Friday, December 23, 2016

SiteLock Pricing - HostGator Asks for 80,000% Increase in Price with Security Partner

I have not had this website long, but recently I got this crazy story that I just have to share with everyone.

He put it in a comment, including his name, so I guess it's ok to share.. : /

Morpheus,

Thank you for sharing your story. I have just entered the begining of this craziness as well. I am getting scammed by EIG and UnitedWeb and it is time to unite and do something about this.

Here is some of my story.

I have been with hostgator for over 10 years. Never had a problem until about a month or two ago. I started getting dozens of emails from Sitelock as a new "partner" of hostgators, and then after 10 years I suddenly started having phishing content on a few of my websites.

I have an unlimited domain and subdomain account, with over 300 websites that I oversee. Instead of just taking down the website in question, they suspended all 300 of my websites, and made it extreamily difficult to get my sites back up even when all the phishing content was removed. But then just a few weeks later with no notification, they are telling me that my sites are permanently suspended until I get a 3rd party verification from sitelock, or "equevelent" which they say will cost me $5,000-$10,000 minimum. 

My contract with them is only for $144 per year, and they are forcing me into buying something that is 80,000% more expensive. THis is a total scam. 

I never had any problems with any of myebsites until I started getting all these emails from sitelock about website security, and then BAM! suddenly I have phishing content on my website that I didn't put there. Hostgator gave 3rd party access to my websites without my permission, and in my understanding the only people who should be able to have access to my servers are hostgator and myself. Yet somehow there are these new files. I only had one or two websites that had this new phishing content, but I change all the ftp passwords and other umbrella passwords, yet still they were able to come upload new files. Then hostgator says that it is my fault that they couldn't keep their server secure when they are the ones leting 3rd parties involved, and then their 3rd party "partners" are trying to charge me $10,000's for a product that is only worth about $100. This is CRAZY and it is a total scam!

We need to unite and set up a class action lawsuite or something. Also I don't know what to do. I can't get my websites back up and re-activated, and I don't know where else to go, but it looks like I won't be doing service with hostgator anymore unless the change their act VERY Quickly. 

Please contact me - Jay


Jay, sorry it has taken me a while to respond, but don't worry I'm sending you an email. Have you seen all the people on the pisseconsumer site here: https://sitelock.pissedconsumer.com/

I don't understand how they can continue to run. Makes me so mad to read these.

Do you have a story to share?

Wednesday, December 21, 2016

GoDaddy Partners with Incapsula through SiteLock

Came across an article titled:

GoDaddy Expands Security Product Lineup With SiteLock TrueShield & TrueSpeed


I was curious what this meant, so did some research... 

So this TrueShield feature seems to be a way to stop hacks via something known as a WAF. Which sounds interesting enough, don't know enough of how it works. Seems to be similar to what CloudFlare offers. The TrueSpeed feature seems to be a caching system, which would in turn speed your website up. Sounds interesting. 

What I found interesting was that it doesn't seem that SiteLock owns this technology. 

The team at WhiteFirDesign did some research too and found:
What they neglected to mention is that these services are not actually provided by SiteLock, but as we recently discovered, by another company, Incapsula. 
I was curious about Incapsula, so looked them up. They seem to offer a partnership program that could potentially offer a white label option, which is what SiteLock would need to pull this off. What's interesting is that they don't call out white label options on their page. They did introduce a partnership program in 2012 though.

Someone from their team also responded to a quora post in 2015:

We are looking for a simple white-label DDoS protection provider. does anyone know of one? with:


Hi,
I work for Imperva Incapsula, the market leader in Cloud DDoS Mitigation.
We have great partnerships with many vendors, Hosting Providers, MSSPs, VARs and other digital agencies. Feel free to contact us here:
This tells me that they are offering it, but not disclosing it. I find that odd..

