Friday, December 23, 2016

SiteLock Pricing - HostGator Asks for 80,000% Increase in Price with Security Partner

I have not had this website long, but recently I got this crazy story that I just have to share with everyone.

He put it in a comment, including his name, so I guess it's ok to share.. : /

Morpheus,

Thank you for sharing your story. I have just entered the begining of this craziness as well. I am getting scammed by EIG and UnitedWeb and it is time to unite and do something about this.

Here is some of my story.

I have been with hostgator for over 10 years. Never had a problem until about a month or two ago. I started getting dozens of emails from Sitelock as a new "partner" of hostgators, and then after 10 years I suddenly started having phishing content on a few of my websites.

I have an unlimited domain and subdomain account, with over 300 websites that I oversee. Instead of just taking down the website in question, they suspended all 300 of my websites, and made it extreamily difficult to get my sites back up even when all the phishing content was removed. But then just a few weeks later with no notification, they are telling me that my sites are permanently suspended until I get a 3rd party verification from sitelock, or "equevelent" which they say will cost me $5,000-$10,000 minimum. 

My contract with them is only for $144 per year, and they are forcing me into buying something that is 80,000% more expensive. THis is a total scam. 

I never had any problems with any of myebsites until I started getting all these emails from sitelock about website security, and then BAM! suddenly I have phishing content on my website that I didn't put there. Hostgator gave 3rd party access to my websites without my permission, and in my understanding the only people who should be able to have access to my servers are hostgator and myself. Yet somehow there are these new files. I only had one or two websites that had this new phishing content, but I change all the ftp passwords and other umbrella passwords, yet still they were able to come upload new files. Then hostgator says that it is my fault that they couldn't keep their server secure when they are the ones leting 3rd parties involved, and then their 3rd party "partners" are trying to charge me $10,000's for a product that is only worth about $100. This is CRAZY and it is a total scam!

We need to unite and set up a class action lawsuite or something. Also I don't know what to do. I can't get my websites back up and re-activated, and I don't know where else to go, but it looks like I won't be doing service with hostgator anymore unless the change their act VERY Quickly. 

Please contact me - Jay


Jay, sorry it has taken me a while to respond, but don't worry I'm sending you an email. Have you seen all the people on the pisseconsumer site here: https://sitelock.pissedconsumer.com/

I don't understand how they can continue to run. Makes me so mad to read these.

Do you have a story to share?

Wednesday, December 21, 2016

GoDaddy Partners with Incapsula through SiteLock

Came across an article titled:

GoDaddy Expands Security Product Lineup With SiteLock TrueShield & TrueSpeed


I was curious what this meant, so did some research... 

So this TrueShield feature seems to be a way to stop hacks via something known as a WAF. Which sounds interesting enough, don't know enough of how it works. Seems to be similar to what CloudFlare offers. The TrueSpeed feature seems to be a caching system, which would in turn speed your website up. Sounds interesting. 

What I found interesting was that it doesn't seem that SiteLock owns this technology. 

The team at WhiteFirDesign did some research too and found:
What they neglected to mention is that these services are not actually provided by SiteLock, but as we recently discovered, by another company, Incapsula. 
I was curious about Incapsula, so looked them up. They seem to offer a partnership program that could potentially offer a white label option, which is what SiteLock would need to pull this off. What's interesting is that they don't call out white label options on their page. They did introduce a partnership program in 2012 though.

Someone from their team also responded to a quora post in 2015:

We are looking for a simple white-label DDoS protection provider. does anyone know of one? with:


Hi,
I work for Imperva Incapsula, the market leader in Cloud DDoS Mitigation.
We have great partnerships with many vendors, Hosting Providers, MSSPs, VARs and other digital agencies. Feel free to contact us here:
This tells me that they are offering it, but not disclosing it. I find that odd..

Perhaps the most interesting bit came from another WhiteFir article where he compared the error pages and noticed that the only difference was the branding. But more damaging was that a number of their sites seemed to be running through Incapsula's network:

Doing a traceroute for www.sitelock.com showed their IP address to be 199.83.134.143, for the which the canonical name is 199.83.134.143.ip.incapdns.net. Incapdns.net as in Incapsula, which you wouldn’t expect since you expect that SiteLock would be using their own TrueSpeed content delivery network (CDN) to serve their website. Next up we did a traceroute on their WordPress focused sub-domain wpdistrict.sitelock.com, which showed a canonical name of iasx4.sitelockcdn.net and an IP address of 192.230.66.155, which in turn has a canonical name of 192.230.66.155.ip.incapdns.net. We then looked at several of their customers websites listed in case studies on wpdistrict.sitelock.com and found they were running through Incapsula as well.
This is all very weird to me.  Why would GoDaddy not mention that they really partnered with Incapsula?

The technology seems to interesting enough, but why partner with a middle man? Seems that partnering with a middle man would only complicate things. I think back to my time with HostGator, it was hard enough working with HostGator and SiteLock. Now, someone like me would have to work with GoDaddy, SiteLock and Incapsula?

Does that sound right?