteLock stating there’s malicious activity on my website. Here we go again…

    If there’s not a class action suit against host gator and SiteLock there should be!!

    Reply
  48. Avatar
    Crystal L says:

    OMG I’m so glad I found you. My site was locked down and I was having simultaneous chats with Joe from HostGator and Joseph from SiteLock… same dude. Then I got a call from JP – also the same guy – wanting me to pay $750 to restore my website. And Joe, Joseph and JP were all the same with regards to customer service… telling me that I was infecting so many other people (I don’t even use my site) and I was irresponsible by NOT paying them to fix it.

    I’ve shared with my 4,200 FB friends (most of whom are also small business owners – consultants) and will share this news far and wide. This scam is outrageous.

    Reply
  49. Avatar
    Dan says:

    The ongoing saga…. this has happened to me to many times to count now. I am moving on to another hosting company. This is straight up extortion.
    Thank you for your blog reporting the issues… The are still going strong with this ripoff plan in Oct of 2019.

    Reply
  50. Avatar
    Craig Richwine says:

    I just got scammed by SiteLock as well. Took me for $330 when it was all said and done to clean some supposed malware from my Bluehost site. This can’t be a coincidence considering how many others on here have said the same thing. I’m pissed off and pulling my account from Bluehost in next few days. Very unethical of them.

    Reply
  51. Avatar
    Frances Hamilton says:

    11/08/2019
    Had space on GoDaddy for 15 years, got tired of them trying to get money from me for EVERY little thing then moved to Hostgator. Had my server space on HostGator for about 2 months then all my sites go down saying there is malicious phishing software planted in one of my sites and that Sitelock can fix it! From the frying pan to the fire! So not only do we have to put up with a corrupt president but companies are becoming corrupt as well! Told Hostgator they are Full-of-S__t and removed the file THEY planted. Scarey that they think they can get away with this. Someone needs to mount legal action. I’m in if someone does this.

    Reply
  52. Avatar
    Red Giant says:

    Hey guys, guess what?!
    I’ve got the same issue with SiteLock in the past two years, the first attempt was 3 months after launching a website of my friend on Bluehost, which I think is the best hosting company without that s**t SiteLock. They’ve shut down the WP website and sent me an email saying that my website was infected with malware and I have two choices, The hard one is free, “DIY” and clean manually plus than 1200 infected file. And the easy one costs $720/year by paying SiteLock for doing nothing. I replied to their email by saying ” I love ‘Do It Yourself stuff’ “. and I spent 3 days cleaning and chatting with Bluehost’s support until I got the site clean. After 6 months exactly, the second attempt with the same scenario and the same actors – Me, Bluehost and the heroine company SiteLock with her blackmailing Emails. I did the same, cleaning their s**t from the files.
    But this time they showed their real face, after sending their first regular email which ends with this sentence “The best defense is a good offense ” Inspiring, isn’t it? A week later, one of their agents sent an email to my friend who forwarded it to me, saying “Hi, I just wanted to see what decision you had made regarding the website security measures we discussed last week for the $30 per month to remove the malware and prevent it from coming back? ” Here I did understand what they meant by ” good offense ” Seriously, are they security company or what is left from a broken real estate brokerage company. no offense for “Brokers”. There were 3 others attempt too
    A month ago, I moved to another hosting provider but still have a lot of infected files ( 29 Gigabytes, including 23G of images and 1.2G Database), which made it so hard to migrate the website.

    They have no right to do that for their customers, owning a startup website or even a big one that makes over $10.000 in revenue per month. shame on them.

    Usually, I don’t comment about technical issues that happened to me, but this time I do, and I will send the link to my friend for sharing his experience too. This company had caused us big damages
    We have spent a lot of time and money developing our website and putting hard work in it, and miss SiteLock wants us to pay for her new outfits and parties, and you know who do that!!.

    Reply

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply to Binny Marwaha Cancel reply

Your email address will not be published. Required fields are marked *