Beware of malware scams – SiteLock, HostGator, Bluehost, and the tale of the angry web girl
Sitelock is STILL on my s*** list. Please read the UPDATE to this evolving story at the bottom of the post.
A beloved client forwarded this to me this morning. It’s an email she received from the “security” firm SiteLock, a (former) partner company of popular website hosts HostGator.com and Bluehost.com.
Hell hath no fury like an angry webmaster who hasn’t yet had her coffee.
Notice the wording: One or more of the domains you own has malware on it.
Fairly clear, right? One of her sites is infected with malware…it says so right in black and white. Bad news, but I’ve never been one to hit the panic button before it’s time.
I calmly went to HostGator’s tech support “Live Chat” to ask them about this. I pasted the email into the box so the technical support rep could see what I’m contacting them about. I asked: Is this legitimate? What happens next?
Over the course of the conversation, I learn from the tech dude that SiteLock is their partner company. And I learn, in fact, there’s no evidence of malware. The site MIGHT be infected, he says, but no one really knows for sure. In order to truly find out, my client would need to purchase an expensive malware prevention package from SiteLock, so they can peek inside and see if there’s malware there. If there is, they’ll charge another fee to get rid of it. Those fees, combined, crept into four figures.
I take a deep breath and count to ten: So…the email is a sales pitch, designed to frighten my client into purchasing a product? And the email makes a statement that’s patently untrue? I point it out to him again: One or more of the domains you own has malware on it. Why would they say such a thing if it weren’t true?
Hemming and hawing ensue.
I’ll spare you the gory details of my response, which nearly set the curtains ablaze. I want you to think I’m much more patient and kind than I happened to be this morning.
My little dog came to sit next to me and put his head on my knee. You okay? You smell mad. Maybe a walk?
Why am I bothering to tell you this?
Well…aside from being angry about a concerted effort to drum up business by sending good people into a panic about their website? Good people who might not be terribly techie, or who may be busy…..gosh I don’t know….building their business? So instead of helping depressed people, doing reiki healing, selling their art, finishing their book, booking new coaching clients, they have to spend their money and life energy dealing with service provider scams—from the very people they are already paying every month to keep their website running. Infuriating.
In short: Anyone whose website is hosted with the company HostGator.com, or with Bluehost.com, or with ANY of the hosting companies under the conglomerate parent company EIG, is likely to receive one of these emails soon, if you haven’t already. I wanted you all to know what this particular game was, so you can watch for it.
To all my clients: Please feel free to drop me an email or a PM if you receive one of these emails. I can be of help deciphering the scare-mongering.
Edited to add: See the comments below the post for some helpful/scary comments made by others. In August 2018, Endurance Group’s CEO and CFO were fined several million dollars for fraud by the SEC related to company subscriber numbers.
Hosting is a personal decision, but for what it’s worth, I have shifted all of my sites to the hosting companies at the top of my Resources page. I’m trying to make a list of the companies that get great customer reviews, give good value, and don’t have anything to do with all of this filth. If you know of others that fit this description, hit “Contact” in the top menu and let me know so I can get them listed.
If you’d like to avoid giving your hard-earned money to scammers like these, here is a recent list of hosting companies owned by EIG, the parent company of Hostgator, Arvixe, Bluehost, and dozens of others, and here is a list of hosting companies owned by Sitelock’s new masters at ABRY Partners . I would only suggest you avoid those if you don’t want to find yourself in the same boat again.
UPDATES, SHENANIGANS AND SUGGESTIONS:
This mess continues to evolve. Sitelock was acquired by a private equity firm called ABRY Partners. That was in April, and as we’ve all seen, the blackmail tactics have continued unabated. I have no proof that Sitelock has access to private data from its former EIG sister companies, but my first instinct is to stay as far away as possible from any of them.
Also, Endurance International Group’s web presence arm — which is called, you guessed it, Endurance Web Presence — has been merged with the Web.com universe to form a new entity called “Newfold Digital.” (with thanks to the sharp-eyed reader who shared that with us)
Here are some things you may want to try, if you are A) currently paying for website services from a company connected to the above (including sadly ConstantContact.com), and B) aren’t currently locked out of your site:
- Consider moving. Seriously, do you want to give your money to people like this? See the top of my Resources page for some hosting ideas. Most of them offer to move your website and email for free if they can, making it SUPER easy to escape. You can also save money by taking advantage of signup specials around the holidays.
- Immediately change all of your passwords with that company. Go into your account with the company (some, like hosting, may have TWO logins) and change your passwords to something very complicated and VERY different from anything you’ve used elsewhere on the web.
- If you use WordPress, immediately have your tech person change your database password for the website. This involves changing it in a couple of places, so it’s best to have a tech-savvy person do this.
- Change your password to any website admin areas (like WordPress).
- Change your email password as well. Again, make it different from your hosting password(s) and different from anything else you’re using on the web. It’s worth the hassle to avoid being held hostage by scammers and forced to pay them hundreds or thousands to get your site/email/store back.
Take a deep breath. We’ll all get through this together.
They are SCAMMERS. My website got DEACTIVATED on bluehost because they said it had a malware… So I logged in to the live chat and the customer support asked if they could call me – I said YES, thinking they would help me.
Well, it was actually someone from SITELOCK on the phone, asking me whether I make money with that website, because they could fix it… but there’s a price! After I insisting many times that it’s just a personal blog which I don’t monetize, they said it would be $720 a YEAR to fix the site and keep it safe.
I said no way and they kept lowering their price all the way to about $300. Still, I said no.
I then talked to another representative on bluehost’s live chat and the told me it was just 3 infected files. I just had to open the file manager, delete the files and everything was solved.
AND SITELOCK WAS TRYING TO CHARGE ME $700 A YEAR TO DO THAT.
Then I asked bluehost to CANCEL my sitelock subscription (you get one for free when you join bluehost) and I never wanna hear about them again.
So sorry that happened to you too. I don’t give my money to unethical companies anymore. There are too many that are trying to do the right thing; I’ll support them instead. Sitelock is owned by Unitedweb, which also owns EIG, which owns Bluehost and Hostgator. So it’s all just an incredibly unethical money-making scheme. Glad you are free and good luck with your blog!
I have been with Bluehost for most of my time. Lately, I am constantly attacked with malware. I know that Bluehost is closely affiliated with sitelock. I am in real need to transfer my hosting services. Can some please recommend me a good hosting service that doesn’t have any affiliation with site lock? Cause I am sick of giving my hard earn money to unethical companies anymore.
It seems that Bluehost Support is ‘playing’ with the infected files, and Bluehost suspends your account, and afterword Bluehost recommends ‘partner’ company SiteLock.
WHAT A SCAM!!
same thing happened to me at Hostgator. deactivated my site due to malware and gave me a number to call. Was sitelock and they wanted $200 for “emergency cleaning”… turns out I only had to delete one file.
Doing what I do, I’ve had clients who’ve worked with at least 20 different web hosts. I’m mystified why only Hostgator and Bluehost-hosted clients have ever suffered from malware on their web server itself (WordPress is different and more common). I have my suspicions.
Both are actually owned by EIG, that could have something to do with it. Although they do own many others hosts too.
Anyway, I landed here because I got a similar email and was curious. The email I got did not specify domain or infected files. I am guessing it’s a Bluehost domain as the email address they used is only on Bluehost account. A few more domains left to transfer away from them and I am done with them. Bad experiences with different issues.
Hi. Do you remember which one? I just got mail from sitelock 😉
Likewise. Email contained list of offending files. Files were removed. Contacted Bluehost via chat for reactivation. Got Sitelock salesperson instead telling me once a site was hacked (it wasn’t) hackers will continue to get through w/o a firewall. I asked “So, what, exactly, are we paying you to do?” Offered to transfer me to Bluehost, signed out of chat instead.
Opened new chat, rinse and repeat. Finally got to Bluehost and was sent list of additional alleged malware files. Cleared out same. Contacted to request reactivation. Site declared clean and reactivated. Next day, new letter announcing deactivation for malware.
Bluehost just lost a customer, and I had better see a whole bunch of refunds in short order.
Elizabeth, this is such a typical pattern. I’m so sorry you’re a victim of this too. The work you’re doing is so much more important than having to hassle with two-bit scam artists.
Where can we file a class lawsuit against those scammers?
DUDE, what files / how did you delete the files that were causing this issue?
This is EXACTLY what happened to me too. Thanks, I was actually considering if should pay to clean my… 5 sites!
I just gave them $300+ and they weren’t even able to detect and remove it all. Bluehost still has my site deactivated. I’ve worked so hard building my website, like 14 years. I don’t know what to do.
I’ve been with Bluehost on and off for years. In the last few months, they’ve deactivated all 8 sites I host and stated the backups were unavailable because they were infected. They quoted me $300.00 USD per domain (that’s 8 of them) to ensure better security. Then, they offered to refer someone to clean up my sites for an astronomical price. Needless to say, I’m moving to a new provider and trying to find a good match. Thank you for this article, it was incredibly eye-opening and validating, it confirmed I’m not losing my mind and things need to change. This is CRIMINAL. I’m checking the resources listed, and cross-referencing past and present reviews. It’s so hard not only to change, but to trust after this nightmare. My emails (6 of them) have been suspended for a month, all my business completely sabotaged and I’m still waiting on Bluehost to complete the “outstanding tasks” after a week so I can at least get my emails back. NEVER AGAIN
I have the same problem with these fraudulent companies. They destroyed years of work on my websites, and they have no remorse. They are continuing to push false products. I will like to file a class action suite against these frauds.
same thing with us. HostGator is scamming with custmer
Got call from sidelock today – phone came listed in my phone as Bluehost so thought it was legit— they asked me to call me back and or call back then was transferred to the same guy located in a dif. State… he asked for my email so he could to retrieve my account …. and phone # to confirm — they said one of my website … have got a malware …. Which is weird cause we dont use this website (just registered not used..)…. But they say other site could be affected if this one is … he g it my email and tel # … should I call Bluehost (?)
Unfortunately same happened to me, the site was showing an error, and Bluehost said it has malware. Used a freelancer to remove some corrupted files, but the issue came back again in a few days. Given up now, moving to a better host, anyone else wants to share other security tips for WP sites?
This also happened to me. I always thought that Hostgator was a legitimate company. I guess not. I’m going to move all of my hosting away from them.
Just happened to me today. All my sites down. They strong-armed me to pay them $300 per domain per month on a 12 month agreement ($3600!!!). I said, “No to that crap so fast.” Straight up told them they are scamming people and that I was done with “Bluehost”. Then she said she wasn’t Bluehost. I then called Bluehost tech support and got a very helpful tech that ran a malware scan and boom, one file. Cleaned that and my sites were back up again.
Thanks, Darin. It’s good to know that SOMEBODY at Bluehost is willing to help. Somebody has to see that their relationship with the Sitelock scams is hurting their brand…don’t they? Maybe not.
I got an email from SiteLock informing me that my website had been infected with malware. Indeed, that was the reason that my website was down. I contacted HostGator, my hosting company, which connected me to SiteLock. SiteLock informed me that they could remove the malware if I agreed to one of their protection plans ($60, $89, $110, or $150 per month, all to be paid one year in advance). I felt like my website was being held for ransom unless I paid these exorbitant fees. Fortunately, I did not agree to any of their plans. I will be moving my hosting to a different company that has no affiliation with SiteLock.
