Ugly Truth About Hostgator and SiteLock Scam You Should Know Today

By Udochi J. Stephen

The truth they say is bitter. And today I will be sharing my personal experience about Hostgator. It’s a bitter-bitter experience as I would have wish to call it a bitter-sweet experience. But unfortunately there wasn’t a sweet moment I could really remember.

However, before I go into details, I would like you to know that I am not the only one that have suffered this type of setback and wickedness from Hostgator.

If you take a moment and Google the word “Hostgator and Site Lock Spam” you will definitely get lots of complain about them, most of the complains will look similar to what I am about to share right now.’

A post shared by Trend Xplore (@trendxplore) on

A post shared by Trend Xplore (@trendxplore) on

Imagine These two scenarios

Scenario A: going to a store to get a cloth worth $20 and when it got stained you were told that the detergent that will take off the stain is worth $200. What sense does it make?

Scenario B: or, your vehicle is worth $4000 and to get it cleaned up is worth $5500. I guess you definitely would consider this to be one of the most stupid statement you have heard.

Well, this may come as a shocker. The scenarios A and B I gave is far better than the main picture I really want to paint here.

What is HOSTGATOR all About?

Hostgator is a hosting company own by Endurance International Group (EIG). This group owns lots of other hosting companies like Bluehost. However you should avoid these group of companies offering webhosting.

I have an article dedicated to revealing list of Hosting companies SCAMING their Clients. You can check it here

Check out the List of Top Web hosting Companies You should Run Away From

How Did SiteLock Come Into PLAY?

Site Lock claims to be a technology that continuously monitors your website for malware and hard to find security vulnerabilities without slowing down the speed of your website.

Also they claim to be the only security provider to offer automated website malware removal (lies), and that their cloud-based technology automatically finds and cleans malware from your website before any damage is done. They where given an award as the “Best Website Security Solution”. Of course for defrauding people of their hard earn money.

Note: Sitelock is an up sales you get while signing up for hosting plan with Hostgator. But not mandatory.

Sitelock is an Up sales you get while signing up for hosting plan with HostgatorPin

Now My Experience With The Two Thieves (Hostgator And SiteLock).

A day came I got a message from SiteLock saying they received my request to reset my password associated with my sitelock account. and that I should click an attache link below to get started and if i did not requested such I should contact them immediately through an attached number on the mail.

See Image below of the mail

site lock 1Pin

Now how in the world did SiteLock get my email address?.

One morning I woke up to what I call a bad day for me. First I got a message from google webmaster that my website has a security issue and that my site was vulnerable . Although I have deleted that message, but it looks way similar to the Image below.

hostgator security-issues, googlePin

At first I really did not understand a word they meant. Then I got another message, this time it came in from Hostgator. Which Reads

Udochi John,
During a scan of our servers we identified malicious content in accounts under your control. We have quarantined the files listed below to prevent abuse. Please note that no services have been disabled and no legitimate content has been affected by this action. However, it is possible that other malicious activity may have disrupted your services.

The most important things you can do to ensure the security of your account are to make sure your software (e.g WordPress) is up-to-date, and that your passwords are strong. We strongly encourage you to change all of your account passwords and update all software as soon as possible to prevent any further compromises or abuse.

We understand that any risk to our network reputation is a risk to our customers’ reputation and so we take third-party reports of network abuse seriously. In order to protect our shared reputation we may disable account services in the event of a third-party report of network abuse until we are confident that the account has been properly cleaned and secured. This email is to inform you of content found by our proactive scans, and is not the result of a third-party abuse report. No services have been disabled as a result of this discovery.
Additional information on HostGator’s policies, and what activity is damaging to a network’s reputation in general, is available in our knowledge base:

Pics of the mail Below

A post shared by Trend Xplore (@trendxplore) on

I was a bit calm and sorted it out with google webmaster that my host company (Hostgator had sorted out the issue)

A day later, I discovered an unusual manner of traffic flow to my website and was a bit worried. I checked my site, and what I saw was a big shock. Hostgator has removed my site and place a 404:  page not found with their advertisement.

A post shared by Trend Xplore (@trendxplore) on

I became so angry. I quickly placed a call to notify them of what has happened. After been placed on a long queue I finally got to speak with an agent.

Told the agent what had happened and he checked through their system and then said he is a junior technician and will patch me up with a superior, that will handle my case. well he did that, got to talk with the superior technician.

He said did I receive any message concerning list of URL injection containing malware found on my server, I said yes. Then he said I have to take care of that with a company that cleans up malware and sent a letter from the company as a response to the message containing the URL injections then my site will be up. Also, that to make it easy for me he would recommend sitelock to me, that they are best in the field.

