They started offering a 'service' called SiteLock that is supposed to prevent you getting malware on your site and then help you remove any you get. They use levels from 'Alert' to 'Repair' and they charge hundreds of dollars.
Sounds good until you look closely at the offer. What they offer is easily covered by free services, so no real value so far.
Where it gets interesting is when they send you an alert. I received two on the weekend - one for each of two sites I own. I diligently checked the first site with WordFence and a malware scanner - All clean, so I asked for more info. Whilst waiting, I got another warning email for another site.
VERY interesting. This site is not hosted at Hostgator (Used to be - months ago). The 'site' at Hostgator is am empty folder. How can you have malware in an empty folder? (Spoiler alert - You can't). I asked for more info again. An image duly arrived of some random characters that were supposedly in my empty folder.
I did some research and discovered that SiteLock will infect your site with malware if you don't comply.
They are finding non existant malware to extort money from frightened people. Quoted me $300 to clean a site, claiming they had to send an engineer to do the work on site!
When I asked for an infected file name, they answered "We can't do that because our scan does not work that way" THAT is BS. All anti malware works 'per file' and produces a report identifying the file name.
More BS from their emails (My replies in blue) :As the Global Leader in site security and the security partner provider for over 150 different hosting firms worldwide (GoDaddy, BlueHost, iPage, FatCow to name a few) we that this very well. Actually, Sucuri is, all hosts listed are EIG hosts, nobody else would runs this scam. The one time clean is $300 --- but we Do Not recommend this as it's only one time and only secures your site for that day. So - don't clean it, just pay us a monthly is their advice. If there is no SSL/ e-commerce on the site that you want to have cleaned, then we can do the Infinity Manual Cleaning Service at $99.99 per month with a Basic Firewall (not compatible with SSL's). Who, on shared hosting, is going to pay $99.99 per month for bogus 'protection' when WordFence is free? Why are ecommerce files not included? they are just files. Oh, I know - because we can extort even more money. As a security company, you want me to leave a door wide open and not use ssl? [size=12px]---------------------------------[size=12.8px]During a recent SiteLock security scan of your website www.AAA.com, malware was detected that could jeopardize the safety of your website and your customers' data. As a longtime partner of HostGator, SiteLock security was included in your hosting package to help ensure the protection of your investment. This is the empty folder site that was moved to a new host 2 months ago. [size=12.8px]-------------------------------- To answer your question, the malware is located somewhere within your website's files. There are NO files in an empty folder. Even though the site isn't up, your site is still susceptible to attack. How? the 'site' at Hostgator is not accessible on the internet (because it is hosted elsewhere), so the only malware I could 'catch' would come from someone infecting a different site first or from SIteLock putting it there and SiteLock. If you no longer use the site, I suggest that you communicate with HostGatorto remove any remnants left of that site, Hostgator do not do file maintenance on websites especially if you have other sites on the same server. Below is a sample of the malware that was found by us: -------------------------------I have sent a reset password link to your email. Since I do not have an account with SiteLock and they think I do (There's another question of credibility there) - What password? Once you log into your dashboard, you can view each of your websites thatHostGator has provided you with a free malware scanner for. You never did, as I didn't subscribe and I didn't find a free scanner on my Hostgator dashboard. Within the dashboard, you can view the malware that has infected jam88.com for yourself. It is malicious coding, therefore, I cannot specific exactly where it is in your website's files because it is among thousands of lines of code. The English is appalling (Alert) they do not understand that lines of code are contained in files. A website is not one large program. I know - I write websites. SiteLock can't identify a file, only 'code' - another red flag : They don't understand basic computing.