Hostgator – SiteLock Malware Scam


Are you a HostGator customer who is receiving emails and phone calls from SiteLock about malware or other ‘website issues’? You are not alone. Before you give in to their scare tactics, be sure to consider all your options.

 

Background

My ordeal started with a simple “SiteLock Alert” email. At first, I was obviously concerned, but then quickly realized that the email was clearly a promotional email (as per the footer of the email).

HostGator SiteLock Malware Blacklist Scam

Still, just to be sure, I ran a few test using various different tools like the Sucuri plugin and site check, along with Quettera and even checked my Google Web Master dashboard for any alerts. Nothing.

So I dismissed it and went on with my life… until the phone calls and direct emails started. One even states right in the subject line, “Malware Voicemail: ALERT: ALL DOMAINS WILL SUSPENDED/BLACKLISTED SOON!”

HostGator SiteLock Malware Scam Email

Holy crap! So I started doing more digging as I obviously didn’t want all my other sites suspended or blacklisted either.

 

The Reality

Now before I get into the many reasons not to give into SiteLock, I should say that there is always the chance that your site could be compromised. It’s just the nature of the internet. But if there was a something majorly wrong with your site, you probably would have known by now.

So after doing a bunch of research, it turns out there was nothing wrong with my site as per the below:
1. I use Google Chrome for much of my surfing and there have never been any security warnings for my site (or any other that I frequent regularly)
2. The Google Web Master dashboard has not shown any warnings
3. Sucuri, Quettera and other sites have yet to show any flags

After digging even further, it turns out SiteLock will use the smallest of reasons to scare you into thinking that your site is compromised. For example, they will find a link on your site that links to an external website that’s been blacklisted and try to convince you to let them fix it (for a ridiculous fee). In this example, if this link is a legitimate issue, simply login to your site and remove the link. A 5-minute fix! Details on this example can be found on Jennifer Ellis’ blog.

 

The Payback

I was so upset with this shady business practice that I took the time and effort to move 10+ sites to a new host. It took me a full day, but it’s a great feeling knowing that I got the last laugh!