Perhaps the most interesting bit came from another WhiteFir article where he compared the error pages and noticed that the only difference was the branding. But more damaging was that a number of their sites seemed to be running through Incapsula's network:

Doing a traceroute for www.sitelock.com showed their IP address to be 199.83.134.143, for the which the canonical name is 199.83.134.143.ip.incapdns.net. Incapdns.net as in Incapsula, which you wouldn’t expect since you expect that SiteLock would be using their own TrueSpeed content delivery network (CDN) to serve their website. Next up we did a traceroute on their WordPress focused sub-domain wpdistrict.sitelock.com, which showed a canonical name of iasx4.sitelockcdn.net and an IP address of 192.230.66.155, which in turn has a canonical name of 192.230.66.155.ip.incapdns.net. We then looked at several of their customers websites listed in case studies on wpdistrict.sitelock.com and found they were running through Incapsula as well.
This is all very weird to me.  Why would GoDaddy not mention that they really partnered with Incapsula?

The technology seems to interesting enough, but why partner with a middle man? Seems that partnering with a middle man would only complicate things. I think back to my time with HostGator, it was hard enough working with HostGator and SiteLock. Now, someone like me would have to work with GoDaddy, SiteLock and Incapsula?

Does that sound right?

Friday, October 7, 2016

SiteLock Independent Study is Rubbish!!

This is pretty great... SiteLock engaged a company to perform an independent test of their environment.

Press Release: http://www.prnewswire.com/news-releases/independent-testing-shows-sitelock-web-based-malware-protection-outperforms-traditional-endpoint-solutions-300339429.html

Sounds great!

WhiteFirDesign put out a post on the subject: http://www.whitefirdesign.com/blog/2016/10/05/would-you-be-surprised-to-hear-that-sitelocks-idea-of-independent-testing-doesnt-involve-actual-independence/

Here is a summary:


  • SiteLock paid Tolly to perform an "independent" analysis of their effectiveness
  • The Tolly report compared SiteLock to the McAfee Complete Endpoint Protection solution - McAfee Complete Endpoint Protection focuses on desktops / notebooks.....SiteLock focuses on websites
    • Shows why you have to invest in website security solutions, because your existing solution is no good
  • Tolly used 3,000 web-based malware samples
    • The samples were provided by SiteLock to Tolly
  • McAfee performed horribly - detecting only 6%, magically SiteLock detected 100% of the malware strains they provided to the reviewer
    • Can you imagine if they wouldn't have detected 100% of the samples they provided? That would have been bad.
Thinking McAfee got the short end of the stick on this test.. 

Monday, October 3, 2016

Bava Tuesday Shares Experience with Bluehost and SiteLock

Check out this article by Bava Tuesdays... http://bavatuesdays.com/sitelock-scam/comment-page-1/

They share their experience working with Bluehost and SiteLock...

It all started with this email from Bluehost, like so many of us:

In order to remove the restrictions we’ve placed, you must resolve the security issue and remove what malicious content was listed. If you do not believe you can do so on your own, you may use a reputable third-party security service, such as SiteLock, who can be reached directly at 877-563-2849. Please note that repeated reports of malicious content on your account within 60 days of an initial notice will lead to further action being taken, including permanent suspension after failing to professionally clean the account.
 And they really capture the post here... 
This is a really good example of the worst of these web hosting scams. Preying off customers who may not be able to understand it or do it themselves is an abuse of power, and the idea should be you turned to this web host to protect you from these things, not to hijack your online world. Quite frankly we see this type of predatory selling, I think Mike Caulfield called it “hate-selling,” and a lot of domain scammers do this, but it is even worse to have your own hosting company taking it hostage. This also speaks to the broader problem with only basic literacy around the managing of your online life.

Wednesday, August 24, 2016

Beware of Hostgator/Sitelock

Funny how many times this happens..

I moved all my sites from Godaddy to Hostgator.I bought a shared hosting and paid for 36 months.
Within 2 weeks I started getting sites hacked. Hostgator recommended that I contact Sitelock to protect my sites. The wanted 3X more than my hosting to protect all my sites 50+. I had EVERY one of my sites hacked in the past couple days.
Nothing on any of them but a black splash screen with a Wolf and Arabic Writing on it. I called Hostgator and asked if they had any solution to this that didn't include Sitelock. The didn't. I asked the tech if Sitelock and Hostgator were owned by the same company.
The answer was, "I think so".
I have cancelled my hosting with Hostgator and we will see if they really credit my card as they said they would.BEWARE OF HOSTGATOR AND SITELOCK.