------------------------------- SMART (Secure Malware Automatic Removal Tool) - automatically detects and deletes 92% of malware So Nortons claims 99% and the best that 'The World's leading security company' can do is 92% ? Pathetic success rate which leaves me 8% wide open and all for $100 a month? Get real. --------------------------------Vulnerability fixes, in any existing or new plugins, themes, and source coding itself, we find them, and patch them. What? you will repair WordPress, Joomla, Magento and all extensions and plugins? Yeah right. -Most importantly, complete 24x7 access to our ES(Expert Services) Team, that will manually go through your site and remove ANYTHING malicious or suspicious. Or any type of hack, defacement, redirect, pharma hack, phishing, crawling, etc.. [size=12.8px]E[size=12.8px]xperts who do not know what a firewall is, can't protect me from 8% of malware, think that my website has no files - just code, think that malware exists in an empty folder? etc. Our Firewalls Prevent malware / hacks/ attacks, etc. Hostgator already run firewalls unless they just left the door open and walked away. Enterprise Firewall: (Also a per month rate) CDN (content delivery network) boosting your site's speed for your users across the Globe. Nothing to do with firewalls - Cloudflare does this -SEO (search engine optimization) - Google recognizes you have taken these precautionary measures and Boosts your sites rankings in all search engines. (Google, Bing, Yahoo, Etc..) Nothing to do with firewalls - Where is the proof of results or guarantee of ranking? How on earth are SiteLock going to seo my site? (Submitting a site to Google does not count as seo) and Google does NOT recognize SiteLock or any other security measures as a ranking factor. -Traffic stats. Bot vs. Human visitor traffic stats. Done by Awstats already for free -Minification. our engineers go through your entire source code, and remove any unnecessary spacing and/or characters, making your site's load times quicker and your code less vulnerable to penetrating attacks. Minification does NOT make code less vulnerable - it optimises code by removing redundant or duplicate code. And these are the engineers who will 'fix any malware' in my code? -Blocks backdoor connections. - This is huge right now. I see more backdoor hacks than anything else out there in the cyber crime world. This is undetectable from our scanners So the World's number one can't find the biggest threat? because they are doing anything malicious. They are able to make Administrative decisions, change anything on your site. ---------------------------------------Two of your sites have serious issues. All of your sites generally speaking have insufficient security as your host does not provide security for any domains they hos. All of the sites run Wordfence, Sucuri and Bulletproof security which has prevented every attack (including a ddos of 6000 hits per day) and you tell me you can do better? The only 'Malware' found is non existent. [size=12.8px]SiteLock is the security partner with HostGator because we are able to find, fix and prevent malware issues. Only 92% and you only found non-existent 'malware' on an empty folder and a clean site out of 40+ sites?------------------------------------All that we have access to is the level that we see for your Lite Scanner. So, you claim to have found malware but can't tell me where it is because your scan does not go into the files? How do you know a file is infected if you do not look into it? makes no sense at all.
Sounds good until you look closely at the offer. What they offer is easily covered by free services, so no real value so far.
Where it gets interesting is when they send you an alert. I received two on the weekend - one for each of two sites I own. I diligently checked the first site with WordFence and a malware scanner - All clean, so I asked for more info. Whilst waiting, I got another warning email for another site.
VERY interesting. This site is not hosted at Hostgator (Used to be - months ago). The 'site' at Hostgator is am empty folder. How can you have malware in an empty folder? (Spoiler alert - You can't). I asked for more info again. An image duly arrived of some random characters that were supposedly in my empty folder.
I did some research and discovered that SiteLock will infect your site with malware if you don't comply.
They are finding non existant malware to extort money from frightened people. Quoted me $300 to clean a site, claiming they had to send an engineer to do the work on site!
When I asked for an infected file name, they answered "We can't do that because our scan does not work that way" THAT is BS. All anti malware works 'per file' and produces a report identifying the file name.