I knew immediately that this was a game.

Remember I earlier receive a mail from sitelock even when I did not signup with them. Also, I told him I have removed the URL injection myself and that I don’t need any service to do that for me. And I requested that my site be up ASAP. After much arguing, my site was up.

The next day, I discovered my site was down again. This time I had over a hundred (100) url malware injections on my server (file manager) with same mail stating I should get a company that cleans up malware. Also SiteLock was still recommended, this time their phone number was attached.

I called again with an angry tone and I spoke so harshly to the customer representative. The representative claimed to be sorry and that he would love to help but that I have to do what was stated. I ask him to patch me up with sitelock (This was a trap). He said he will gladly do.

Now, I told him to hold on. He said Ok.

I ask a question he couldn’t answer. I said how come Hostgator claim they don’t have a hand with sitelock in this and they preach about site lock so bad to the point they can transfer calls to them. It simply means that my log in details was sent to them and they planted those Url injections. He tried so hard to deny but I wasn’t going to deliberate much on that talk because I wanted my site up.

I said OK let me speak with the “so called” SiteLock reps. Got through and I ask how much it will cost to clean up my two website. And, I was told it would cost $400. Now imagine that amount for a host I pay almost $70 for. I laughed and said they shouldn’t worry.

Now let me explain some of those Url Injections That contains the Malwares.

The injections are script like and some of them were dated 4 years back before I even thought of having a website, which made the whole stunt Hostgator were pulling more irritating. I cleaned those URL injection up myself

Also, that day I discover that Comodo cleans up sites for free as a trial service pending the customer satisfaction with the trial version. If the customer seems satisfied, then the customer can subscribe to paid plans. I got signed up with them they cleaned my site and gave me a report that shows no malware.

I reply the mail Hostgaor sent with the malware report Comodo gave to me, within an estimate of about two hours my site was restored.

Three days later, my site was down again. This time under Comodo’s watch and over 80 injections was planted again. This again must be Hostgator. How can an SSL site under the watch of Wordfence, and Comodo be down with URL Injections.

I called Hostgator they wouldn’t pick my call and so I decide to use live chat. Just Imagined I was on hostgator live chat support and the person responding on hostgator Live chat support claimed to work for site lock and not hostgator and that same person has access to my site server.

What rubbish!!!.. Imagine talking to Guinness customer care on Coca Cola web live support. Crazy Isn’t it?

A post shared by Trend Xplore (@trendxplore) on

See their contradictions below

A post shared by Trend Xplore (@trendxplore) on

Here is how the chat went. See below the chat I and the representative had. Words under “C” belongs to the customer rep, while word under “U” are my response

HostGator Support
End chat and take a survey?What issue can we help you with today Udochi John Stephen,?
Topic
arrow_drop_down
Description
arrow_drop_down
Can you explain your problem in more detail?The agent has requested for your authentication before they are able to assist you further with your request.
Username
Password UMalware/Security: Malware/SecurityU

I was locked out because my site was hacked
C

Connor joined
U

hello
C

Hello
U

I got a message earlier today don’t know how to go about it
C

Hello

Can you please provide me with your domain name
U

the domain affected or my primary domain?
C

Domain infected
U

Primary domain: worldgistnow.com domain infected is gossiptalk.ga
C

Can you please validate the email on file?
U

don’t understand.. what email?
C

The email on file

This is for verification.
U

ste****@yahoo.com
C

Thank you.

Can you please describe where you are seeing the hack on your website
U

done

gossiptalk.ga
C

You have multiple domains on your account I see.
U

yes.. about 3
C

What are you currently doing to protect these websites from the traffic and malware.
U

i forgot to put Wordfence to protect the third one
C

Wordfence is application based security
U

but once you allow me access back to it i ll ensure I scan against any malware and get it cleaned up
C

I work with Sitelock.com

You already has a account here.
U

Yea concerning Wordfence I know But.. it has been resourceful over time
C

It defiantly is helpful.
U

I understand..
C

In most cases its not enough though. If you currently have 1 infection you other sites could be infected as well.
U

well I can’t the money to add site lock for now. I ll plan for site lock in a later time. My site is currently protected by comodo

but I believe I ll ensure it is fixed for the moment and ensure the site isn’t hacked anymore while i budget for sitelock