Imaging paying 3x more than your hosting package... This poor chap needs to read my past post.  Amazing that no one else is talking about this.. damn shame.. more people just getting screwed over...

Wednesday, August 10, 2016

SiteLock Switch and Bait - Screwing Website Owners One Contract at a Time

Check out this poor blokes experience with our beloved Sitelock... they got switched and baited by the sales team.. "Oh.. oops, was supposed to be a 6 month contract, not a 12 month.." my bad... cute, very cute...

I got ripped off but revered charges.
They tried to pull a bait and switch by changing the agreed upon 6 month contract to 12 months. When I found out they pulled a fast one, I contacted them:
On Tue, Aug 2, 2016 at 12:04 PM, Tony wrote:
I thought this was supposed to be for 6 months?
------
From: Antoinette Cromartie [mailto:acromartie@sitelock.com]
Sent: Tuesday, August 2, 2016 3:06 PM
To: Tony
Subject: Re: Securing Your Site (HostGator/SiteLock)
I just checked the agreement.
My apologies,
I did send you the 12 month. I will send you the 6 month agreement now.
Antoinette
-----------------
On Tue, Aug 2, 2016 at 12:11 PM, Tony wrote:
Hi Antoinette,
I don’t want to sign up to both a 12 month contract and a 6 month contract.
Is the 12 month one canceled?
Thank you,
Tony S.
--------------------------------------------
Tony,
Once the 6 month agreement is signed it will void out the 12 month agreement.
For us both to have the 6 month agreement in our records, the new agreement does need to be signed.
Phone or email me directly.
Thank You
Antoinette
-------------------
Tony,
We can't manually cancel the agreement. It is only voided once the new one is signed.
Thank You
Antoinette
--------------
From: Tony
Sent: Tuesday, August 2, 2016 3:54 PM
To: 'Antoinette Cromartie'; 'HostGator'; 'support@sitelock.com'
Subject: RE:: Securing Your Site (HostGator/SiteLock)
Importance: High
Antoinette,
No. Cancel all the invalid 12 month contract(s) right now.
You intentionally baited and switched and sent me the wrong document and when I found out what you did, you admit in your email you sent the wrong document.
The 12 month contract is invalid. Are you operating in a phone boiler room?
Cancel the charges now or I will contact my CC company to reverse the charges and I will report you to Host Gator, the BBB and I will copy/paste these emails and leave bad reviews on you.
------------
Hello Tony.
I just tried to phone you.
Again, my apologies for the 12 month agreement. It was an honest mistake.
We can honor the 6 mth agreement, once it is signed. Once that is signed it will void out the 12 month agreement.
xxxxxxxxxxxx
This is a condensed version of the full email thread. It goes on and on. However, I'm not doing business with sitelock under any circumstance. They pulled a bait and switch, then refused to refund my money even though they sent me the wrong contract and admitted to it in writing.
I contacted my CC company and reversed the charges.
These guys are scammers. Dont do business with them.

Thursday, August 4, 2016

Jobs at SiteLock - Good to work there?

You can find a lot of PR articles telling you how awesome a place it is to work at SiteLock, how amazing a tech company they are.. but is it true?

Found this gem talking to the hiring process at SiteLock:

This company is absolutely disgusting.I came to a job interview and it felt like the managers felt threaten by my skills.
This job is based on commission so if you don't sell you will be FIRED! from what I heard the main man Blake walks around harassing people and people have to hear his vacation stories (show off ) I am so glad I got to see how this company runs by. The office location is in a good area but I rather work some where else than to be in a shady company and lie to customers to hit commission. I heard the goal to be meant is around 8000!!
That's ridiculous !!Do not work here from what i experience this place is a scamming joke!!!

Source 

Makes you wonder, someone that doesn't even work there yet.. but has been able to see and experience so much already...