More BS from their emails (My replies in blue) :As the Global Leader in site security and the security partner provider for over 150 different hosting firms worldwide (GoDaddy, BlueHost, iPage, FatCow to name a few) we that this very well. Actually, Sucuri is, all hosts listed are EIG hosts, nobody else would runs this scam. The one time clean is $300 --- but we Do Not recommend this as it's only one time and only secures your site for that day. So - don't clean it, just pay us a monthly is their advice. If there is no SSL/ e-commerce on the site that you want to have cleaned, then we can do the Infinity Manual Cleaning Service at $99.99 per month with a Basic Firewall (not compatible with SSL's). Who, on shared hosting, is going to pay $99.99 per month for bogus 'protection' when WordFence is free? Why are ecommerce files not included? they are just files. Oh, I know - because we can extort even more money. As a security company, you want me to leave a door wide open and not use ssl? [size=12px]---------------------------------[size=12.8px]During a recent SiteLock security scan of your website www.AAA.com, malware was detected that could jeopardize the safety of your website and your customers' data. As a longtime partner of HostGator, SiteLock security was included in your hosting package to help ensure the protection of your investment. This is the empty folder site that was moved to a new host 2 months ago. [size=12.8px]-------------------------------- To answer your question, the malware is located somewhere within your website's files. There are NO files in an empty folder. Even though the site isn't up, your site is still susceptible to attack. How? the 'site' at Hostgator is not accessible on the internet (because it is hosted elsewhere), so the only malware I could 'catch' would come from someone infecting a different site first or from SIteLock putting it there and SiteLock. If you no longer use the site, I suggest that you communicate with HostGatorto remove any remnants left of that site, Hostgator do not do file maintenance on websites especially if you have other sites on the same server. Below is a sample of the malware that was found by us: -------------------------------I have sent a reset password link to your email. Since I do not have an account with SiteLock and they think I do (There's another question of credibility there) - What password? Once you log into your dashboard, you can view each of your websites thatHostGator has provided you with a free malware scanner for. You never did, as I didn't subscribe and I didn't find a free scanner on my Hostgator dashboard. Within the dashboard, you can view the malware that has infected jam88.com for yourself. It is malicious coding, therefore, I cannot specific exactly where it is in your website's files because it is among thousands of lines of code. The English is appalling (Alert) they do not understand that lines of code are contained in files. A website is not one large program. I know - I write websites. SiteLock can't identify a file, only 'code' - another red flag : They don't understand basic computing.------------------------------- SMART (Secure Malware Automatic Removal Tool) - automatically detects and deletes 92% of malware So Nortons claims 99% and the best that 'The World's leading security company' can do is 92% ? Pathetic success rate which leaves me 8% wide open and all for $100 a month? Get real. --------------------------------Vulnerability fixes, in any existing or new plugins, themes, and source coding itself, we find them, and patch them. What? you will repair WordPress, Joomla, Magento and all extensions and plugins? Yeah right. -Most importantly, complete 24x7 access to our ES(Expert Services) Team, that will manually go through your site and remove ANYTHING malicious or suspicious. Or any type of hack, defacement, redirect, pharma hack, phishing, crawling, etc.. [size=12.8px]E[size=12.8px]xperts who do not know what a firewall is, can't protect me from 8% of malware, think that my website has no files - just code, think that malware exists in an empty folder? etc. Our Firewalls Prevent malware / hacks/ attacks, etc. Hostgator already run firewalls unless they just left the door open and walked away. Enterprise Firewall: (Also a per month rate) CDN (content delivery network) boosting your site's speed for your users across the Globe. Nothing to do with firewalls - Cloudflare does this -SEO (search engine optimization) - Google recognizes you have taken these precautionary measures and Boosts your sites rankings in all search engines. (Google, Bing, Yahoo, Etc..) Nothing to do with firewalls - Where is the proof of results or guarantee of ranking? How on earth are SiteLock going to seo my site? (Submitting a site to Google does not count as seo) and Google does NOT recognize SiteLock or any other security measures as a ranking factor. -Traffic stats. Bot vs. Human visitor traffic stats. Done by Awstats already for free -Minification. our engineers go through your entire source code, and remove any unnecessary spacing and/or characters, making your site's load times quicker and your code less vulnerable to penetrating attacks. Minification does NOT make code less vulnerable - it optimises code by removing redundant or duplicate code. And these are the engineers who will 'fix any malware' in my code? -Blocks backdoor connections. - This is huge right now. I see more backdoor hacks than anything else out there in the cyber crime world. This is undetectable from our scanners So the World's number one can't find the biggest threat? because they are doing anything malicious. They are able to make Administrative decisions, change anything on your site. ---------------------------------------Two of your sites have serious issues. All of your sites generally speaking have insufficient security as your host does not provide security for any domains they hos. All of the sites run Wordfence, Sucuri and Bulletproof security which has prevented every attack (including a ddos of 6000 hits per day) and you tell me you can do better? The only 'Malware' found is non existent. [size=12.8px]SiteLock is the security partner with HostGator because we are able to find, fix and prevent malware issues. Only 92% and you only found non-existent 'malware' on an empty folder and a clean site out of 40+ sites?------------------------------------All that we have access to is the level that we see for your Lite Scanner. So, you claim to have found malware but can't tell me where it is because your scan does not go into the files? How do you know a file is infected if you do not look into it? makes no sense at all.