Sitelock Scam

Recently Dean Shareski wrote about an issue he was having with his blog at Bluehost. The short story is his site got hacked, which happens to all of us. It’s the struggle of the web. But what was crazy was how his host reacted. Bluehost basically shut down his site, and said no access until he cleans it up. If you aren’t a sysadmin, cleaning up your site is something you need to learn, and doing that under the gun is no fun. So Bluehost suggests they use a service like Sitelock. They charge something like $200 to clean your site, and then an extortion of $150 a month to keep the service (which you need to do once you have been hacked). It’s effectively subscription based ransomware. What’s crazy is it is not just Bluehost, Host Gator does the same exact thing, and guess what, they share the same corporate overlord EIG.

When I heard about Dean’s situation from Tim, and the fact that despite paying Sitelock his site was still hacked and offline, it smelled like a first-rate scam, and it looks like it is. The worst part about it is these web hosting companies are colluding to manufacture a need. This blog post by Dumitru Brinzan is the most clearly documented case I have read on the internet of how this scam plays out:

In order to remove the restrictions we’ve placed, you must resolve the security issue and remove what malicious content was listed. If you do not believe you can do so on your own, you may use a reputable third-party security service, such as SiteLock, who can be reached directly at 877-563-2849. Please note that repeated reports of malicious content on your account within 60 days of an initial notice will lead to further action being taken, including permanent suspension after failing to professionally clean the account.

The dreaded email that your site is suspended until you clean up your shit comes with no warning, and is followed by an inline ad for a company that is claiming insane growth numbers to the investment world: Sitelock. It’s about as scummy as scummy can be, and reaches the level of scam when you learn that many of these accounts are false positives, but the default response, at least at Host Gator, is to suspend and collect. And this is not an isolated case by any means, just read the comments of the blog or  look at other posts like Jennifer Ellis’s examination of how she was pushed to get Sitelock because a link on her site was to an infected site. That’s concerning, corporate driven takedowns because you may be linking to an infected site is certainly scam:

Once I got over my panic and took a closer look at my site, do you know what I found? The terrible, critical, scary alerts involved the fact that my site has a blog post.  On that blog post I linked to a company’s website.  Apparently, that site is blacklisted on Google at the moment. That site must be infected.  That problem requires the following steps:

  1. Go to the blog post
  2. Remove the link
  3. Update the blog post

Yup. SiteLock wanted to charge me $199 to remove a link from a blog post. My site didn’t actually need any cleaning. There was nothing wrong with it.

This is a really good example of the worst of these web hosting scams. Preying off customers who may not be able to understand it or do it themselves is an abuse of power, and the idea should be you turned to this web host to protect you from these things, not to hijack your online world. Quite frankly we see this type of predatory selling, I think Mike Caulfield called it “hate-selling,” and a lot of domain scammers do this, but it is even worse to have your own hosting company taking it hostage. This also speaks to the broader problem with only basic literacy around the managing of your online life. The LMS, Lisa M. Lane argues quite eloquently,  is stealing some of the mot germane opportunities we have to teach students about the web by defaulting to the ever abstracted and simplified LMS:

Increasing numbers of students have no conception of what constitutes a website, or a link, or a browser. With no understanding of how to navigate a complex web page or database, students have become unable to comfortably navigate a complex online course, regardless of the LMS. It is possible that only students with more sophisticated web skills are able to benefit from the learning pathways we design. As instructional designers remove more and more of our responsibility to construct these pathways ourselves, the “best practices” encourage computerized learning goals such as chunking, instant feedback, and tightly controlled pathways at the expense of discovery, integration and community.

If we don’t even take the basics steps towards a general literacy of how the internet, and more specifically the web, works across higher ed, then how can we ever expect broader understanding of how and why sites are online, no less what to do when they get hacked? Is this the domain of higher ed? I want to think so given there are some basic elements of identity and power relations at work online that need to be contextualized for all of us historically. This is the amazing works folks like Audrey Watters and Kin Lane have been doing for many years now. A frame for empowerment becomes ever more important as people use knowledge and ignorance to control judgement through fear as a means to push you into something—a quick “solution” to a broader issue of online identity, and all its concomitant problems.  It is crucial people are encouraged and invited to expose themselves to how the web works so they can cut through the fear-based marketing that drives large parts of the web. So, I hate scams like this because they operate on fear and loathing, not the idea of curiosity and possibility, and the domain of education should be to battle the former with the latter.