Tuesday, July 26, 2016

HostGator and SiteLock Screw Over Another Customer

Here is a really good write up by a HostGator customer that was getting scammed by HostGator and Sitelock.

In case it's too long and you didn't read... customer was notified by HostGator of a security issue. In the process they not only notified the customer, but sent his information to SiteLock without his authority. This creates a lead generator for SiteLock..

All to find out that it was all a mistake and the customer was never infected.. YIKES!!!

Write Up: http://www.hermesthemes.com/scam-alert-hostgator-sitelock-malware-extortion/

Snippet from HostGator:

Our Abuse department has received a report regarding malware being hosted on an account under your control. We have disabled site access for your account to prevent further complaints, and have provided a list of the reported content. Note that the below content is not a comprehensive list of malicious content on this account. We strongly recommend that you address the entire account to avoid further issues.

In order to remove the restrictions we’ve placed, you must resolve the security issue and remove what malicious content was listed. If you do not believe you can do so on your own, you may use a reputable third-party security service, such as SiteLock, who can be reached directly at 877-563-2849. Please note that repeated reports of malicious content on your account within 60 days of an initial notice will lead to further action being taken, including permanent suspension after failing to professionally clean the account.

Once you have taken steps to secure your account of the reported content, please reply back to this ticket to request review.

Check out the pricing he was offered:

Be weary of this notice:
When looking at the suggested Emergency 911 Clean-up Service by SiteLock there was a $200 price tag for this service. You pay this fee if you didn’t have SiteLock enabled before the infection. Once infected – pay up the $200. Now that my account is back online I am unable to access that offer from SiteLock, so I can’t provide a screen-shot, sorry.

Wednesday, July 6, 2016

Real SiteLock Experience - Jennifer Ellis

Check out this gem by Jennifer Ellis..

Full story can be found on her site: http://www.jlellis.net/blog/my-experience-with-sitelock/

I got it as a $14.99 add on per year with my web host.  I have had it for about 8 months now and got my first malware alert today. The notice stated that I had a critical problem.  Very serious! So I looked at the SiteLock dashboard and sure enough, it said the same thing.  I put in a ticket with SiteLock and got a call relatively quickly in response.

This sounds about right, some random notice that makes you submit a ticket.. then..

The result was a sales call in which the woman did everything possible to upsell me on all sorts of services. A $500 fire wall, another x amount for this service, or x amount for that service.  And to clean my site? $199.  

Yup, I know this experience all too well... she shares some more info on how the refund process went.. which is fun!
 

Friday, July 1, 2016

Why Nathan Feels SiteLock is a Shady Company

Check out this great review by Nathan Hammond in which he spends 20 minutes breaking down his entire experience...

Guy is spot on, was on a bluehost shared account... and breaks down the various things he was being told during the entire experience.. check it out!

Thursday, June 23, 2016

SiteLock Shady Tactics to Win Sales!

Came across this gem today... yet another host partnering with SiteLock where they "magically" find a new issue and whilst not providing any information.. proceed to trying to get the sale...

Original post: http://sitelock.pissedconsumer.com/lock-down-your-site-over-non-malware-20160524853432.html

So netfirms partnered up with sitelock...the next thing I know all my sites are suspended do to (known malicious file; matched malware: SiteLock-PHP-INJECTOR-1-eky.UNOFFICIAL).
Basically if you run Wordpress or zengallery your up a creek. It maked 112 files. So to fix it you can of course pay them - if you don't your websites are disabled to protect you of course. Found out they could turn the website on for 24hrs and will charge $300 to do a one time website clean for me.
I recommend you find a host provided that does not use SiteLock.I wasted a entire day dealing with it and I am a developer by trade.

Monday, June 20, 2016

SiteLock & EIG & UnitedWeb

Been reading a lot on SiteLock and the shitty experiences people have been having so I started doing some digging.

Found some interesting data that I wasn't able to find anywhere else...