I have had the exact same thing happen to me! I found out that they were more or less just trying to extort money from me that I didn’t have! Its horrible what this company is doing to hard working Americans!
I found this Lady to Help me and she is phenomenal!
Bluehost has shut down our site, citing malware. I just got off the phone with them (February 28, 2018) and SiteLock quoted some ridiculous prices for an “engineer” to manually remove the malware. At first it was $300 down and $100 a month and then later it become just $30 a month for the cleaning and the service. I keep reading about instances in which Bluehost’s relationship with SiteLock is allowing them to scam their customers. I am reading that sites are being shut down and then after the “engineer” cleans what has been a total database attack, a report is sent back to the customer citing that the malware has been removed but they never show their work. This site belongs to a non-profit agency and really even $30 a month is a stretch for these folks. I also don’t trust SiteLock — I mean, really, from $300 down and $100 a month to just $30 a month …. that doesn’t sound logical.
When I told them we could not afford this and we would just have to shut the site down and rebuild with another hosting service, they said that the malware would follow the domain no matter where I took it. I am not sure that is accurate. When I told them this was not accurate they hung up on me.
Also, I get a weekly report from SiteLock that says the site is malware free. Their explanation from that is that “the basic free service we have only picks up about 70 percent of the threats.”
I run a number of other websites with Bluehost and have done so for the past 10 years. I hope this isn’t a sign of things to come. I have already migrated one site over to Wix for fear this will happen to one of my other sites and when I get time I will migrate the others as well.
PS –today (5-16-2018) when I spoke to someone at Bluehost tech – they said SiteLock had listed our issue as Phishing – not Malware. These are sales people at SiteLock and they don’t care about the Bluehost customer or brand – you need to get rid of them. Oh, and by the way, today the price was $503!
Melissa, I’m so sorry that’s happening. It just makes me so angry (as you might have guessed from my post…) I live in fear that whatever GOOD host I work with will eventually sell to this horrible company and turn into Bluehost or Hostgator. I appreciate people sharing different experiences here. And no, malware doesn’t “follow your domain name” if you rebuild the site from scratch somewhere else. I can’t believe they told you that – unless maybe they thought you were just going to copy the files over.
I was told the same thing from Sitelock today, that the malware would follow the domain. Funny thing is two of the addon domains they tried to infect are Shopify domains that I had never bothered to take out of the addon domain section and they run fine. Bluehost chat (India) gave me 12 pages of files to delete. In the meantime, they suspended my account. I cleaned the files, Sitelock first offered me $50 a month and they would waive the $300 cleaning fee. They also wanted to know what I do with my sites, ie, how much money I am making from them. Frightened, I initially agreed. Then I gave them an old password by mistake, so I got an email to call them back. It was during this conversation with Tyrell Foard from billing at Sitelock, that I was told there would be an additional fee to clean the sites that I wanted to keep on there, as I told him half the domains were inactive, and I was like you are kidding me, on top of what I am already being told what I have to pay? For some reason I was put on hold and started Googling and found your article amongst others, and some Youtube videos, when he got back on the line I informed him of what I found and he agreed to a refund, we’ll see, that will take another 3-5 days. Bluehost still has my sites suspended, they claim they are rescanning, even though I told them I cleaned the files and they will clean what they find and have them up within 24hrs. I already informed them I just need the sites up long enough to take back my property, my domains and the content on them. This is thievery and maliciously done and was no accident. My site will be moved if and when I can get to them. In the meantime, I am trying to figure out how to copy them from the Cpanel. I will never use a host associated with EIG or the new company.
Unfortunately, that’s exactly what they did to me. Rebuilt the same site 3 times in 10 days, and each time, infected and disabled by Bluehost. I’m finding a new provider.
Been going through this for about two weeks now. I just got a call from Sitelock upset because they could not access my website with their SMART tool. I told them that I had added a firewall through another company. They got mad real quick saying the other company wasn’t as good as they were. When I refused to purchase any of their plans no matter if it was $10, $20, or $300, they hung up on me.
If you dont mind me asking, what Firewall service did you get?
I was recently contacted about one of my sites having “malware”, deleted it off of Hostgator and moving it to Siteground. They keep losing more of my business each day.
I use Hostgator for all my sites. Not to long after I agreed to use the free SiteLock option, all of the sudden all my sites started having problems. Now one is blocked by google. I refused to pay SiteLock, told them I would just delete the sites as they make no money. They kept lowering the price, I still refused. So now most of my sites are deleted and I still get a notice that there is a virus. Virus on what, there are no files in the directories. I will be moving my hosting to another company. Who and what are others using after this problem with SiteLock.
Tim, this is so typical of this situation. So frustrating. I’m hoping people will respond and share the hosting companies they use because I’d like to have several I can recommend to my clients, but so many of them seem to be controlled by EIG (who owns Sitelock) For my own sites, I use Siteground: https://websitesforgood.com/resources-we-like/
I am slowly moving all my sites to siteground it seems, the support has gone way down at Hostgator, I cant see how non tech people could work with them.
I had most my domains with them, but moved them away to a registar that is way cheaper and provides free WHOIS privacy.
Opened a siteground hosting and already moved a couple of sites. Another reason why to move is the free SSL that siteground provides, this is a must now a days and lots of hosting providers have it, except hostgator of course
I’m appreciative of your informative post. I ran into SiteLock today commenting on a friend’s blog. Their security check wouldn’t ever finish. Fortunately my site is hosted with a provider you guys have not mentioned. I have a virtual machine at CloudSigma, costs me $10/month and they have excellent service from the point of view of a system administrator. It’s not a hosting provider, it is up to you to configure the machine from the ground up. I run my own email and web server there, and use it for a little cloud backup on the side.
Thanks for the heads up. Just got the email. And just changed from Bluehost to SiteGround. That was the last straw…
Thanks, David. I’m still happy with them–they got me out of a tech pickle yesterday in less than 3 minutes. I’m hoping they stay the way they are for a long time to come.
I just got an email and site lock when I called wants $850 to clean my site.. it does redirect you to another site so they say this is illegal and I have to pay or my site will be pulled down.. I have a computer guy coming to fix my site today and told me to not pay site lock and they are are a scam and blue host and Hostgator and to move my site hosting.
this is such a bogus company, when you want to quit they charge you with 6 Months fee…. 6 months ,, for what ? i my case this was over $3000 to stop using a useless service . feel very scammed , funny part is that they call you are polite and show complete ignorance , offer no solution besides assuring you that they will not continue charging you after the contract expires ( like they should try !!) and then thank you for being a loyal customer ….. like talking to drone STAY AWAY
I tried to log in to my wp admin but there was a message saying that my site had been suspended and that I needed to contact Hostgator. I did that and was told that I had phishing on my site. They asked me if I had received a ticket which I hadn’t. I noticed another site I have had big red warnings. They told me there was another ticket for that which I found in my customer portal where they have given the file that is infected. I found the tone of what was written on the ticket very threatening, as if I had done something I shouldn’t have. They transferred me to Sitelock which I thought was a bit suspicious. I was told that they could clean my sites and look after the security for £60 per site per month!!! I don’t know how to clean this up as I am not techy but once I figure it out I will be moving away from Hostgator. I have been paying Hostgator for years and this is how they treat me. Something should be done about this surely! Thanks so much for highlighting this issue!
Thanks, Cathy, and I’m so sorry this is happening to you. I host websites for clients all over the place using many hosts, and the Bluehost/Hostgator cartel is the ONLY place where these malware things happen at such an alarming rate (in fact I can’t remember if it’s EVER happened on my other hosts) I can do the math there easily. And the fact that they basically lock you out of your site so you can’t make changes or get external help…What a shame. Good luck to you.
P.S. Are you able to get into your control panel with HG at all? Or is it just WordPress you can’t get into? I am working on some recommendations for inexpensive ways to regain control of our sites, but if they have you completely locked out, they have all the cards so to speak… 🙁
I just received an email from Sitelock saying my site has malware. I am hosted through Bluehost. I found your site because I didn’t want to just respond to the Sitelock email without investigating it’s validity? What would you do? I don’t want to have to deal with Sitelock at all. Should I contact Bluehost to tell me if files are affected & fix this or should I just move to a different hosting provider? What would you do?
Hi Hellen, so sorry this is happening. It looks like your site was hacked quite badly. My first step, if I were in your shoes, would be to contact Bluehost’s tech support via their Chat and tell them you don’t want to sign up for Sitelock but you DO want to know whether they can fix it or restore your site from a safe backup copy. You don’t mention whether it’s just your website you’re locked out of, or your entire hosting account (which can also happen). In either case, that’s where I’d start. I’d familiarize myself with https://sucuri.net and their services — you may need them, as it seems your site is in fact in a very bad way.
I am very much expecting HostGator (HG) to be up to their games via SiteLock (SL) to try to squeeze people out of more money.
In 2014 HG was initially asked to become compatible with Let’sEncrypt and they gave an vague answer along the lines of they are looking into it. The rest of the free world has moved forward towards site security and meanwhile HG has been squeezing it’s customers to pay $10 per certificate per site to install FREE certificates. SG specifically turned off the ability in CPanel for it’s customers to be able to install and manage their own SSL certificates once it was fully integrated. They continued to disallow this necessary management tool and instead forced people to pay for the “service”.
Finally, Google Chrome has declared that on July 1st, tomorrow, it will mark all sites without https encription “NOT SECURE”. There have already been effects to rankings for sites not secured with SSL certificates, so HG was essentially making people put their money up if they wanted to be seen on the internet. Two nights ago I contacted SG via phone. I noticed some new folders in my CPanel associated with SSL and was hoping that somehow HG was FINALLY doing the right thing and allowing users to be able to manage/install SSL certificates themselves. I was told that HG was FINALLY adding free SSL for all in July and I should watch my inbox for more information.
Lo and behold, the next morning I had an email from HG which vaguely announced Free SSL for all and said to watch for upcoming details. The email pointed to a blog post which indicated how important it was for this security feature to be in place prior to July 1st, and yet here we are on the eve of July 1st and STILL HG hasn’t sent any further information on how users are supposed to employ their free SSL certificates and get them operational.
Thankfully, I was able to piece together that the certificates were already in place, they just had to be authenticated. I installed Really Simple SSL on all of my sites and as soon as I activated the plugin I was good to go. (Sorry for such a long winded comment, and I haven’t quite gotten to the part about SiteLock (SL) yet. I’m almost there! I wanted to share information I thought is helpful in case anyone else comes along.)
This morning I received an email from my old pals at SL informing me of a potential security risk. Hours after I received the email from SL I received an email from HG stating that they were collaborating with their longtime security partner SL and will be including a basic malware scan, free of charge, as part of my hosting package. Lucky me!
The way I figure things, they have lost revenue from squeezing people into purchasing installation of SSL certificates so now they have decided to offer “FREE” security scans, which consequently runs once a day per domain. There is a way to opt out by calling, but I think I might let this run a little while first to see if I consistently get emails every single day or not out of curiosity, first.
Unfortunately, I was duped in the past into signing up when I was a newbie to the world of website design. (Not that I’ve come much further!) I simply thought that it was a prudent thing to do and I was suckered for a few years at about $10.95 a year. I thought I had signed up through GoDaddy, another shameful company I finally moved away from. Currently I need to set a reminder in my calender so that I can switch to DomainNameShop before my HG plan auto renews and after I get my full paid subscription worth. I’m not letting them keep any of my money. It’s just ridiculous that organized crime is legal in the United States, and it’s very common too.