Please I need the lock to
be lifted from my site

i cants access the dashboard
C

I cant lift the lock if its infected
U

so whats the criteria for lifting the lock?
C

The Site will need to be manually cleaned.
U

ok
C

But as mentioned there is a cost
U

what cost?
C

49/ month

clean are 100.00

cleans*
U

this was your statement in the message i received “In order to remove the restrictions we?ve placed, you must resolve the security issue and remove what malicious content was listed. Please note that repeated reports of malicious content on your account within 60 days of an initial notice will lead to further action being taken, including permanent suspension after failing to professionally clean the account”

before my site was locked… i ran a scan with Wordfence and it was safe

i kept the file wordfence gave to me initially
C

Wordfence is not full security

You cannot reply on this to protect your whole server.
U

and now you are going to charge 49$ to manually clean this up huh?
C

The clean is 100.00

the 49/ month is for the solution

Secure Starter $49.00/Mo (12-month commitment) & Manual Cleans are $100.00/each
Premium Scanner and Professional Firewall
– ??Automated Malware Removal Tool (removes ?basic infections that do not directly effect the code of your site)
– Daily Malware, Spam and Network scanning ??to alert you? to security issues?
– Daily Cross-Site Scripting and SQL injection vulnerability scanning
– File Change Monitoring
– Application and Advisory scanning to alert you to possible vulnerabilities or suspicious items
– Protection of the website at the domain level
– Basic DDos Protection
??- Illegal Resource Access Prevention
– Site acceleration due to Content Delivery Network (CDN) and Minification
– Firewall works with the SSL on the site
– Blocks Bad Bots (Bad Traffic) at the domain level
– Daily Traffic Stats (Shows Bots vs Real Human Visitors)
??- ??Block Specific Countries? from viewing your site(if ?requested?)
U

this site happened to be an experiment on other hosting servers and there have been no such case of malware

i decided to move it to hostgator and this is what i get in return
C

If its not important to you, delete it.
U

noted
C

I just cant turn the server back on. Im not a admin.
U

you cant turn it on?
C

If we installed the services I can have my team submit a ticket since we would be cleaning the website

Once the site is cleaned I can turn it on
U

but you just said that you can’t initially because it is infected

now it is because you are not an admin

you don’t work for hostgator and I get to chat to a sitelock rep on hostgator portal

This is Highest SCAM I have ever seen

fair Play Team Hostgator
C

I dont work for hostgator

They are admins on the server

I work for Sitelock Security
U

No prior notice before I was turn down

I got this notice forehand from Google webmaster before you guys
C

I know its not fun sir, I just dont work for your host.

Do you even know what services you have through Sitelock?
U

and protected against this threat and now my site is down just because i dont use site lock?

C

Your host provides you with a basic package. If you exceed the capabilities of your services it will not work efficiently for your web page.
U

Hmmm!!! funny but not Funny. I can’t just believe my eyes
C

Your site is down because it was not secure.
U

site lock is wasn’t a must install from the beginning of this package, meaning i can get protection else where
C

Our solutions are tools that allow you to be more aware of potential threats on your website

We can even remove common malware.

Can you check you email?
U

i have been using other tools for this and they do same
C

the more tool, the better the security.
U

they protect my site against malware
C

When you only use application based tools you have room for error.
U

why cant they be allowed the chance
C

We are a cloud based service not a installation on a server
U

cloud based and installation all working towards the same goal
C

It uses the DNS to route your traffic onto a CDN network and Firewall system
U

and now because sitelock is recommended by hostgator.. it forces it customers to use it one way or the other right?
C

and the scanners use FTP to download the files

It does not force you but we are a great option.

If you are available for a call I can call you
U

sitelock isnt the only company in the game of protecting againt malware
C

[7:20:13 PM]Connor Scott:It does not force you but we are a great option.

We can remove the threat and make sure the site is live.

I sent you a reset for your account did you get that?
U

+2349090******

i got the reset

what am i to do with that
C

calling John.
U

noted

thanks for the call

really appreciate

i look forward to not using sitelock in the future
C

Would you like more information via email?
U

You are sick

thanks once more
C

Connor left

Please wait for the next available agent
You will be connected to an agent within 5 minutes…
Thank you for contacting HostGator support. Please rate your support representative in the following areas from 1 to 5 (5 being the best).

My representative was knowledgeable.

My representative was courteous and willing to help.

From the mail and calls I received they expect me to pay a whooping $348 for my sites to be cleaned up. I got angry and left HOSTGATOR for good.

If you are currently using Hostgator and have not yet face this issue, I am not saying you leave them. Start running as much frequent backup on your site to be on the safe side. Also, in case you get any silly message from SiteLock, ensure you don’t give in. I am not saying your site can’t be infected, without Hostgator and SiteLock planting some sort of malware. Do your research before you do anything. ensure your site is malware free, use diverse security measures, you can apply for Comodo’s site check free trial.