This entry was posted in reclaim and tagged , , , , , , , . Bookmark the permalink.

34 Responses to Sitelock Scam

  1. Pat says:

    There is also a google list of blacklisted sites that ‘site cleaners’ use to email web masters once google blacklists you.

    Much as i concur on any skills, important to ask qs of WordPress as to why still so many issues; you can play the plugin / theme card, but there’s been a few core ones which haven’t been looked at. On top of that vaultpress seems like the same deal. We’ll leave core weak and sell you a plugin to protect you.

    Been helping a friend of Alan’s out fixing her site and have a free plugin almost done. Happy to share

  2. Gina says:

    I had this happen too. Have been a long time customer of Hostgator & currently have two accounts. One began the sitelock harassment. I mean multiple emails and CALLS daily. We unsubscribed, asked them to stop, nothing. In the meantime I did get Sucuri to scan my sites and nothing was on them. I complained to Hostgator, we went back and forth with their canned responses. Within 24 hours all my sites were infected with Malware and Hostgator blocked my access to them so I can’t even remove the problem. Another request for support and had someone trying to help me. The next morning I got a response from someone else apologizing for the last HELPFUL person saying he was wrong and the only thing I could do at this point was pay Sitelock to remove it. I feel blackmailed or held hostage by them. It’s repulsive behavior.

    • Reverend says:

      Hi Gina,

      Damn, that is harsh. Can you even access your cPanel? If so, let me know at jim@reclaimhosting.com. I would get a full backup ASAP and jump ship, that is absolutely in-house ransomware. No notice, no offer of help, just cut you off. How can they call them selves a hosting company and do this to their customers. I’m sorry to hear they have been so scummy, but I would be happy to help, just let me know. I’ve dealt with a few of these instances at this point, and there should be ways at this.

      Also, Sucuri is absolutely solid, so really bizarre you would get malware after a clean bill of health. I can help but small a rat.

  3. Catherine Derecki says:

    Bluehost did the same thing to me. I felt fortunate to be able to fix it myself, and they were surprised I opted to do so. That really sucks.

  4. AJ says:

    I also had the same issue with Bluehost. I did opt to fix it myself after going through the “sales” call with Sitelock and informing them that I didn’t want their service. I was able to finally get to a Bluehost support person and not have them forward me to Sitelock again. After I convinced him that I had cleaned my sites, he did another scan and allowed the sites to go back online. It was frustrating at the very least.

  5. corrin says:

    SiteLock has been calling and emailing me incessantly for over a week telling me that there is a malware on my site. I contacted BlueHost support and the call was fielded by SiteLock. When I asked to be transferred to someone at BlueHost to discuss the issue, they did so after asking 3x. BlueHost then confirmed that there was no issues with my site and that SiteLock was likely contacting me because I used to have their service as part of my hosting package and did not renew. What a scam. I’ve been with BlueHost for over 10 years and I’m really frustrated that they would deal with a partner that handles their customers this way.

    • Reverend says:

      Corrin,

      Yeah, that is really the confusing part, why would Bluehost sell out its customer base like that? In many ways they are equally responsible given they are effectively selling Sitelock your information after you pay them good money for hosting. The whole arrangement is pretty scummy. And the cold calls, what could be worse? Sorry this happened to you.

  6. David Gordon says:

    Here’s an even deeper level of deception that I have to suspect SiteLock of. I got the notice of an urgent threat and logged into the SiteLock dashboard. One of the “issues” found today was SEO spamming. It list me the page and an image (not text) of the link that was “found.” I pulled up the source code of the page and did a search for the link and found nothing.

    I talked with a rep who tried to upsell me but I got her focused on verifying the many messages in my dashboard. She couldn’t find any evidence of anything real on the site and put me on hold to contact support. They didn’t give any evidence but said the links could hide in the database and that Securi had also picked up problems with the site.

    I did a complete database search for the words in the links and found zero.

    These were very specific url’s with specific words that were supposedly on the page. Would they go so far as making up links supposedly found on the page? What other explanation is there?

  7. Connie says:

    I just got off the phone with SiteLock after receiving an email of not being able to successfully access my files.