Dot5 Hosting is doing the same thing. They are “partnered” with Sitelock. My site has been hacked multiple times since the “partnered” with Sitelock, never was before. Seem like a strange coincidence, doesn’t it? Can anyone recommend a web host who’s actually reputable?
Mary, sorry to hear that. Any company that’s part of the EIG group (see this link for a list: https://www.reviewhell.com/blog/endurance-international-group-eig-hosting/) is going to be on the Sitelock bandwagon, and I agree: strange coincidences. I moved my own sites and many client sites away, and all the problems went away. Imagine that. There are many non-EIG hosts. I stumbled across these guys, never a single problem, and they’re downright…kind. It took some getting used to 🙂 https://websitesforgood.com/resources-we-like/ Not a sales pitch for them, by the way. I’m sure there are plenty of others.
Do you know anything about WebstrikeSolutions/EasyCgi ? I’m continuously getting calls from SiteLock about malware on my site hosted there. How would I identify the malware myself? Looks like they hijacked my home page. Thank you
Maureen, so sorry to hear that. Any company that’s part of the EIG group (see this link for a list: https://www.reviewhell.com/blog/endurance-international-group-eig-hosting/) is going to be on the Sitelock bandwagon. You might consider contacting Sucuri.net; they are experts in malware, hacked sites, and protection, and are unconnected to the Sitelock mess. It’s not cheap, but it beats having to rebuild your website.
I am afraid that sitelock is in cahoots with dotster as well. My web site is a passive one.One cannot loginto our web site. It just displays information. It had been infected by malware before but I manually cleaned up the code myself. I removed the offending subdirectories and edited the code. Sitelock found no problems for months but now the same code has returned and the same directories that I had deleted have returned. I don’t see how this would be possible unless someone has a password to my site at the hosting company Dotster. Am I missing something?
Sadly, Dotster is one of the EIG companies, and so is in on these tactics: sorry to hear that. (see this link for a list: https://www.reviewhell.com/blog/endurance-international-group-eig-hosting/)
I have hosting with Netfirms.com and they use Sitelock. Ever since Netfirms started using them my wordpress sites have been hacked. I got a malware email for a url that I own. The huge problem with that is there is no folder on my server for the url.
I’m an attorney. This happened to me. If anyone would like to discuss, I’m STRONGLY considering legal action. This just happened, and my sites are still down. This is extortion, unfair business practices. If anyone would like to discuss, let me know.
Would LOVE to discuss
Hello Laurie Monserrat, It drives me crazy realizing how many small businesses, and for how many years, and years tjey have been doing this. They need to be stopped. Call or reach out: (800)961-1909, http://www.jenniferford.lawyer
I’m Jerri Thomas, Founcer & CEO of The Learners Lab Foundation. We had already planned to pursue our Domain Registrar status when a few years back when we discovered our [now former] ISP/Hosting vendor, Verio, had been purchased by EIG.All kinds of crap began to quickly hit the fan, inf act in one week i had more than 3400 spam/spoof emails hit my spam/junk folder.
We moved to iPower only to learn some time later after another incident that they are also an EIG. I ran and set up several ISPs back in the old days and was able to .dig around to discover that EIG et al are Chinese owned. That splainz it Lucy!
All our main sites are down as of 9/29/2019:
Primary domain and email: thelearnerslabfoundation.org (live with 120+ emails accounts)
clearedcandidatesdb.org (in dev, not live)
infoxchng.org (was in dev and not live)
I’ve already reached out thru your website.
I’m currently trying to get a refund after only having the service for a month and being hacked repeatedly while having it. And ideas on what to say to get it back??
They told me that they are the security company for my new Host A2, which is not true, they use Securi but haven’t advised me that I would even need that.
My developer doesn’t trust them and we are suspicious that all of the hacking came about once they came on the scene!
Literally everything they say is a lie. They are either all owned by the same parent company, or colluding to create a non-existent need. I do know Bluehost ownes more then 50% of Sitelock, but I’m fairly certain they are owned by same parent. They were vindictive to me, an attorney, so clearly they have no fear of anyone fighting back. They actually rerouted my website to an escort service when my computer guy showed them there was no malware, and refused to pay for the to clean the nonexistent malware, or purchase Sitelock. They allowed him to put my site back up. However, by morning it was re-routed to an escort service.
I would suggest you put together a case and hand it off to the FBI.
Horror stories. Here’s one to add to the list. SiteLock kept calling me to sign up for their extra service. I’d already paid Bluehost for the complete package that was supposed to protect the site. They even offered a Spanish speaking tech to talk to our tech here. I’m in Puebla, Mexico. Our website is a non-profit, we don’t have customers or any motive to make money. The guy offers me a “special” to protect the site.
Today during the staff meeting he called again and said he had bad news. Google had found malware on the site and his Spaish speaking tech was available to talk to my folks here, tell them how to find the malware on the “dashboard” and eliminate it. I smelled a rat and ended the conversation.
Later, I went to Bluehost and signed in. I was looking for the dashboard to see what he was talking about. Asked for help with security and ended up talking to someone from Sitelock. After asking the same question half a dozen times, where on the Bluehost dashboard is this information, I ended up giving them my phone number and the same salesman who scammed me before called back. Turns out, the dashboard he was talking about was the SiteLock dashboard. They walked me through the steps to find the information and there it was.
The salesman then told me that because the site was not infected, he could not offer me the special rate but that he would wave the $300 fee to remove the malware and charge me $50 a month. Of course, that’s more than we can afford.
He said he checked the site and what the malware does is reroute you to some other service that asks for your personal information. We can get into the sub-pages, like resources, by following that link as it appears in a Google search. Only the main page is where the reroute the link. This only happens on tablets and smartphones. It did not happen on my tablet or phone but I asked friends to attempt it and they were indeed rerouted. Now, this happened after I refused their offer.
The salesman said that Google would warn people away from the site, even when they went there directly, i.e. not through a Google search. What Google has to do with policing the entire Internet that way he couldn’t say. He threatened me that Bluehost would shut down the site if I didn’t subscribe to his service. I said so be it. I asked why, after 5 years hosting the site at two different places, this is the first time this had happened. He never gave a straight answer.
After reading this article, I called back and got the same guy I talked to before, told him I was onto him and to fix it or Bluehost would lose a customer. Long story talking nonsense and making excuses but after I hung up my adult children in California and my neighbor could enter the site.
It looks like a duck, quacks like a duck, has feathers like a duck. I think it’s a duck. I’m going to take your advice and move the site to the hosting service you recommend but need to know what steps to take other than just to cancel the service with Bluehost first and then take steps to host it elsewhere.
If the malware is still there, how do I remove it?
What steps do you recommend to secure the site? We did have problems with a virus getting into WordPress. Does Siteground or other service offer adequate security?
Thanks so much,
I received a call from sitelock saying that three of my websites were infected with malware, but they didn’t have the logs and that I should contact the “engineers ” to fix that problem or they would have to lock my account? WT? Avoid this hostgator for god’s sake. Amazon has lightsail (https://aws.amazon.com/lightsail/) ,it’s your own server, no shared hosting anymore, no annoying dirty sales tricks.
I host a small site with ReadyHosting and am going through the same thing. Oh my dog the are relentless!
ReadyHosting is another one of the same family of companies that owns Sitelock (Endurance Intl Group). So sorry to hear this, Laurie 🙁
Same thing happened to me today.
Got a VALID message from BLUEHOST (not Sitelock) a few months back, informing me that one of my contact forms was unprotected (no CAPTCHA) and was being abused by spammers, so they deactivated my site. I went and checked, and sure enough (whoops!) I forgot to put the captcha in there. Fixed and reactivated through the automated link. No more problems! (And this is how a webhost SHOULD act, notifying you of problems and automatically reactivating on your own recognizance when you confirm you fix it.)
Thought everything was fine until today. Received an email at 12:19 AM saying the site was deactivated. Received voicemails and emails from Sitelock at 5pm asking me to call them to fix the problem. SSH and FTP logins disabled, so I had to log in via their website/cPanel tonight, but didn’t see anything obvious – so I clicked on the “live chat support” link on Bluehost’s website to ask them to wipe the account (I have plenty of old backups I can restore to prior to “malware detection”).
The chat link on Bluehost’s website connected me up to a SITELOCK Employee, who, when asked if he could just wipe my account, claimed that he could, but the malware would “just filter back through” through “a backdoor file”, even if the account was completely wiped. He claimed that default installations on Bluehost were vulnerable (implication – must pay to “protect”). I didn’t let him get that far into the spiel and re-asked him to wipe the account. Only THEN did he finally connect me to the true Bluehost Tech Support. They didn’t want to wipe and instead wanted me to delete the “infected” files. So I did that, and they reactivated my account in a matter of minutes. I finished wiping everything myself, and now I’m restoring from a backup and will be up and running within the half-hour, but tomorrow I’ll be actively looking to transfer away from this horror-story-waiting-to-happen, and will NEVER recommend Bluehost to anyone else in the future, ever again.
Full screengrabs of my chat log with the Bluehost “live chat support” on the following link:
I have had the exact same thing happen to me with my hosting company and sitelock! I found out that they were more or less just trying to extort money from me that I didn’t have! Its horrible what this company is doing to hard working Americans!
I found this Lady to Help me and she is phenomenal!
After 8 years of having no issues with my site, on Oct 4th I spoke to a sitelock specialist who said they would ramp up my current service I had already paid $150 for with an upgraded version for $450 to help “remove” the malware and do continuous scans. Then surprisingly a week later, I had yet another issue where they claimed they had to do a “manual scan” to fix the malware but that they could upgrade me to their highest level of service with unlimited manual scans for another $220. I checked my credit card bill and they had overcharged another $65 “by accident”..Right!! They are just thieves. Another week later, my websites were all frozen by their partner hosting company and Sitelock claimed my other website had malware. I found it suspicious and went to another company who said they saw nothing on my other site but that Sitelock is known for scamming. I wish I knew it before I dished out $670 which they have you sign saying you forfeit any previously paid sums as they know that eventually people will find out and they don’t want to give refunds. How convenient.They scare you by saying your site is being attacked and work with 2nd rate web hosting companies that shut down your site and direct you Sitelock as the only way to get it up and running. They are horrible!!! Stay away!
As I said above, I’m an attorney, and they had zero qualms about doing this to me. They have been, and will continue to, get away with this. These people are really fraudulent, and could literally wreck people’s lives, reputations, and businesses. The legalese is “Fraud in the Inducement”, “Unfair business practices”, “Conversion”. They are also vindictive. They took down my site, and my IT guy messaged them, in India. When my IT guy refused to pay them to scrub my non-existent, malware, they decided to punish me. He showed Bluehost the proof there was no malware in my site. I don’t really know how he is 100% sure, because I can’t really understand him when he starts speaking in professional IT lingo. However, suffice to say, he had emperical data, proof, that my site was void of malware. When he showed this to Bluehost, they allowed my site to go back up. This was late in the evening. By the next morning, one of my clients called to tell me my website was re-routed to an escort service website. They were punishing me for not paying their exhorbinant fees to scrub imaginary malware, and refusing to purchase their mafia- style protection racket, Sitelock.