Please, if you bumped into this post because you are a victim already, quietly leave Hostgator for good and move on. Sh*ts do happen. Maybe you got in here because you are yet to get hosting for your site then RUN AWAY NOT JUST FROM HOSTATOR, BUT ANY EIG HOSTING COMPANY.

SEE the SCAM list Here.

Be Warned!!!!

What I lost From Hostgator’s Act

I lost one of my experimental site at that time because I failed to back it up. It was painful. I also lost serious traffic. Anyway I pushed on rebuilt that site under a month, re-wrote articles. And with patience the experiments worked and I got traffic flowing in such a way that I got over 1.6 million page views within the space of 3 months.

The Payback

I was so upset with there shady business practice that I took the time and effort to move over 5 sites to a new host. It took me a full day, but it’s a great feeling knowing that I got the last laugh!

FINAL THOUGHT

Which Hosting Company Did I join

If you are wondering which host to join there are lot of hosting companies that are not EIG. Maybe you don’t have much fund and want a very good service, then from my Bitter-Bitter experience with Hostgator and other hosting services, I will recommend HOSTNAMSTE as the best shot you can try.

They have been so wonderful and truly supportive. with my link and the coupon code I am about to share with you. I do believe their price will be affordable compare to other hosting service

In their own words:

A Reliable Indian Hosting. Company You Can Trust. HostNamaste is the perfect web hosting solution for your small and big websites.

4+ Years Of Excellence

HostNamaste, The Best Indian Web Hosting Company Around.

We offers the best-in-class fast SSD Shared, Reseller, OpenVZ VPS, KVM VPS, Windows VPS, and Dedicated Servers for small and big websites across US, UK, India and Russia. We endeavour to offer our clients the best services at competitive prices.

We came into this business because we saw a lack of support in the hosting bussiness. We have used numerous other well known hosting providers and they left us dissatisfied. We felt a need for a hosting provider that was not only capable of understanding your needs, but had the resources to provide you support though out. Therefore, HostNamaste was born out of necessity.

Some Linux Linux Shared Hosting / Linux Hosting / Fast SSD Linux Shared Hosting deals and coupon:

Foundation – $1.95/Month

  • 2 GB SSD Storage
  • 100 GB Bandwidth
  • Unlimited Domains
  • Unlimited Sub Domains
  • Free Let’s Encrypt SSLs
  • Unlimited Databases
  • Unlimited Email Accounts
  • Plesk Obsidian Panel
  • 1-Click Apps Installer
  • CloudFlare / SEO Toolkit
  • Nightly Backups

[ORDER NOW]

 

Growth – $3.95/Month

  • 10 GB SSD Storage
  • 500 GB Bandwidth
  • Unlimited Domains
  • Unlimited Sub Domains
  • Free Let’s Encrypt SSLs
  • Unlimited Databases
  • Unlimited Email Accounts
  • Plesk Obsidian Panel
  • 1-Click Apps Installer
  • CloudFlare / SEO Toolkit
  • Nightly Backups

[ORDER NOW]

Momentum – $5.95/Month

  • 30 GB SSD Storage
  • 1000 GB Bandwidth
  • Unlimited Domains
  • Unlimited Sub Domains
  • Free Let’s Encrypt SSLs
  • Unlimited Databases
  • Unlimited Email Accounts
  • Plesk Obsidian Panel
  • 1-Click Apps Installer
  • CloudFlare / SEO Toolkit
  • Nightly Backups

[ORDER NOW]

Business – $7.95/Month

  • 50 GB SSD Storage
  • 1500 GB Bandwidth
  • Unlimited Domains
  • Unlimited Sub Domains
  • Free Let’s Encrypt SSLs
  • Unlimited Databases
  • Unlimited Email Accounts
  • Plesk Obsidian Panel
  • 1-Click Apps Installer
  • CloudFlare / SEO Toolkit
  • Nightly Backups

[ORDER NOW]

Coupon For All Packages  (999LinuxShared)

HostNamaste Affiliate

Meanwhile please feel free to comment your experience if you have any with Hostgator either good or bad

6 thoughts on “Ugly Truth About Hostgator and SiteLock Scam You Should Know Today”

  1. Exactly the same experience.

    Last week my website was attacked by malware (Who could have done such a thing?). My website was taken down by HostGator. I was told to pay for Sitelock protection to my website. I bought it. The Malware also corrupted my files. I was suggested to pay for site restoration from backup. I have paid for this. After the site restoration from backup was finished my website was still down. I was told that my free 3rd party my SSL certificate was not compatible with SiteLocks CDN. I paid for a SSL certificate from Hostgator… but my website was still down for almost 1 week. I was then told that SiteLock’s two cheapest plans under $10 do not support SSL and that I had to upgrade to the $50 security plan if I wanted SSL to work on my website. I refused. I was then told I need to Remove my SiteLock CDN. I don’t understand why the SiteLock package I bought through Host Gator’s Cpanel and the SSL package I bought through Host Gator’s Cpanel are not compatible. Yesterday HostGator Staff removed my CDN but my website was so slow that it was unusable. This is completely unprofessional and I have now asked for a full-refund of my SSL package and I am considering changing my host to another company.