    When I spoke with the representative, she went on about how she couldn’t believe how many attempts had been made at my account and basically tried to sell me upgraded protection for another 15.00 per month.

    I’m already paying 95.00 a year and she said I was being protected but it may come to my site being hacked – that I needed a different level of protection.

    I have very little traffic to my site at this point, and I told her I was not going to pay any more money for the service. She ended up “fixing” the problem and now my site is supposedly fine.

    If she could simply go in and fix it, then why did I get the email in the first place? Something doesn’t feel right about this to say the least.

    I’m with Blue Host and my site was shut down last year. I was told I needed to go with SiteLock and even though I wasn’t making a dime off my blog, I did.

    My question is, what is a person to do – I mean, if your site is going to be shut down because of threats, what choice do we have?

    • David Gordon says:

      I have been recommending Flywheel hosting to a lot of my WordPress clients. They have a tiny plan for $15 per month. It includes security and cleanup of any hack should it occur. It does not include email. They will migrate your site for free and clean up any malicious files if the site is already infected (also free of additional charges.)

      • Connie says:

        Thanks David. I’ll look into it. That may be the way to go. And the price is good too.

        • Reverend says:

          Connie,
          I agree with David, the only choice once a company extorts you like that is pack up your stuff and get out of dodge, and maybe leave a note with the Better Business Bureau or something like that. A comment here helps too given other searching for this very thing may quickly realize they are not alone.

  8. Bob says:

    Last week Hostgator shut down one of my many domains hosted with them. This week Bluehost. I have about 30 domains with websites between the two.

    I am going to pull all of the websites and move to another hosting company not affiliated with SITELOCK what a scam

  9. Diana says:

    I being with hostgator for a while and I am having the same issue, I need to have my site up and running and they tell me that the only way to do this is Sitelock, and really don’t want to pay $200 and then $160 monthly , is there another way to solve this?? i can not logging in work press just the cpanel. can you advise me what is the best thing to do?

    • Pat says:

      Jim might not want to tout for work here – but he runs a hosting company and he can host your site for you (reclaimhosting.com or rockawayhosting.com)

  10. Sven says:

    Chiming in here too to warn others that Sitelock is a total scam. I went through a similar ordeal that many are describing here a little over a year ago. My host was Bluehost and I kept getting these aggressive, bordering on creepy messages from Sitelock, telling me that my site was infected with malware and trying to sell me ridiculously expensive plans to fix it. Like the woman in this news segment (http://www.nbcbayarea.com/news/local/Small-Business-Owners-Website-Shut-Down–384730311.html) I thought it was spam because I’d never even heard of Sitelock, but instead of just ignoring it I called up Bluehost and asked them if they had anything to do with them.

    At first they denied that Sitelock even had access to my sites, but when I kept insisting that indeed my sites were getting scanned by Sitelock without my permission and I was getting threatening emails from them, they suddenly changed their tune and gave me an @sitelock.com email address where I could cancel their service. When I said that I didn’t want to deal with Sitelock because I never signed up with them and that it was Bluehost’s responsibility to cancel this unsolicited add-on, they simply refused.

    I was so furious at Bluehost that I ended up canceling my account with them and moving all my sites to a new host (Siteground, no relation to Sitelock, I’m super happy with them). But get this: Today, over a year since I’ve had anything to do with Bluehost, I get an email from Sitelock saying “During a recent scan of your website, malware that could possibly jeopardize the security of your website and your customers’ data was detected.”

    To me, this is final proof that they’re a completely disreputable scammer enterprise, as there is currently zero chance they could have accessed my site. Somehow my email address must have got left behind in their system and they’re just arbitrarily sending out scary messages, which makes it highly likely that most of the warnings they send out to people with hosts that have given them access are probably BS too. After the motto “just toss out freaky malware warnings to play with people’s fears to see if anyone bites.” This is, in my opinion, no better than any old phishing scams, and they should be reported to the FTC (https://www.ftc.gov/faq/consumer-protection/submit-consumer-complaint-ftc) by as many people who’ve been hoodwinked into giving them money as possible.