Same things happened to me . Aftet 10 min email from SITELOCK ,SCAM CAMPANY HOSTMONSTER.COM DEACTIVATEF MY HOSTING ACCOUNT..I WILL FIGHT THEM IN COURT..
SITEGROUND is doing this to me as we speak!! I’ve only been with them one week, and they taken down my site 3 times.
It’s currentky down, I paid Comodo two days ago to fix it and it seems useless. But they claim I have no malware which strengthened my suspicion about Siteground. They keep referring me to their clean up partners Sucuri. So Siteground is not owned by Eig, but I suspect they’ve brought on a new strategy? Their customer service is horrible, which suffered from what I read before I signed up…
so now I’m just like “oh gosh which company do I go to now??”
Oh, Dami, that’s not good. I’ve never had this experience with them…and while they do recommend Sucuri for advanced scanning, almost everybody does (including me, when a site has been compromised or might be) because Sucuri is really top-notch. Wishing you luck with InMotion and your website. It has such great energy 🙂
Thanks so much for your kindness, Margaret! Hope to find that place where I can finally peacefully run that site. Thanks for all your resources.
Also, thanks to your resource page, I’ve decided to try InMotion and I’m hoping for the best.
Hopefully after my exodus from the current host I’ll be able to tell how efficient these guys will be. Their customer service seems genuinely willing to help so far though, and the little price increase difference may just be well worth it.
I’m currently helping manage the website of a tiny nonprofit in DC and the Exec Director just forwarded me an email from SiteLock with a DIFFERENT site’s address saying it has malware. We don’t use SiteLock nor are we hosted by Bluehost, but we do use JustHost – do you know if they are connected some way? Now I’m a little paranoid they may try to do something to our site (but again it was not the correct site they emailed him about). I’m new to maintaining a WordPress site on JustHost and I just want to be sure I have it all correctly backed up ASAP just in case!
Carrie, I’m sorry to say that JustHost is also an EIG partner, like Bluehost (see this list: https://www.webhostingsecretrevealed.net/blog/site-updates-news/the-who-what-when-of-endurance-international-group-eig/) I just don’t trust any of their companies at this point, even though they sold off Sitelock there’s no telling what sort of data is still held out there, used to scam EIG-hosted sites. So sorry.
Thank you for posting this. I picked up a voicemail message tonight that said, “Hi, this is Byron with Sitelock Web Security trying to get ahold of Robin. Robin, it looks like there is some sort of malware, or some sort of issue with some of your domains. We were reached out to by your host, iPage, I don’t think they’re putting the websites up for suspension, um, off Google Browser, um, it’s gonna be the [lists my domain name, plus 2 domains I haven’t owned in a long while]. Um, so please give me a call back so we can try to address this issue as soon as possible. Obviously this is a time-sensitive matter. My direct number is [gives phone number.] We’ll talk about getting these cleaned and how we can be proactive and make sure it doesn’t happen again.”
It just sounded phishy, what with the wrong domain names and the “suspension off Google Browser,” so I called my host, iPage. I selected the tech support option for security and was routed to Sitelock. I explained to the representative that I’d received a strange call and that I was trying to confirm whether the call really came from Sitelock. The representative confirmed that Byron is a real Sitelock employee. She then said that my site could be taken down because I have no security on my website (untrue). I asked what specific issue was causing the problem, and she couldn’t tell me. She said that I’d need to talk with iPage to find out exactly what caused them to “report” me to Sitelock. So, I spoke with iPage tech support and, surprise surprise, they had no indication of malware on my site. Sounds like it’s time to move away from an unethical host that’s doing business with an unethical partner.
Follow-up: Two days later, I had another voicemail from “Byron” at Sitelock claiming that my domains were up for suspension due to malware. Again, I confirmed with my host that this was a lie. I followed up by filing complaints with the Better Business Bureau of Phoenix (where Sitelock is located) and the Federal Trade Commission. The BBB contacted Sitelock that day, and I received a phone call from a different Sitelock representative the next morning in response to that complaint. She claimed that the company never does things like that, and she did apologize and say that the sales rep should not have used that language. While that gave me no real reason to believe they’ll decide to behave ethically in the future, I’d recommend that anyone else who encounters this kind of scam marketing file a complaint with the BBB so at least it’s on the record.
Doing business with any EIG-owned company is simply a bad idea, and for a plethora of reasons that go beyond SiteLock. Run, don’t walk, from EIG.
Looks like they (bluehost) Infected my backup with some sort of malware which makes it difficult for me to restore backup with another host.
They have a bag of tricks by the way.
First, backup is not available on cpanel for clients to take right away whenever they want it.
You have to ask support for backup which is rightfully yours and your not obligated to speak to anybody when you want it.
In my case, I was given backup and I pointed the site’s IP and nameservers to those of my new host.
Now, the site loads fine but occasionally goes back to loading a blank page with the links
What I dont understand is how the site could keep loading this bluehost link even when the site is no longer being hosted by them.
I have not restored my backup yet and i do believe they somehow injected my Files with a malware that holds me hostage, hoping that I will upgrade hosting by paying them more.
Anyone with a solution please help as bluehost is not using sitelock only to scam people. They got other tricks too.
It appears they’ve resorted to outright lies now. I got an email from SiteLock about a defunct website of mine which currently contains a grand total of one web page with a mailto link in it and literally nothing else. Checked if someone uploaded other content without my knowledge: nope. Hidden files/directories: nope. Modifications to the HTML for the dinky page with the mailto link: nope. Looks like it’s time to dump Hostgator though. Shame. Been using them since January 11, 2007, so just shy of 12 years.
I just received this email from SiteLock. I’ve been with Hostgator for 12+ years but I’ve over the last few years the service has been lacking. I ended up putting up a new site on GreenGeeks and luckily don’t have any issues with SL or sleezy services related to SL. However earlier today I received an email from SL – Email Copied directly …
Dear James Johnston,
As part of your hosting package with HostGator, you have been provided with a SiteLock website scanner that proactively checks for malicious threats and vulnerabilities. During a recent scan of xxxxxx.net (removed for this comment), malware was detected on your website.
Don’t worry – we are here to help. Please contact us at phone number US(removed for this comment) , phone number (removed for this comment) International or email (removed for this comment). We are available 24/7 to answer your questions.
As a security precaution, we recommend you always upgrade outdated software, like your web applications or plugins, to the latest versions when available. If you would like more information on malware, please visit our blog by clicking (removed for this comment).
The SiteLock Team
The interesting part is that this site isn’t hosted by HG in months but its listed in the cpanel and they shouldn’t be scanning that site. I believe the site was hosted only for a few weeks but I moved that site when they refused to allow me to add a free SSL. They wanted to charge me for me to add my own or for them to add it. I will eventually move the rest of the sites.
Is it possible for me to request by chat or email for them to remove this service from account? If so, has anyone seen any retaliation for requesting them to stop this? Or do I need to leave the service going and get the sites ready for migration and just move them off their hosting services?
Same issue as other users.
Here is how it goes – Hostgator takes down your site(s) without notice in middle of night and and sends you an email that says you have malware (meanwhile users get blank screen on suspended URLs). Then they all but force you to pay for SiteLock service which they have a paid affiliate relationship with.
Malware scanning/warnings should be table stakes and core to the hostgator offering. Read around and you’ll find they make hundreds of dollars extra annual dollars each time they trick someone with this.
I hope they realize the short-term reward is impacting their long term business. Not to mention there will probably be some class action at some point.
Hi Jeremy, what did you do to fix your websites without subscribing their Sitelock securities? I have the same issue as yours. Thanks.
For many years I had a VPS level 3 on Hostgator where I ran approximately 10 sites.
Then in July of last year there was a 3 hour outage for the whole server.
That was the last draw.
My advice is to invest in yourself to learn Cloud Computing and get your content off of HostGator.
I am using 1) vultr, 2) Digital Ocean, and 3) AWS.
At Hostgator you are paying for their support, not for their hardware.
Major collusion. I have several currnet sites with Ipage I also had a few sites that are now closed. Ipage closed my current sites because of “malware.” They sent me to Sitelock. Sitelock wants $100 to clear the sites. I refused and demanded to be returned to Ipage. Upon my continued insistence a supervisor finally showed me how to open the files to find the malware. The malware was on the closed sites. I then had him show me how to clear the malware. He said that they would rescan. Two days later. I’m on the phone again. The case history does not show that the rescan was requested. They try to bounce you back to Sitelock. There is certainly something irregular here. This practice is like mafia patronage. You want to have a malware free site ? Pay our boys!
WOW! I am on the phone with Bluehost right now accusing them of their fraud and I just Googled this to see if anyone picked up on it. The Malware issue is coming from an inside job with Bluehost and their ‘third-party’ scammers. I know because I ran login reports. This keep happening to me, so I deactivated login and yet the same problem happened again. YES, LEAVE BLUEHOST. But I am definitely going to make some noise first.
Hi, my site flightlevel390.com is with hostgator and somehow it’s currently being forwarded to a weird chat site without us doing anything. I updated and deleted all files added after January 2019 (since that’s the last time anyone logged in or worked on the site) but it still is hacked. I wonder if this is a setup as I’m reading your threads? When I go to chat support it’s Siteground sounding very excited to sell me services.
What do I do?
Howard, your site looks great to me – if they were forwarding you to someone it was probably SiteLOCK’s chat, not SiteGROUND. Sitelock is ick.
Hostgator is a scam. From the moment I moved my sites there, they were warning me “You’d better pay for SiteLock or you could get infected….”. Yeah, well, guess what. Even though my site has NEVER been infected with malware on any host, magically, just as they predicted, my sites were infected. And of course, the only remedy is sending more money to Hostgator ooops I mean SiteLock.
Here’s how intertwined these two companies are: If you call Hostgator, TWO out of the seven auto-attendant choices automatically route you to Sitelock support. That’s right, HostGator sites get “infected” so often that they have their auto-attendant send you to Sitelock.
I’m currently going through this and am realising that I’ve been scammed. What’s the difference in SiteLock versus me calling one of those phony numbers in the pop ups? Not much if you ask me. I think I just screwed myself over and now I’m wondering if I should just abandon my hobby website altogether. I was quoted $600 to fix it after I called Hostgator when I noticed that when I clicked on my website, it was redirecting all over the place. Then I was redirected to their “partner” SiteLock and quoted $600 and almost crapped my pants. They brought it down to $420 or $35/month and I feel sick to my stomach for being taken advantage of.
Would be happy to help you (or anyone) with this. I have been hosting sites for 7 years and run my own hosting company (NOT looking to sell anything – just saying I know what I am doing). grumblenz at gmail
I got told I had an infected site. So I checked the site folder – they had put a file in the folder!. I called, went through the hoops, asked support who gave them access to my server? “Must have been an external hack”.
Sorry sonny, I moved that site off this server 3 months ago. Now what’s your excuse?
I moved all sites off that week.
Hi, just adding another painful story!
Last December I have set up an account with HostGator where I parked 4 domains. I had no problems until 10 days ago when I have received an e-mail stating that all my websites were taken down due to malware, to contact SiteLock to see what I had to do.
Of course, the first thing that I did was to call HostGator support and from there have the confirmation that some malware was found in my account. Through CP File Manager I went to check the content, file structures in my websites to discover that in one of them there was some very unfamiliar series of folders. I did delete all that files, it was easy, they were in a CSS folder, and after that I did check all the content to make sure that the remain was ok.