    Reply
  2. Thank you for sharing. Unfortunately, I’ve just gone through this with Hostgator and SiteLock. It’s basically extortion. They took down my site and then called me and told me I had to pay a bunch of money to get my site back up. Sadly, I paid it. Only to learn this is a scam they do and that the infected malware really isn’t. I’m sick that they get away with this over and over.

    Reply
  3. Thank you for your detailed recap. What a hassle! My host provider is Hostgator. Two days ago, I got emails from Google titled: “Social engineering content detected on [mysite].com” — and that because of it, my site is demoted in search and potential visitors would be warned. (FYI, deceptive pages is described as “These pages attempt to trick users into doing something dangerous, such as installing unwanted software or revealing personal information.”

    The mail from Google also said this:
    “Here is a sample of URLs from your site where we detected social engineering content:
    http://[mysite.com]/cgi-sys/suspendedpage.cgi

    The ordeal was extremely confusing and hard to understand. I didn’t know if the “suspendedpage” part of the URL was so-named because Google named it that, or if that was the name of an actual file or something that was on my site.

    I suspected maybe the culprit was a link on my site that went to Comodo SSL certificate company. I had originally put the link there so customers could click it to see my certificate. But since my cert had renewed since I had generated the link, the link no longer went to my certificate and instead went to the main page of Comodo, which sells SSLs. So, I reasoned that maybe this was the reason Google said I had social engineering content: like I was trying to scam people into buying Comodo certificates. Other than that, my home page is extremely simple. It has 7 main navigation links and a few other links for ordering, and Facebook and Twitter links, which all checked out as normal.

    I couldn’t figure out my Comodo login, so I figured I’d call hostgator to ask them if they thought this was the reason why I got this scary mail from google and if they had any suggestions. They had me forward to them the email I had received from google. They had no suggestions other than they agreed to try to remove the link to Comodo, but they also tried to get me to agree to be transferred to SiteLock to have my site scanned. I asked the tech support person: “What can SiteLock do for me?” The answer was they would scan my site. I asked if that was a free service as part of tech support through hostgator and they said no, it was not. I asked, what can SiteLock do for me that is free? They said, “Nothing”! So I’m like, “uh, no, I’m not at the point where I’m ready to pay for anything because I’m just trying to learn what is going on.”

    I stumbled around some more, finally started to understand more, then called hostgator again, not understanding why they can’t help me AT ALL (I mean, what is tech support for if not for this???) and I was urged AGAIN to use sitelock! I started to suspect they were pushing sitelock a little much.

    Finally, I googled the “suspendedpage.cgi” text and came across some search suggestions that included the word “hostgator,” so I found your post and others questioning the relationship between Hostgator and SiteLock, which made me think, “Aha!” So, now I realize that this cgi thing is a script that a host provider puts on a site when it wants to shut it down for something like non-payment? Well, I’ve never had that problem, since my invoices get auto-deducted. I guess a hacker could also put this document in my site? But is this likely a document that hostgator put in my root files? I used Google’s URL Inspection tool (in Search Console) to search all the main pages of my site and all were clean except the root “home” page.

    I called hostgator for a third time and asked again about why they couldn’t help me, and also pointed out the observation that it seems unethical for the two companies to be in bed together. I also asked if this “cgi-sys/suspendpage.cgi” text was the same as what would be used if they were to suspend a site for non-payment. The agent played dumb like he didn’t understand the question. And I asked if they, hostgator, could have planted the file there so they could refer me to sitelock for scanning. The agent again played dumb and apologized for my trouble and suggested I use some kind of security company to get a scan, and that he wouldn’t recommend sitelock if I didn’t want to use them, and that there were others out there. But he did manually scan my files and didn’t see any problems there.

    I think at this point, I will update whatever needs to be updated in my WordPress files, and then ask Google to rescan my site. They want an explanation of what was done to remove offending files and I’m just going to explain what I’ve told here and see what happens. I will try to come back here and update.

    Reply

Leave a Comment

Share to...