- SiteLock is owned and Operated by United Web: http://www.unitedweb.com/ << known information

- The CEO of United Web is: Tomas Gorny

Mr Gorny has a long history with hosting. He was the co-founder of iPower, formerly iPowerWeb, Inc). He sold iPower to EIG sometime in 2007. He seems to be an advisor to EIG. He was also a Director at EIG. From what we can see, he's still a Director on the board. << well this is interesting..

- The CEO of Endurance International Group (EIG) is: Hari Ravichandran

Mr Ravichandran also has a very long history with hosting, and an incredible story at that. From nothing to something in the past 20 years, kudos to him! But it seems through a relationship forged over time Mr Gorny and Ravichandran have found a way to screw us over when it comes to security for our websites. << Let's learn more

Here is an interesting snippet of information pulled form the EIG 2015 FY / Q1 filings:


Ninth, in our S1 and in subsequent public filings we have clearly stated the nature and extent of related party transactions. As disclosed in our SEC filings, my family owns Tregaron Holdings, and its related companies, Diya, Glowtouch Technologies, and Touchweb. In addition to providing services to other companies, these businesses provide some of our brands with subscriber support and engineering assistance. In FY2014, Endurance had $10.4 million in expenses related to purchasing services from these companies. These relationships started over a decade ago when Endurance was still a fledgling company. As shown by the disclosures in our public filings, the economic value of this relationship has been decreasing as a percentage of Endurance revenues as we have built our own support and engineering capabilities. We have also disclosed a second related party relationship between Endurance and Innovative Business Services (IBS). Endurance offers Sitelock, a security product for SMBs developed by IBS, across its brands under a revenue share arrangement. One of our board members, Tomas Gorny and I are shareholders in IBS. Revenue share payments to IBS related to Sitelock totaled $5.4 million in FY14. The revenue share between Endurance and IBS for Sitelock has been set at 55%/45% in favor of Endurance. 
 In case you missed it, SiteLock, which is owned by UnitedWeb, is also owned by Innovative Business Service (IBS) (eek.. where does UnitedWeb fit in?) which through a relationship with EIG has monopolized the website security space within hosts. Did you notice how both Hari and Tomas are both shareholders in IBS, whom which EIG has the relationship with? Is it any surprise they are employing shady tactics to trick us into buying their services?

This report is from 2015 talking to 2014, so let's see what we can find for 2015...

What do we have here.. the 2015 Annual report: http://ir.endurance.com/secfiling.cfm?filingID=1193125-16-485478&CIK=1237746













Here we see an adjustment in their financials for 2013 and 2014, but beyond that you can see that EIG paid IBS (SiteLock's Parent Company) an estimated $6,300,000 million for what they call their multi-layered third-party security applications. Described here:

The Company also has agreements with Innovative Business Services, LLC, (“IBS”), which provides multi-layered third-party security applications that are sold by the Company. IBS is indirectly majority owned by the Company’s chief executive officer and a director of the Company, each of whom are also stockholders of the Company. During the year ended December 31, 2014, the Company’s principal agreement with this entity was amended which resulted in the accounting treatment of expenses being recorded against revenue.
During 2013 the Company expanded the services provided by IBS under the agreements across all of its entities. The Company inadvertently excluded the expenses related to the expanded relationship with IBS from related party disclosures for 2013 and 2014. For the year ended December 31, 2013, the Company previously reported cost of services related to the IBS services of $3.0 million, which is revised to $3.9 million in providing prior period comparative amounts in the footnote to the consolidated financial statements for the year ended December 31, 2015.
So what this shows us is that SiteLock is essentially owned by EIG, specifically their CEO, indirectly. So the companies have a vested interest to push whatever product will make their bosses the most money!!

Here is another mind f*****... SiteLock just partnered with GoDaddy too... so this means that GoDaddy will be paying SiteLock some sum (they are now public so we should get some good intel on this in the coming months) which will go into Hari's pocket as well... you little bugger..

Stay tuned...