I did call SiteLock where I spoke with a very pushy person that wanted me to sign up for a Firewall at $ 50.00 per month per domain, plus another $10 for something else per month per domain. After told him that $240.00 per month was a little too expensive for me. I asked him to send me an e-mail. HostGator support once I informed that the malware content was removed, it reinstated the websites. In order to be more effective and since I was not using the infected domain, I just registered a new one and forget about the old one, two days later the new domain was infected and red flagged by Google Chrome! Even with the $3.00 per month filter that SiteLock offered. Then I deleted all the content in all the domains leaving only a minimal index page. And it is still like this until I understand what to do. HostGator sent me an e-mail offering the filter for free to all my domains … I am still thinking about the answer that I have to give them I have changed all my password without the intervention of the support … and I will keep changing them every 15 days a combination of 18 letters and numbers … hoping that it will work. I have only one FTP account with its own password hoping that it will be enough. I am looking around to find a new hosting, a reliable one … I was with BlueHost in the beginning and it was ok. From there I moved to GoDaddy … and it has been ok until last December when they started to be the support for Office 365 … and I just do not want to go to the details, but I decided to leave and I end up with HostGator! Bad choice!!!! Good luck to you all!
Just another victim of this racket.
Two of my HostGator sites got hit and were blacklisted by google. After contacting support, a guy from SiteLock offered to waive a $300 fee to clean up the malware (wow, thanks?), but prevention would cost me $60/month (wait, what?!). Luckily, my sites were mainly for development, and somewhat disposable. Long story short, I backed up a couple WordPress databases, wiped out all the sites I had on their servers, leaving a couple static pages. Will transfer the domains to a decent provider that cares about their customers. HostGator used to be a good provider, but ever since Endurance International Group acquired them, things have been going down hill. Stay away folks! And good luck!
Thank you so much for this post! I am quite relieved now after going into panic mode after reading my email. It says on my email that 3 of my hosted domain in my server has malware and I have to contact Sitelock so that they can remove those malwares.
Another victim! Bluehost asked me to talk to Sitelock for some non-related issue and since then they have been aggressively emailing and calling me. And today, my website is not working and bluehost has shut it down 🙁
Please recommend an honest company to host my website, which is only a blog (as a hobby).
Binny, I’m so sorry. My clients (and I) use some of the ones on this page but there are many good hosts out there: https://websitesforgood.com/resources-we-like I stay AWAY from the ones that are or were associated with Sitelock, there’s a list on this page: https://www.reviewhell.com/blog/endurance-international-group-eig-hosting/
Ugh! This is SO frustrating! I have had this happen to me twice with NetFirms. It makes me mad and sad because I host a lot of websites there and refer them to all the clients I help with websites. I don’t want to have to move everyone over, but this is not okay.
I called to ask them to un-suspend my website so I could update plugins/themes from the WP dashboard, but they said I couldn’t and the best thing to do is use SiteLock. I told them I am not using SiteLock and I will delete the files myself.
I had to go through and remove a ton of dumb hidden files that were nested pretty deeply and then I called back. They had to create a “ticket” that would be resolved in 2-3 hours. Hours later I open a chat window to check on the queue and I am directed to a sales person for SiteLock. I don’t want to talk to SiteLock… I asked to be transferred to Netfirms and then I kept getting more and more sales pitches. I finally ended the chat.
Then I called back for a third time and was told my ticket is still in the queue and there’s no way to know where it’s at in the queue. It could take up to 48 hours to get the scan done so my site can be back up! I asked to talk to someone who could do the scan while I waited on the phone and was told it doesn’t work like that.
I got an email at 1:49am that they ran the scan again. This time, they found over 600 infected files! It says they are UNOFFICIAL FOUND and the files don’t actually exist in the file manager. I completely deleted all of the folders/files they are referencing.
When I first started using Netfirms over a decade ago they were so great. They actually wanted to help and got things done–that’s why I’ve stuck around so long. Obviously it is not the same company anymore. I don’t know how much longer I will stay with them. Thank you for the list of reputable companies. I will definitely be checking them out.
OMG, Trina, I’m so sorry.
Wow! I thought it was just my problem until I became a bit suspicious and searched about and found this site. Exactly the same as most others – same email and same up sell from a Sitelock rep.
When I received the initial “phishing scam” email and looked (via File Manager) at my various sites. Two had some files and directories which were unfamiliar so I deleted the sites and rebuilt them. The reply email to Hostgator bounced back saying it could not be connected (no reason given) so I had an online chat. Polite enough and told me the rescan would be done promptly.
Two days and still all my sites suspended so another chat and finished up with a Sitelock rep who tried to extract $50/month to keep my sites safe. Kept saying “No thanks” politely and eventually got through to a Hostgator rep. She assured me I was on a priority list and everything would be fine shortly.
Six days from the initial email and still suspended so another chat. The Hostgator rep apologized and said my case had been escalated to top priority and everything would be sorted out within a few hours. Then I discovered your site and the huge amount of comments.
So, day seven, I had a chat with a rep at Namecheap and within about an hour or so, my sites were all transferred, I switched DNS Nameserver settings and by the following morning presto, all my sites are back up with no signs of malware!
Next step is to close my Hostgator account and try for a pro-rata refund…don’t really like my chances!
Thanks to you guys for helping me realize there was more going on than “malware”.
I am dumping GoDaddy now for their malware protection racket. I had to shut down my site rather than put my customers at risk. I would not pay them to continuously sanitize a site I already pay them a premium price to host. Have they no responsibility to keep hackers off their servers? How does malware end up in my files every few days?
My story may be redundant to many others here, but I’m posting it as much out of frustration as out of a need to alert others:
I’ve just received a call from SiteLock with about the same sort of pitch as many above have already described. The SiteLock rep alerted me to malware on a site that I maintain mainly for the URL and a future project–so not my main site. I was wary from the outset, but, naturally, I wondered if I was being TOO wary in my suspicion that this could be a shakedown, either by a fraudulent third party or by a fraudulent corporation.
The SiteLock rep got me to the dashboard, so I could “see” the evidence that someone had posted “porn links” on my stub site. But I was unable to see anything on the site that looked unusual. Only an impressive looking list of daily reports on the site indicated anything abnormal. All the reports for the last week were normal until today, which showed “porn” listed.
I asked the representative about why I couldn’t look at the evidence he was seeing from the “safety” of the SiteLock environment, and that’s when he directed me to the security packages. As I groaned at the cost and told him that I’m nickeled and dimed enough by other monthly fees for everything from hosting to Adobe software, etc., he began to backtrack on the price, mentioning that *sometimes*, but usually only near the end of the quarter, he’s able to get his clients a discount on the service.
As he was rambling through his increasingly desperate pitch to get me to sign immediately today (he STRONGLY recommended the $70 per month package over the $50 version), I searched “sitelock scam” on Google and fond this page among others listing some very unhappy experiences at the hands of another unethical corporation. To me they seem like Mafia, and the metaphor that the rep used to describe the problem was, essentially, “there’s smoke coming out of your house, and we’re the fire department”. Do I have to pay the fire department an annual fee before they’ll come put out my fire? This is a f***ing protection racket. The rep told me that SiteLock has the best group of “white hat hackers” in the US working for it…which only made me wonder if the white hats are actually the ones planting malware so they can then be paid to remove it. And while I have no evidence of that, I did find my final interaction with the rep to be even more telling. I said that I needed to do some research on this issue, talk to some people I know about their web hosting and security, and also to read some online reviews of SiteLock’s service. At this, the rep seemed to become more nervous and more solicitous of my professional demeanor and patience, urging me to understand that most bad reviews online are created by their competitors. But he also became quite alarmed when I said I would get back to him next week, warning me that if the virus spreads to my active website, I could have my site suspended. He says he’s going to be calling me within two days because of the urgency of this problem.
I’ve been hosted by Bluehost for years without any issues, but reading the above story of unscrupulous hedge fund ownership, I’m convinced that it’s time to get away from Bluehost immediately.
The last time I encountered this sort of pressure was in a car dealership. I didn’t buy the car then and I’m not likely to buy this lemon, either.
John, I swear sometimes I think these aren’t even true Sitelock people, but scammers taking advantage. But either way, it stinks and I’m sorry you have to deal with them 🙁
Ditto! I owned an animal rescue website for over a decade with Microsoft and Melbourne with no issues whatsoever. When Microsoft Stopped hosting websites I switch to host gator and that’s where all the problems began. About a year after placing my nonprofit animal rescue site with host gator my site was hacked and a Danish porn site took it over. It was mortifying. I am still so incredibly angry because the name of my website is the same as my business. I contacted host gator and they gave me the same song and dance as many of you have stated above the minimum is 200 and plus that I needed SiteLock and on anon anon and I just felt scammed. I felt as though SiteLock was actually responsible and they’re the ones that are hacking our sites in order for us to have to be forced into using them. It just felt slimy.
So instead of going through everything and renaming my company I chose to get rid of that website and my web address (My identity of over a decade) and it really hurt my business. Almost devastated me. Again, I’m still very angry.
A week ago I receive an email from SiteLock stating there’s malicious activity on my website. Here we go again…
If there’s not a class action suit against host gator and SiteLock there should be!!
OMG I’m so glad I found you. My site was locked down and I was having simultaneous chats with Joe from HostGator and Joseph from SiteLock… same dude. Then I got a call from JP – also the same guy – wanting me to pay $750 to restore my website. And Joe, Joseph and JP were all the same with regards to customer service… telling me that I was infecting so many other people (I don’t even use my site) and I was irresponsible by NOT paying them to fix it.
I’ve shared with my 4,200 FB friends (most of whom are also small business owners – consultants) and will share this news far and wide. This scam is outrageous.
Crystal, so glad you were able to see through them! Jeez, how can some of these people sleep at night?
The ongoing saga…. this has happened to me to many times to count now. I am moving on to another hosting company. This is straight up extortion.
Thank you for your blog reporting the issues… The are still going strong with this ripoff plan in Oct of 2019.
I just got scammed by SiteLock as well. Took me for $330 when it was all said and done to clean some supposed malware from my Bluehost site. This can’t be a coincidence considering how many others on here have said the same thing. I’m pissed off and pulling my account from Bluehost in next few days. Very unethical of them.
Had space on GoDaddy for 15 years, got tired of them trying to get money from me for EVERY little thing then moved to Hostgator. Had my server space on HostGator for about 2 months then all my sites go down saying there is malicious phishing software planted in one of my sites and that Sitelock can fix it! From the frying pan to the fire! So not only do we have to put up with a corrupt president but companies are becoming corrupt as well! Told Hostgator they are Full-of-S__t and removed the file THEY planted. Scarey that they think they can get away with this. Someone needs to mount legal action. I’m in if someone does this.
Hey guys, guess what?!
I’ve got the same issue with SiteLock in the past two years, the first attempt was 3 months after launching a website of my friend on Bluehost, which I think is the best hosting company without that s**t SiteLock. They’ve shut down the WP website and sent me an email saying that my website was infected with malware and I have two choices, The hard one is free, “DIY” and clean manually plus than 1200 infected file. And the easy one costs $720/year by paying SiteLock for doing nothing. I replied to their email by saying ” I love ‘Do It Yourself stuff’ “. and I spent 3 days cleaning and chatting with Bluehost’s support until I got the site clean. After 6 months exactly, the second attempt with the same scenario and the same actors – Me, Bluehost and the heroine company SiteLock with her blackmailing Emails. I did the same, cleaning their s**t from the files.