  11. World Changer says:

    These people destroyed my business. I’ve had my site up for 4-5 months now and these folks hit me with the malware scam but unfortunately I wasn’t aware of the scam until after I paid the initial $49.99 to have it removed. The Rep “kindly” waived the $300 for the cleaner but my thing is: The files they claim were infected were plugins and I was not notified until after the site was shut down.

    That’s not even the worst part. I spoke to the representive for my hosting provider (ehost) and I asked her after the clean if they could scan and restore the site. She specifically said “Oh WE (ehost web hosting provider) don’t have control over the restoration of your website. Respond to the email because SITELOCK is the one who can restore your site???

    They, (ehost) sent me an email saying: “We have restored your website” which is now just a blank page of nothingness. Everything is questionable. They ask for your web hosting login credentials but somehow found malware in certain files?

    So basically how I see the business model:

    EIG owns Sitelock
    Sitelock swallows webhost
    Webhost (most likely) spreads their legs for Sitelock by allowing them to scan files on YOUR site.
    *Sitelock probably have a team of experts who can send malware to your site here and there to make their business appear non-fraudulent with real cases (probably their coding) which they can tell you where the malware even came from. Not an IP or nothing traceable.

    I JUST monetized my website too. I made my first $1.00 online this month and as soon as I started rolling in some reoccuring traffic they hit me. Now Google has “this site may be hacked” me. Frustration isn’t even what I feel. One day I plan to counter these fraudulent businesses. Free security for all web businesses one day. People don’t deserve this. And people don’t know this is a monopoly and that the internet could be given up in the hands of “security”.

    • Pat (pgogy) says:

      I hear you.

      I find it odd that both Drupal and WordPress’s founders both run anti spam companies associated with a free product. It sets an odd precedent with open source that certain “bugs” need to be left in to create space for money to be made. It’s contradictory.

  12. Bruno says:

    They are SCAMMERS.
    My website got DEACTIVATED today by bluehost because they said it had a malware… So I logged in to the live chat and the “security support” asked if they could call me – I said YES, thinking they would help me over the phone.

    Well, it was actually a sales call from SITELOCK, asking me whether I make money with that website. I said: “No, it’s a personal blog”. They kept pushing: “But do you monetize it? Could you monetize it in the future?”

    I said no, no, no…

    He then said: Well since it’s a personal blog, it would be $720 a YEAR to fix the site and keep it safe. It would be much more expensive if it was a business site.

    I said ‘no way’ but they kept lowering their price all the way to about $300. Still, I said no.

    After googling about them and finding THIS blot (thank you), I decided to solve it myself.

    I opened another chat on bluehost’s (this time with ‘Close Account’ support) and told them I wanted to cancel because Sitelock was too expensive.

    They just told me: ‘Well, it’s only 3 infected files. If you remove them we can reactivate your site.”

    WHAT?

    I opened file manager, deleted the files and everything was solved. Site back on air.

    AND SITELOCK WAS TRYING TO CHARGE ME OVER $700 A YEAR TO DO THAT.

    I obviously asked bluehost to CANCEL my sitelock subscription (you get one for free when you join bluehost and the ONLY way to cancel is asking support) and I never wanna hear about them again.

    Scammers.

    PS: In my case these were the files I had to delete:

    footer.php
    wp-acsesapps.php
    wp-jsconfigs.php

  13. Thomas says:

    I also had the Hostgator slash Sitelock nightmare, I am well versed in most aspects of site security, so when I started to receive those emails I was quite surprised.
    Anyway you all basically know what happens after that.
    Me, I jumped ship & let Hostgator know exactly why.

    I chose eHost.com after making sure they did not use SiteLock. (I specifically asked them before I signed up) Using them for the past year with no problems, until now.
    Then I noticed a $59 charge on my Credit Card from eHosts?
    Logged in & low & behold, SITELOCK
    Contacted support, they say I authorized it, which of course I did not.
    Just sent eHost an email stating I will be moving on after my current years plan is up (2 Months-ish)
    12 sites (backed up weekly)

    I couldn’t understand why these host companies keep screwing us over via third party services, then I realized that these companies give them a cut of the SCAM

    Think about it
    Stay away from any host company that does business with SITELOCK
    Talk with your wallet/Purse

  14. Fred says:

    I got an email from SiteLock informing me that my website had been infected with malware. Indeed, that was the reason that my website was down. I contacted HostGator, my hosting company, which connected me to SiteLock. SiteLock informed me that they could remove the malware if I agreed to one of their protection plans ($60, $89, $110, or $150 per month, all to be paid one year in advance). I felt like my website was being held for ransom unless I paid these exorbitant fees. Fortunately, I did not agree to any of their plans. I will be moving my hosting to a different company that has no affiliation with SiteLock.