SiteLock Shady Tactics via HostGator

I was screwed over by SiteLock one too many times not to help promote and share these experiences.. please be aware. SiteLock is a company built on sales, not security. Their sales teams use shitty tactics to trick us into buying their product in turn screwing us over. Here is another story of such a case shared on: http://sitelock.pissedconsumer.com/beware-of-this-company-and-of-any-hosting-company-it-partners-with-20160619868340.html
I’ve been running a profitable online business for over ten years and have used Hostgator to host most of my many websites. A few weeks ago, Hostgator sent around an email announcing its partnership with a website security firm called Sitelock. Within about a week of that email, I got an email from Sitelock telling me that one of my sites had some malicious code on it that should be removed. They were very persistent and followed up with a phone call. I called them back (my first mistake) and here’s what happened…
Their rep explained to me that the malicious code would have to be removed or Google would probably block access to my page before long. So they enrolled me in a $49/month site protection program called “True Shield” that was supposed to keep my sites permanently safe from hacking. And I have been hacked before, so I know it’s no fun and can cost a lot in lost business. They promised this site would be cleaned up within hours. Besides, they were endorsed by the web hosting company I trusted (note the use of the past tense), so I was happy.
The very next morning, as I went to another of my sites to get a photo I needed, I found myself staring at a dark screen that said “Website Security” in big letters and was asking me to click a big red button. Then I checked out a number of my other commercial websites and to my horror they were all blocked in a similar way. “Strange,” I thought. “Maybe Sitelock is doing some clean up work.” So I called them…
The next rep I talked to told me that all these sites had been hacked and said I would have to enroll in an even higher level of service to get this taken care of, at $99 per month. AND... I would have to pay that much per month PER SITE! She was really pushy so I told her I’d get back to her. The next step was to find out more about Sitelock and I found a very large number of online reviews roundly condemning it as a total scam. What really struck me, however, was something else:
• Several reviewers describing exactly what I had just experienced
• The same sequence of events – a minor problem, sell into a low-level package, suddenly a much worse problem, attempt to Upsell
• That Sitelock has partnered with a number of hosting providers and it’s the same story across the board
• That some reviewers claim they can prove that the hacks against their sites actually came from Sitelock itself!
The evidence would suggest that Sitelock may well be exploiting the databases of their business partners (Clearly, Hostgator had shared my data and presumably access to my sites with Sitelock without my explicit permission and, where I live, that’s a criminal offence in itself).
Needless to say, I’m giving Sitelock the boot – its absurd prices, its strong-arm tactics and the more than suspicious sequence of events reported by many of its numerous victims are all reasons to avoid it like the plague.
And, naturally, I’ll be pulling all my sites off Hostgator immediately unless they a) fix the problem – which they so far seem unwilling to do – and b) terminate their association with Sitelock. All of this will be costly and time-consuming, but worth it in the end.
Bottom line: for your own sake, avoid Sitelock altogether and avoid Hostgator until they terminate their association with Sitelock and compensate its victims.

Thursday, June 16, 2016

Sitelock - Rude, Demeaning Bullies Looking For A Sale

These are the kind of tactics they used on me and need to be shared... originally shared here: http://sitelock.pissedconsumer.com/rude-demeaning-bullies-looking-for-a-sale-20160616866956.html

I contacted Sitelock as they were associated with the company that hosts our business site. We needed assistance with Malware and already had their basic package.
When I spoke on the phone with a gentleman (calling him that is a joke) from Sitelock, he not only insulted my intelligence, but spoke to down to me and actually LAUGHED (Yes, not kidding!!) when I told him I was already aware of my possible solutions and I was simply looking for pricing.
Just knowing my host site was associated with them was almost enough for me to change hosts entirely. I have never been so disrespected, bullied, talked over and demeaned in the professional world as I have by the man that "assisted" me from Sitelock. I would have asked for a manager, but by the looks of it, they are an unreliable, basement-ran operation with no accountability whatsoever.
I will NEVER use them. I would rather forgo the internet altogether than ever be forced to work with such a deplorable company.
I went with another company that was recommended to me by an IT guy I am friends with, and thus far, they cost less than a 4th of the price and will solve my issue in 6 hours and continue to protect us for the year.
So, suck it, Sitelock.