But this time they showed their real face, after sending their first regular email which ends with this sentence “The best defense is a good offense ” Inspiring, isn’t it? A week later, one of their agents sent an email to my friend who forwarded it to me, saying “Hi, I just wanted to see what decision you had made regarding the website security measures we discussed last week for the $30 per month to remove the malware and prevent it from coming back? ” Here I did understand what they meant by ” good offense ” Seriously, are they security company or what is left from a broken real estate brokerage company. no offense for “Brokers”. There were 3 others attempt too
A month ago, I moved to another hosting provider but still have a lot of infected files ( 29 Gigabytes, including 23G of images and 1.2G Database), which made it so hard to migrate the website.
They have no right to do that for their customers, owning a startup website or even a big one that makes over $10.000 in revenue per month. shame on them.
Usually, I don’t comment about technical issues that happened to me, but this time I do, and I will send the link to my friend for sharing his experience too. This company had caused us big damages
We have spent a lot of time and money developing our website and putting hard work in it, and miss SiteLock wants us to pay for her new outfits and parties, and you know who do that!!.
it’s a pleasure to write here.
Bluehost for sure, but almost every sitelock partner is sharing private information of users to them, so they are involved in this scam, I would prefer to transfer all my sites to VPS or some not well know hosting always good and more secure.
Web developer & Security Guy
I am having malware infestation with my Bluehost websites. They fix for me and clear, my sites get put up again. The very next day they are down again. They try to sell me sitelock. That is like blackmail!
What can we do about this?
Did you find a solution to all that scam?
Hostgator are are in cahoots with Sitelock. Done the very same thing to me with their extortion methods and blackmail games, email and phone calls looking for exorbitant amounts of money to put your websites back online. They are ruining peoples lives with the click of their mouse and don’t care or have to answer to anyone it seems! This has got to be illegal and they should be sued and stopped. How about a class-action lawsuit? I am posting this article everywhere with the hopes of newcomers knowing whats happening. Be careful out there!
It just happens to me right now!!! All I wanted was an upgrade to pro hosting for faster sites.
Now I am told that I need SiteLock superexpensive to clean all the malware from my site!!!
The migration to the better server already took 60 hours instead of 1 and then out of nowhere a giantic malware problem and site down!
Does someone have a solution how to deal with that?
I feel terribly left alone, all the customer reps are “don’t worry, I help” and nothing changes at all! It just gets worse…
Update: I spent the whole day yesterday to “yell” in written at anybody I could reach in Bluehost’s chat. I sent them the link to this blog and told them, that they now can stop playing games (I put it a little more straight forward) with me, as I knew their trick. I uploaded my backups from the day before the migration started (as if they would have needed them…) and told them to make my page run again. Took another 16 hours, but finally it is back.
Just don’t let yourself force into buying that SiteLock prevent plus plan! One of the associates even spilled, that I wouldn’t need it anyways. I had the free SiteLock lite on my sites since day 1 and that was and will be good enough. All I had to do was deleting the files they mentioned in their malware.txt file to make them happy and scan again the site for hours. I played this game, but I won in the end. And that’s what matters to me.
I’m glad I found this page. I was suspicious that Bluehost/Sitelock was pulling some scam. Time to migrate to another host! I can’t believe companies would risk doing these unethical stunts for some short term profits. So sad that humans continue to be driven by greed.
I wish I’d seen this earlier. I just moved my site to Bluehost, got Sitelock, and they send me threatening emails regularly. I’m a small website, 20 pages, for my business. I’ve been running for less than two weeks at Bluehost and am already seeing performance issues. I can’t help but think they’re related. I’ve repaired and optimized the database, have very few plugins running, and still ….
I just might move my site again. what a pain in the butt.
Just happened to me as well, and I BARELY was able to setup my website account before they shut it down citing the same story as everyone else.
I’m asking for a full refund of my hosting account and release my domain. We’ll see what happens, but there should be some serious litigation against these crooks!
Wow, this just happened to me with Hostgator… My malware protection software prevented me from visiting my site due to some “malware” found on my site. I initiated a chat with Hostgator support and I was being pitched for the $300 per year security package using scare tactics. While chatting I found this page and I sent the rep. link to this page and he tried to persuade me into thinking that all on this board are just complainers… so shady! After I showed them this page and made some noise, the malware suddenly disappeared from my site… I for sure will be moving my site away from hostgator and bluehost. They did that to me once already on bluehost. I smell a class action lawsuit coming their way.
Margaret, thank you very much for posting this. I am sure you are helping many others so keep it up!
Thanks so much for your comment. I wish I could get back all of the hair I’ve pulled out, trying to help the people screwed over by their shady tactics.
This is wild! This just happened to me as well and I’ve been quoted for the same $300’fee for protection. I have no access to my wordpress login or website. I don’t want to lose everything. If I go with another host and release my domain, everything will be saved right?
Bree, check in with whoever built your site to see how you can safely rebuild it on another web host. Sometimes there’s no way around paying their “ransom” in order to get your site back up, but you should move it away then as quickly as you can so they can’t do it a second (third…fourth…) time to you Good luck
Damn. I was just about to sign up with Host Gator due to some talking heads on Youtube pitching how easy it was. I saw the option for sitelock when signing up, decided to look it up to see if it was worth getting or not and found this! Thank you. I am now going to slow down my plans and look elsewhere. Sounds like a nightmare I don’t need.
Yip looks like im another one.
my server got infected with malware. i found redirects in my cpanel to xmlrpc a remote file for accessing wordpress. This is how the infection came in.
i rebuilt all my sites offline and purchased another server, To find the same shit thing again,
my account uses different passwords. with 2FA through my phone. they tried to sell me site lock for every domain. i said no. i managed to clean all the sites and restore from backup. i even told them about the redirects in my channel.. They could not remove them for me.
delete the remote access files in wp where the redirects were pointing. Its how they were injecting malware i believe. The question is How were the redirects added to my cpannel. i have no idea. i had 2FA setup. I say an side job i suspect, all they do is fob me off and hang up on me when i contact support.
xmlrpc.php is located in the root of ur wp install. Wordfence security can block it. you can also block it in ur .htaccess file using some code. iv spent about 1month hardening all my sites. and cleaning malware out of them. Another good thing as add a blcok through .htaccess in ur uploads folder for blocking scripts from running in the uploads area. change the permissions on the .htaccess file to 0444
Howard, your site looks extraordinary to me – on the off chance that they were sending you to somebody it was most likely SiteLOCK’s visit, not SiteGROUND. Sitelock is yuck.
This is still happening. I’m dealing with it now myself.
I’m interested to learn or hear people’s thoughts about how these malicious files end up within our code?
One question I keep asking myself is, is it a coincidence that hackers are targeting the same webhosts over and over again or are BlueHost, HostGator, etc uploading the malicious files themselves to our sites through some backdoor(s).
IMO, I don’t think it’s a coincidence that so many people are having the same issue over such a long period of time.
i’ve gotten the same malware “warning” messages from hostgator.
Admittedly I had not been doing my diligent updates (worpress, themes, plugins) because of ignorance, plus the sites were not that important to me.
So I don’t know if it was true, or just a marketing thing for Sitelock.
I got a LOT messages (emails).
For other reasons I am now at Bluehost.
This time around I am knowledgeable about the importance of wordpress security.
From what I have concluded, Sitelock is expensive for what it performs (it’s main function is malware security). I’d be better off buying an independant solution like Malcare which detects and removes malware automatically.
Bluehost also offers Codeguard for backups. It’s cheap, but I shopped around and backup services are cheap in general.
My point is you don’t have to go with the security solutions offered at the host you’re at. Shop around and compare features and price.
Same thing is happening to me now! incredible
This is happening to me with Siteground (my hosting of more than 10 years) and Sucuri (their “partner” malware removal service)!! My sites were blacklisted so I manually went threw my cpanel files for all of my sites listed as issues. Went to my account info of the hosting site and changed my password to a very strong new password, was forced by the hosting site to also change my username to my email, submitted a work order to have my sites checked and logged out to secure my new password in a hope to logout and block the malware users in my site. I would wait till my sites were unblocked by Siteground so I could change all the other site’s passwords when I could access the emails and wp backend again. Now my hosting account site login is not recognizing my new username and password so I am completely locked out of my entire web hosting and my websites!! Ugh!! Tech support said they were unable to tell me my username and reset my password from their end and I had to email them a consent form and wait 72 hrs for a response. Or I can purchase Sucuri for $499.99 to get my malware removed. Anyone else have problems with Siteground malware scam?
So, what are some good hosting services that won’t do this kind of thing?
same just happened to me too. Did not take the offered service and requested hosting money back. Sad thing is there are good reviews all over the internet for HostGator… scam
New year, same old story. Sitelock not a pleasant experience. Original sign-up was due to “malware” which turned out to actually be Bluehost “migrating the site to a new server.” Cancelled on the renewal date and received confirmation email. Nothing was done so I called and they explained that without 30 days notice they would not cancel.
Disputed charge with credit card company, blocked any future charges from them and made the call to move the hosting from Bluehost immediately after hanging up.
I too dealt with this BS a few years ago. I had a website hosted with Green Geeks, they’re a nightmare too! Anyways, I got the dreaded email as well and proceed to use the services of SiteLock. I had no choice, my host Green Geeks kept my site offline until the supposed malware was removed. I pretty much assumed they were in cahoots with each other and scamming people. These people are scum and should be held accountable for their scams in the form of a class action lawsuit. Eventually I had enough and got rid of both Green Geeks and Site Lock.
I just had this same exact thing happen to me! Went to my website address and got a “Suspended Account!” warning. Called Bluehost and followed the Blocked Account Prompts, which connected me to a Tech who immediate began offering me security products instead of Solutions, like actual/true Tech Support would do. After a long back-and-forth that ended with me telling him to connect me to the department that handles account cancellations – he began to back pedal. All of a sudden, the viable solutions that I mentioned at the beginning of our call (and he shot down) which could “remove the malware infection” were now options that could work. I got off the phone with him and started googling and am so happy to have found this site! I never post comments on the web, but I wanted to be a part of this Author’s original effort to help others who face this problem, so here I am. I took someone else’s suggestion of speaking with Bluehost’s ACTUAL TECH SUPPORT. I just spoke the words “tech support” when prompted by the Automated Operator. When she asked for my domain name, I said; “tech support” one more time and I was connected to Tech Support person immediately. I told them about my issue, and asked if they could scan for the problematic files and once they’d found them they would send a list of the problematic files. Once I deleted them, I should call back and they would scan to ensure no infection and then unlock my site. They did offer to connect me with Sitelock to have them removed and of course I declined. Thanks to all who contributed to this Post and especially the original author. Nice to see people helping others in this day and time. You guys inspired me to do my part!
I am from Denmark.
I made a wrong decision to order a new domain provided by bluehost.com with a yearly duration.
My money was withdrawn from my private account immediately after ordering – even before I had actually verified the new account.
I received several mails asking me to verify my account – but decided eventually not to verify & instead cancel this order. Simply because I started suspecting foul business due to the inconsistent information provided in initial emails & the following shady costumer service in my attempt to clarify details received in these mails.
Now I realize that I probably have lost my money for good even though I never used this product & for sure never will. However can anybody in here advice on where it is possible to share input like mine & yours?
