SiteLock Site Security?

[Zach]

Hostgator disabled my account due to lack of security on the sites I own. So everything is parked right now. Shoot.

Their solution? Sign up for SiteLock!

Part of this just feels like a sales tactic, but in the mean time my sites are down. The SiteLock prices can get pretty steep and I'm not smart enough to know what I need and don't need.

Do you guys bother with SiteLock? Is it time to change hosts if HostGator is going to make these pushes? Do I actually need some real site security?

 

[Zach]

It is frustrating that HostGator's tech support just will punt the whole issue and say go sign up with SiteLock. Some great bizdev partnerships going on to benefit the HostGator customer here.

 

[Tao]

"sorry to hear that you're having a malware"

I was reading on Reddit yesterday that Sitelock is owned by HG too and they just forward people there for the slightest security issue as they will get the money.

 

[CCarter]

Wow that's horrible customer support. First the malware is the real problem and that seems like a security problem. You need your accounts enabled but to be honest it sounds like they are accusing you of distributing malware instead of just being infected - that's why they are giving you the weak run around.

I've never seen someone's account disabled cause they were infected with malware. Wordpress CMS is notorious for this and to disable any potential Wordpress that gets infected would be disastrous for their business model - which consists of mostly dead Wordpress installs for past projects.

With that said they definitely would disable an account that was distributing or hosting malware or they suspected of being an agent of a hacker group. I'm not saying you were distributing malware but were you? If not - you can see how multiple domains being infected would look suspicious to the point where you seemed to be some elite h4x0r trying to use Hostgator as your command center for your malware operation.

This is one of the dangers of using old Wordpress plugins that never update or a person never updating plugins, or simply using plugins from bad developers. It could be you used a plugin on multiple sites that caused them all to be infected and therefore framing YOU as the final boss of malware viruses.

Basically you probably are screwed with attempting to re-enable that Hostgator account.

 

[Zach]

@CCarter

The original email wasn't quite as accusational:

I'm on the phone right now getting support from someone else who knows wtf they're doing.

She said she confirmed the offending file was deleted, and the account team will review today and let me know about re-enabling.

All-in-all it all still just reeks of this ripoff strategy:

0. Decrease standard tech support & security in Hostgator plans
1. Convince small biz owners they've got "something" wrong via automated emails
2. Charge them HUGE to clean it up via SiteLock.
3. Charge them for ongoing monitoring via SiteLock.

A $10/month hosting account just turned into a $350 "fix" fee and $75/month monitoring fee.

@Tao Thanks for the reddit thread. This is spawning in me the need to switch off of EIG-related products.

 

[Ryuzaki]

Zach, check out this perspective on the SiteLock scam and my experiences that proved it was a complete lie and shake down.

The short of it is they were demanding $20 a month to protect 3 of my "vulnerable and infected sites." The only problem was those sites hadn't existed for at least 5 years. There were no remnants of public_html folders, MySQL databases, nothing.

They literally grabbed at random from a historical list, it seems, and started spam calling customers.

 

[built]

Had this bullshit as well when I tried them out.

Moved to MDDhosting for budget hosting

 

[Darth]

Wow, what scumbags

 

[Ghost]

If you pay with a cc chargeback if enough people do that will quickly make them reassess their situation.

 

[Sisu]

I had Sitelock enabled as a free service when I used Bluehost. One day I randomly discovered my main site was down; chat informed me that SL had done something to it to protect it. I asked them to cancel it ASAP; they did, and my site came back. The whole thing is complete nonsense, and yes, be warned that they can use it to take your site down at any time if it's enabled.

 

[Zach]

Final update to this thread...

Tech support acknowledged I deleted the offending files and that they'd review my case with their specialist team and get my account re-enabled within 24 hours.

It has been 7 days now and not a peep.

<headsupasses.png>

A few days ago I switched the domains I care about anyways to another hosting provider.


BTW, in the DSCC, ASmallOrange is recommended. But, according to this article EIG acquired them too.

 

[DKurtz.me]

Yeesh. I remember moving off of them years ago. I've been through several iterations of hosting since then, but right now I'm having a lot of luck with Vultr instances and ServerPilot as the admin panel.

Everything loads in about a second, page speed score is nearly perfect, and I've only dabbled with a few items that have been mentioned in the 30 day section and the CC9 threads. Bolting on S3 made the sites even faster.

It's not for everybody, but if you don't mind learning PuTTY and a bit of Linux execution scripts, it's pretty alright for what I need to achieve.

 

[backwoods]

BTW, in the DSCC, ASmallOrange is recommended. But, according to this article EIG acquired them too.

Definitely stay away from ASmallOrange now. I just recently terminated my account with them and the next billing cycle I noticed my credit card was charged again. I had to contact my CC and dispute the charge (they decided in my favor).

ASO removed their customer phone number and the only way to contact them now is via chat. The evening I went to reach out to them and cancel my account the "live chat system" was down for a few hours!