  15. Mary R. says:

    Sitelock and Dot5Hosting, HostGator, and many others are all Endurance International Group (EIG) companies. They are working together to (IMO) extort millions from unsuspecting customers. Eventually this will come to light. See this article for a (probably incomplete) list of EIG companies, and steer clear of them. Investigate new hosts to determine if they are EIG companies. Check regularly to see if they’ve been snapped up by EIG (case in point: eHost.com bought out this year https://hosting.review/web-hosting/ehost-closed-permanently/). I moved to Siteground after a Dot5/Sitelock extortion attempt and I’ve never been happier with a host.

    • https://youtu.be/L966Rr1lGS0.
      EIG, Sitelock SCAM. It is one VERY large company, Endurance International Group (EIG) purchasing all of the webhosting companies, one by one, gutting their staff, and pushing this crazy expensive “malware” protection service, Sitelock. They take down websites, either there never was malware, or they placed it themselves. Yes, EIG owns Sitelock. Watch my YouTube video. I explain the scam. They did it to me too. JOIN ME. Let’s stop letting this criminal organization extort us.

  16. JoAnne says:

    Just wanted to include this scam continues today 🙁

    • Jim Groom says:

      I’m sorry to hear this JoAnne, it is ridiculous there isn’t some way to get the better business burea involved to curb some of this criminal upselling.

  17. I had something happen to me today. Tried to log into my wordpress site and got this message :Forbidden

    You don’t have permission to access this resource.

    Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.

    Contacted Just host live chat, here is her response:
    Thank you for holding, I have tried to remove deny codes from .htaccess but it is regenerating, and changes are not updating, so I have initiated the scan at the backend, Normal scan will take 40- 45 mins to complete, also depends on the no. of files, which might take more time to scan, so will get the root cause of the issue,also I have replaced core files for you are you able to login now

    So I am able to log in again but now she keeps going on about sitelock giving me a call:
    While I was going through your account, I have noticed that you have not activated any type of online security tool for your website files. The security of your website is heightened when it is scanned for malware daily. We have a team of experts who can assist you in safeguarding your account from hackers, malware, or any third-party threats. This is a cloud-based security tool called Sitelock that scans your website for malware and vulnerabilities. If you are interested to learn more, please provide your contact number and convenient time so that I can schedule a call session for you.

    I told her why are you trying to send me to a scam instead of helping me roll back my website to a previous backup. She said:
    Currently your account files are infected, this is the reason your website is not functioning correctly, also in google search it shows chinese writing due to infected contents on your website files, to function your site again, you need to remove all infected codes from your account, and need to re-scan also if you need any elp on it we do have Sitelock team who will help, and guide you on it, also they will help you on protecting site contents in future too

    I ended chat. Not sure what to do now tho

  18. Reverend says:

    Is it a particular app that is hacked? WordPress by chance? Regardless change any passwords for admins and update all plugins, themes, versions, etc. After that look for any un recognizable files or recently changed files and see if there is any suspicious code. Those would be some initial instances. The other step is replacing core files of apps that might have been hacked. All of these would help, and it does point to the fact that SiteLock might be valuable for some, but there costs are high and it is a integrated sell by web hosts I hate.

    If the site is wordpress try installing Wordfence on any and all WP sites and doing a scan to see if you find any suspicious files.

    Hope this helps.

    • Thanks for the response. I installed wordfence and it found the file htaccess. have been put in all my content and theme folders. There were a hell of a lot of them and they all appeared 2 days ago. I have deleted them all and changed admin passowrd as suggested. Thanks. Dont know why justhost could not have told me that instead of pushing sitelocker down my throat.

      • Reverend says:

        I think that is exactly the issue, a good host can provide useful advice and first line support, sometimes a professional does need to be brought in, but that should not be a vertically integrated up-sell solution for sure.

  19. Dipo says:

    This is exactly what has just happened to me. It is sad.
    I have been fleeced.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.