I so much would like to spread the word online in an efficient way & hopefully help anyone who considers signing up for this – before jumping into the boiling pot too.
Thanks for sharing post!
Had the same thing happen to me on justhost. Here’s the email I got:
From: Brandon Becke
Date: May 24, 2021 at 3:25:47 PM EDT
Subject: Website Security Measures
Here are the details of the service to remove and prevent malware for $299.88 per year.
My direct phone number is 855-434-7316 extension 27284.
Continuous malware scan
Automatic malware removal
Block automated bot attacks
4 hour response time
Web application firewall
PCI Compliance Scanning
Website CMS Vulnerability Patching*
Small Business Consultant
M-F 8:00AM – 4:30PM (MST)
Image result for endurance logo
From: Brandon Becke
Date: May 24, 2021 at 2:56:23 PM EDT
Subject: Malware Detected In Your Account
We detected suspicious content that [domain name removed] account is compromised. In an effort to protect your account and website visitors, we are reaching out to advise you on this and provide assistance in preventing future security issues with your site and hosting account.
My name is Brandon, I’m a security adviser for JustHost. I’ve been assigned your case. My direct line is 855.434.7316 ext 27284, you can also reach me via Chat or Phone by requesting to be transferred to Brandon Becke. Alternatively you can simply reply all to this correspondence.
I look forward to assisting you.
JustHost Security Adviser
Small Business Consultant
M-F 8:00AM – 4:30PM (MST)
Image result for endurance logo
Seemed really crazy…woke up with a bad feeling…this could be much worse if they were actual hackers socially engineering credit card info and such!
My head is spinning reading all of these comments. I have just gone through this same horrible experience after many years with the same site host and no previous issues. All of a sudden, the domains I own were infected with malware despite my being extremely careful in protecting them (which is why I’m as suspicious as some others here that it’s an inside job).
My site host’s tech support did not help — their lack of interest was so frustrating I don’t even know where to start.
Then a few days later, out of the blue, I got contacted by this same individual purporting to help me when he was really trying to get me to buy Sitelock. He claimed to be a security adviser for my site host but I think he may actually just be a telemarketer. He was very persistent and pretended like he was going to help initially, but then he hit me with the Sitelock sales pitch and I blocked him.
His email domain was at newfold.com, so I checked their site. They own 18 different web hosting companies! Monopoly anyone? You can find the list on the “brands” page. So far I haven’t found a connection between Newfold and Sitelock or EIG (but am still researching, I’m sure it’s there).
So, this whole scam has been going on for a few years it seems. If any lawyers are on this board, does this warrant a class action suit? I’m also thinking about contacting the attorney general in my state – you can send these kinds of complaints to them; they can open an investigation.
Whoops, here we go. I just read that EIG changed its name to Newfold.
Thanks for that! New tricks…..sigh…..
Had the same thing happen with Bluehost. Very suddenly, all of my WordPress sites were mysteriously infected with malware. I tried contacting multiple people in tech support, but none of them could (or would) help me. I then received an unsolicited email from this “Brandon,” who said he was a security adviser for Bluehost, purporting to assist me with my malware problem. Sure enough, it was a sales pitch for a very expensive Lifelock subscription. I got almost the same email from him word for word.
Brandon’s return email address was at newfold . com, which is actually the new name for EIG — there was some merger over the summer. And Newfold now lists numerous websites on their brands page, including Bluehost and Hostgator.
This is happening to too many people to be a coincidence. Lifelock got in trouble years ago, pretending to protect customers when they were actually selling private data and allowing data breaches. They were fined by the FTC. As mentioned in the OP above, EIG was fined by the SEC. And yet they were allowed to team up and continue their scammy business practices.
What did you do? I’ve been with Bluehost for about 10 years and never had any issues. This week I had 5 sites get infected with malware, three which are WordPress sites and strangely enough their associated MySQL databases became infected. After two days of dealing with Bluehost tech support, today I also was connected with a Sitelock representative and panicked, paying $200 for Sitelock Prevent to have one of my sites repaired. Bluehost supposedly performed a full backup of my sites and databases, but of course the infections remained.Today my business email stopped and when I contacted Bluehost tech support, they stated they are having a site wide issue with email, be patient. Two hours later I received an email which stated my account has been deactivated! I’m being held hostage by Bluehost and Sitelock. They stated they can get my sites back online I would have to pay an additional $200 per site for Sitelock’s Prevent service, and even then, they insist to be 100% certain, I need to pay an additional $100 for the Sitelock Prevent Plus, which is a guarantee they will be fully restored. I’ve dealt with ransomware situations before and this behavior is exactly the same, the only difference is, it’s being done by a legitimate USA based company. We need legal action on this before others fall victim. It’s one week before the holidays and close to year’s end, many businesses are trying to wrap up and now I have to deal with 5 websites down and no email to work with. I’m going to my attorney general and BBB to start, but please advise. I would like to know what others are doing to resolve this?
I have the same problem with these fraudulent companies. They destroyed years of work on my websites, and they have no remorse. They are continuing to push false products. I will like to file a class action suite against these frauds.
The same thing happened to me. Bluehost, Sitelock, malware and that they would lock my website soon …the whole thing. I had a 3 year deal with Bluehost. I just told them sure, I will pay the $500 clean up, but told them to give me a few days to get the money. I backed up my website, requested a full refund for the 3 years ( I made up some other excuse for the reason). Once the money was back in my account, I moved everything from a WordPress website to React/Gatsby wesite. 🖖🏽
I have several sites hosted by MyDomain and used to get these scary “scan” emails from SiteLock. Now I’m getting calls (“800 service,” no caller ID) and a followup email from Endurance.com about supposed malware on one site. Also was told that if you Google the site it shows ads for Viagra and such–simply not true. WPManage scan showed no malware.
I contacted MyDomain to report what seemed like a scam and was promptly switched over to “Brandon,” the guy who’d called and emailed. So I guess MyDomain is in on it, too. No threats to shut down my sites (yet) but very disconcerting.
The Hostgator crew are still up to this garbage in 2021. But my issue is with their support (or lack of it) when it comes to web application firewalls and email malware support. Hostgator charges a significant premium of $15/month per website for web application firewalls as an add-on – this is on top of their industry average pricing on their basic webhost plans. I find the lack of them implementing a web application firewall by default to be reckless. They are contributing to the problem of malware and hackers via drive-by infections and code injection.
With a recent malware problem with email hosted on hostgator, their recommendation was to move to a premium email service like business gmail. What a cop-out. But I found it fascinating that after they did a pro-active scan on my website that the problem went away. I took your advice and am now in the middle of transitioning all of my sites away from them and going to siteground.
The exact same thing happened to me!
This happened to me at Purehost, so LOL, I moved to Bluehost and it is happening again. These people are crooks.
Sitelock scammed me into a subscription and they just keep at it. I learned later the hosting at Hostgator goofed something up when “migrating to a new server”. Nonetheless, you can’t cancel. I tried to cancel, they said not enough notice. I tried to cancel next year, they said too much notice.
It was so bad, I moved the hosting off host gator and disputed the credit card charge a year ago. I still get emails telling me what a wonderful job they are doing and how many attacks on my website they have protected me from. Uh huh…they don’t even know where my website is.
Just received another renewal letter. This years is borderline hostile. “…Sitelock has full authority…”
Trust me, you do not want to be involved with them or anyone related.
This sounds quite similar to the scam running out of India which has been hitting hard on Americans and the United Kingdom for a few years now. It’s called a “tech support” scam. The scammer places pop-ups on the internet to scare the unsuspecting internet surfer to believe there is a virus/malware attack on their computer (not sure what internet activity triggers them). When triggered, a pop-up appears, your computer is locked, unable to use your mouse/keyboard and sometimes a loud beep will accompany the pop-up. They fashion these pop-ups to look like it’s a Microsoft Windows alert with a phone number to call to “unlock” your computer. It’s all crudely crafted, grammatical and spelling errors are common. When you call the number it connects to a scam call center in India, they answer the phone as “Windows Support”. They ask what they can help with, the potential victim describes the pop-up, and they procede to tell the victim their computer has been infected, they then convince the victim to let the scammer connect to their computer remotely, they do a few things using “run” for the command prompt, and will often pull up “event viewer” and go through the list of “errors and warnings” to say they are indicitative of a virus, they’ll even roll through task manager and insist every single “stopped” program is a problem. They then tell the victim they need to purchase 3-5 year, or lifetime “support” and “firewall”, with prices ranging from $200 to $1500. They of course don’t have a clue about recognizing or fixing viruses/malware, it’s all nonsense, but to the unexperienced computer user, it sounds problematic. When the victim says they’ll just buy a new computer for the same money, they insist the problem is “in their network” and will appear in all their computers if they don’t purchase their “network protection/firewall”.
This scam I see described on this website, and throughout all of the comments, sounds like it’s the same scam, and the same game out of India, but they’re targeting hosting instead of just the guy surfing the internet.
…oh, and these scammers also run fake Norton, and McAfee scams, they send mass emails (to tens of thousands) of Americans, and United Kingdom, telling the email recipient they just renewed a subscription at $400/month to be auto-debited, but if you want to cancel, call them for a refund. They then get onto the victim’s computer remotely, access their bank account, edit the bank website’s html so it temporarily looks like they put money into their bank account and pretend that they “refunded” more money than planned, then they tell the victim they have to send “their” extra refund money back, sometimes taking tens of thousands, and draining entire bank accounts – the victim isn’t aware they never received a dime until it’s too late and their money is gone. They run the same scam for Amazon, PayPal and Ebay via mass emails, in which they write that you just made a purchase and if you’d like to cancel and get a refund to call them, and they then connect to your computer and do the same scam on your bank account.
One thing is for certain – if you receive an email, bad grammar and spelling is a dead-giveaway, if you receive a phone call, an Indian accent along with bad grammar and poor English is a dead-giveaway that it’s a scam. Delete the emails, hang-up the phone, and tell everyone you know about these scams – it’s okay to trust your instincts and it’s okay to question someone who is clearly not from your country but pretends they’re from America or the United Kingdom working for a well known company, they’re lying to you. Hang-up and call the number shown directly at the company’s website, never call the number that appears in a google search because they pay google advertising dollars so their phone number is at the top.
Go to YouTube and search for “scambaiters”, watch the videos of people calling scammers, and learn.
Knowledge is the only thing that will stop someone from becoming their next victim – spread the word.
You are the BEST.
I saw my website has a red screen warning and is blocked by Google. I signed into my Bluehost site and see on my free SiteLock scans that the site was infected by malware on 1/30/22. I can’t access the site on WordPress. It is blocked. Also, I see I have two new Admins on my Bluehost account, which I didn’t approve. When I did a LiveChat with Bluehost, I was told I have malware on my site, and immediately I was told that they can put me in contact with SiteLock to remove the malware and fix it with Google. They said the will run the scan on the website, which will show what is infected. He asked me for my number and time zone, so someone from SiteLock can call me. While I am still chating with him, “Brad Becke” from SiteLock called me telling me that they have service that will remove it and help to unblock it on Google. He quoted me $299.88 per year (paid only annually – no monthly options). I clicked on an article on Bluehost talking about what to do if the site has been infected by malware. Of course, it talks about experts from SiteLock and shows their pricing tiers – Essentials ($35.88/year), Prevent ($179.88/year), PreventPlus ($299.88/year). When I went to SiteLock website, it shows the following pricing: Basic ($14.99/month), Pro $24.99/month), Business ($34.99/month). When I was asking him many questions, he put me on hold suddenly and then pretended the call dropped. He then called me three different times leaving messages. The Toll-free call was showing coming from Cambodia. He spoke very good English. I feel Bluehost is definitely swindling people.
Here’s an email I received from Brandon Becke, who works for the parent company “EIG/Newfold Digital”… he does not work for SiteLock or for BlueHost. He works for the parent company. See his email below (as you can see he pretends he works for bluehost (see his signature):
We detected suspicious content on your domain acetronic.
In an effort to protect your account and website visitors, we are reaching out to advise you on this and provide
assistance in preventing future security issues with your site and hosting account.
My name is Brandon, I’m a security adviser for Bluehost. I’ve been assigned your case.
My direct line is 855.434.7316 ext 27284, you can also reach me via Chat or Phone by requesting to be
transferred to Brandon Becke. Alternatively you can simply reply all to this correspondence.
I look forward to assisting you.
Bluehost Security Adviser
I have the same problem with these fraudulent companies. They destroyed years of work on my websites, and they have no remorse. They are continuing to push false products. I will like to file a class action suite against these frauds.
Hostgator almost destroyed my business!
Finding this article has made me feel normal again. I felt so alone and powerless against this extortion. A couple days ago I got an email saying that Sitelock detected some malware on one of my websites (I have nine) and I should contact them and the next night I go to look at one of my sites and there is nothing there but a white page and some code. So I contact Bluehost and they tell me they can restore my sites to the May 3rd date no problem. The next day I get an email from some dude from SiteLock saying that I need to pay 299.98 per website to have them cleaned or Bluehost wont reactivate them. That totals to $2700 bucks. I end up calling and speaking to someone and they tell me that I have a lot of infected files but if I want to save money I could clean them myself and I swear to God I could almost hear the guy smiling if you know what I mean. I end up paying $600 for 2 client sites and deleting my other sites so they can reactivate my client sites. I would rather redo my personal blogs than pay them for their little game. I can’t imagine how much money they make with this website kidnapping. All my plugins were up to date and all that stuff and I understand the chances of real world threats but something about this experience had a bad feeling to it. I also changed my mind about one of the client sites and told them to cancel payment after 30 minutes and that I would just redo the clients website since it was pretty simple and they said no problem and that they would tell the security team to pause but then I got transferred back and forth between SiteLock and Bluehost until I was disconnected and when I finally got back in touch with someone at SiteLock they told me it was too late to cancel. I am looking for a new place to host my websites that doesn’t leave a bad taste in my mouth.
I receive messages like the following nearly weekly.
“…Because website security is important, bluehost has provided you with a complimentary scanner from SiteLock that proactively checks for malware and vulnerabilities…During a recent scan, a vulnerability was detected on your website.”
I was using Bluehost when SiteLock tried to hustle me into multi-thousand-dollar purchase with this same malware scam. I switched to another ISP that week.
Six years ago this month.
If SiteLock can’t tell (or won’t check) to see if I’m actually with Bluehost, I have a feeling they’re not going to work too hard at finding malware — or, possibly, at removing the stuff they planted in the first place.
Sitelock was bombarding me about an iPage account I have – that has no website. I complained to iPage. So, their representative attempted to sell more of the very scam that I was reporting. iPage is (it seems) receiving a kick-back from Sitelock.
Interestingly, this site used to be hosted by Bluehost.
See message from Sathish T at “Escalated Support” (an Indian jock strap?)
Got to go – an urgent SiteLock message just came informing me that the Taliban and a herd of goats are eating my Sitelock seal…..
“I see that you have Basic SiteLock plan which scans limited files and does not clean infected contents. You can contact our Chat support at https://helpchat.ipage.com/ to know more about SiteLock’s higher version plans and purchase it. You can also refer the link https://www1.ipage.com/product/sitelock to know features of different SiteLock plans.
Please let us know if you have any further questions or concerns. We are happy to help.
They just malwared (if that’s a word) all my websites (Hostgator) and live chat said I should pay sitelock to clean, that was their only answer
Yes! This just happened to me, too. Hostgator suspended all my websites due to one website that apparently had suspect files. When I opened a support chat, they suggested Sitelock.
I just paid for a year’s subscription, and guess what? It didn’t work. And you can only run one scan of each of its processes per day. I spoke to Hostgator again, who confirmed I’d put in the correct root directory. Hostgator then said they’d run the scan again for me, and all would be ok in half an hour. But, that didn’t happen – all is not ok and my sites are all still down.
This is a disaster. I wish I’d contacted a WordPress expert instead of this.
Stay away from this gangs (sorry, “brands”) https://newfold.com/brands
Bluehost and SiteLock are are in bed for money!
“Posted to on TrustPilot”
Biggest Scam Ever!
Where do I begin? Buyer BEWARE! Fraud & Scams! Yes! That’s what you’re going to get with Hostgator! Ever since SightLock came into the picture,(which I’m not subscribed to) it’s been downhill ever since! Here’s 1 of many emails, recieved by SiteLock;
“Dear Carlos Montes,
As part of your hosting package with HostGator, you have been provided with a SiteLock website scanner that proactively checks for malicious threats and vulnerabilities. During a recent scan of delpradovisalia.com, malware was detected on your website.”
Ok. The very first year, everything was fine. Then I start getting emails like the one above. The very first one, was a doozy! When I pulled up my website, after the 3rd email notice, my website was gone! I called Hostgator/SiteLock and was told that I had been hacked. I was pissed! He said that I didn’t have their protection package(starting from $14.99-$34.99 per month), so, there was no bringing my website back. I cursed worsed than a Sailor for 20 minutes! Then the Sitelock rep. then told me, let me see what I can do, after threatening the rep. to file a claim with the B.B.B & writing any bad review on Google, TrustPilot, ect., Low and behold, “they were able to bring all my content back!” He mentioned to change my email & password, which I did. So, being the studiest person I am, I started researching SiteLock & Hostgator. WOW! Hostgator, Site Lock, BlueHost & 100’s of more similar companies are under, “Endurance International Group”, which was fined 8 million by the SEC. Yup! For fraud! Also, Endurance International Group’s web presence arm — which is called, you guessed it, Endurance Web Presence — has been merged with the Web.com universe to form a new entity called “Newfold Digital.” Basically changed their name, because of the 8 million dollar fine. I found this article on the web & you really need to see all the people who have been screwed by Hostgator, SiteLock, BlueHost & etc. It’s a lot worse than you think! A link will be provide below. So, in conclusion, this all sarted back on 7-6-22 and hasn’t stopped. Even though I changed my email & password, I still get messages from SiteLock, today, about domains being infected with malware, sent to my old email address. Plus, every time I log into my account, “someone” goes into my C-Panel and adds malicious temporary files” that affect my non active domains! I have to check my C-Panel every time I get ready to log-out and delete them. I’ve contacted HostGator so many times, about my issues and told them to tell SiteLock to stop scanning my domains, nothing. Try calling SiteLock. They don’t even answer. You have been formally warned! If you want to check out the Blog/Article for yourself, just Google & type, “Beware of malware scams – SiteLock, HostGator, Bluehost, and the tale of the angry web girl” Because, TrustPilot doesn’t allow links. There are over 100 people who have gone through similar issues on this Blog!
Date of experience: July 06, 2022
I feel sick reading all this – I’m going through the exact thing Blue Host detected Malware in a scan and now trying to sell me Sitelock to fix it. I have 965 infected files and although I built my site I’m not techy enough to fix it. I’d be most grateful if anyone has any suggestions other than Sitelock to clean a site?
I just had the same experience with Bluehost. No question that the company is behaving in unethical behavior. I have very low traffic websites that provide mostly information for my psychotherapy practice. There is very little, if any, interactions with others on it.
They shut down my entire account and refuse to release it unless I paid upwards of $389 per year per website to “secure”. when I refused, I received a phone call from an individual named “DJ Rodriquez” who basically interrupted me out over the phone and talked over me explaining that I didn’t know what I was talking about and that I was causing malicious viruses on the Bluehost server.
He insisted that he worked for Bluehost yet when I looked up his information, he was an outside consultant, but in reality, he was nothing more than a salesman trying to sell the services.
Even after I deleted all of my website and all the data, Bluehost claimed that I still had malicious viruses on their server. I then ran SiteLock myself, which took all of 60 seconds and I was informed that they were absolutely no malicious viruses.
I promptly canceled my Bluehost account. I will never use them again..
Somehow I feel lucky. I haven’t experienced added malware or shut down sites. What lead me here was asking, “do I need any version of Sitelock?”, because I just called to cancel “Prevent” on my business site. I’ve been with HostGator for more than 10 years and had the free version of Sitelock. I agree that the company isn’t what it used to be. Now, whenever I call for support, I feel like I’m speaking to someone at a call center. Last year, I created a new website. I also got the scare tactic to upgrade Sitelock to one of the higher paid tiers. Since this was a business website I went along with it. What prompted me to cancel Sitelock was that every two months, I would get “your SSL certificate has expired/your website isn’t safe” on the new website. The older website (which also has “Prevent” but renews the SSL through a different company) renews automatically. So, every two months I would call HostGator and ask that my new website behave the way my old website does (i.e. renew the SSL automatically). Up until the last time I spoke with them, I was fed a fiction that there was something that could be changed on their end so that the SSL would renew automatically like it continues to do on my other site. Finally, someone told me the truth – the SSL renewal for the new site was tied to Sitelock, and the way it works (at least through HostGator) is that the site must expire first – making your site look unsafe, then you have to call HostGator (or they will teach you how to manually update the certificate which involves using notepad and copying code) to update the certificate. Or…you could upgrade to their paid SSL and it would then renew automatically. On another WP site that I built, that doesn’t use Sitelock, the site renews automatically using HostGator’s free SSL (Let’s Encrypt). Reading all of these comments does feel like a cautionary tale. And though I purchased a 3 year plan which doesn’t expire until next year – I may need to eat that and move to another host.
I have the same problem with these fraudulent companies (Bluehost and Sitelock). They destroyed years of work on my websites, and they have no remorse. They are continuing to push false products. I will like to file a class action suit against these frauds.
After 5 years, they are still doing the same tactics. I did not avail fo the service as right off the bat the voice message (coz I didn’t pick up the call as it was late at night) was weird. It sounded like it used a voice changer. I guess luckily for me, “Brandon” left a voice message twice as there was something wrong with his phone the first instance so he thought of sending another one… but an exact replica of the first, like word for word. i had to repeat the two voice messages over and over. I downloaded the VMs and compared them side by side on Audacity and yep, they were identical!
“Brandon” wanted to send an invoice to my paypal and was asking for my paypal, normally, I wouldn’t have any issue with that but I said I’d prefer another mode of payment as it was a personal account linked on my PayPal and as this is a business expense, I had to use a business card. I lied, obviously. He then asked me if I had the new payment method handy with me now to charge and I just asked to defer til tomorrow coz one of the site was with a business partner and will now need to advise her first. Somehow convinced him or her that I will reach back tomorrow after speaking to my partner. I won’t after finding this article.
It’s like an inside job robbery. They are the thieves and also pretend to be the police to keep your house safe and secure. Thank you, Margaret. This post validated my suspicion.